Hallo zusammen, langsam verzweifele ich. Ich habe einen neuen vServer, darauf Prosody (Vers. 11.02) installiert und ich habe folgende Fehlermeldung in der prosody.log:
Feb 10 13:00:35 portmanager error Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281 Feb 10 13:00:35 portmanager error Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281 Feb 10 13:00:35 portmanager info Activated service 'https' on no ports
Bislang hatte ich einen zugegebener Maßen schlampig installierten vServer mit Apache, PHP und MySQL ausschließlich für Jabber, auf dem Prosody ohne Fehlermeldungen lief. Jetzt habe ich ich einen neuen vServer und mir etwas Mühe gegeben da ich auf dem Server auch Nextcloud laufen lassen will. Zunächst ein paar Systeminformationen:
vServer mit Ubuntu 18.04 und Apache mit zwei eingerichteten Virtualhosts, PHP (7.2), MySQL, Failtoban, UFW (Ports 80,443,5081,5080 und weitere sind entsprechend freigegeben).
Ich habe natürlich schon kräftig gegoogelt und auch diverse Konstellationen ausprobiert, aber nichts hilft!!! - Die obige Fehlermeldung bleibt!
Zertifikate wurden via certbot von let's Encrypt bezogen.
Grundsätzlich läuft Prosody auch, aber ich habe halt die Errors im Log und ich kann das Modul WebAdmin nur über http://meineDomain.de:5280/admin aufrufen und anmelden kann ich mich darin nicht (irgendwie sieht es auch so aus als würden dabei nicht alle css-Klassen gezogen). Über https://meineDomain.de:5281/admin bekomme ich nur "Fehler: Verbindung fehlgeschlagen".
Nachfolgend nun meine prosody.config.lua:
-- Prosody XMPP Server Configuration -- -- Information on configuring Prosody can be found on our -- website at https://prosody.im/doc/configure -- -- Tip: You can check that the syntax of this file is correct -- when you have finished by running this command: -- prosodyctl check config -- If there are any errors, it will let you know what and where -- they are, otherwise it will keep quiet. -- -- Good luck, and happy Jabbering! ---------- Server-wide settings ---------- -- Settings in this section apply to the whole server and are the default settings -- for any virtual hosts -- This is a (by default, empty) list of accounts that are admins -- for the server. Note that you must create the accounts separately -- (see https://prosody.im/doc/creating_accounts for info) -- Example: admins = { "user1@example.com", "user2@example.net" } admins = { "admin@meine-domain.de" } -- Enable use of libevent for better performance under high load -- For more information see: https://prosody.im/doc/libevent --use_libevent = true -- Prosody will always look in its source directory for modules, but -- this option allows you to specify additional locations where Prosody -- will look for modules first. For community modules, see https://modules.prosody.im/ plugin_paths = {"/usr/lib/prosody/modules/", "/opt/prosody-module"} -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules modules_enabled = { -- Generally required "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery -- Not essential, but recommended "carbons"; -- Keep multiple clients in sync --"pep"; -- Enables users to publish their mood, activity, playing music and more "pep_simple"; --Ersetzt pep nach Problemen mit omemo_all_access "private"; -- Private XML storage (for room bookmarks, etc.) "blocklist"; -- Allow users to block communications with other users "vjud"; -- Basic implementation of XEP-0055: Jabber Search "vcard"; -- Allow users to set vCards -- Nice to have "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "register"; -- Allow users to register on this server using a client and change passwords "mam"; -- Store messages in an archive and allow users to access it "adhoc"; -- Support for "ad-hoc commands" that can be executed with an XMPP client -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands "admin_web"; -- This module provides a basic web administration interface (https://example.com:5281/admin). --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 -- HTTP modules "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"websocket"; -- XMPP over WebSockets "http_files"; -- Serve static files from a directory over HTTP "http_upload"; -- Other specific functionality --"limits"; -- Enable bandwidth limiting for XMPP connections "groups"; -- Shared roster support --"server_contact_info"; -- Publish contact information for this service "announce"; -- Send announcement to all online users "welcome"; -- Welcome users who register accounts "watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in "legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use "smacks"; -- Server-Push Chatsecure IOS "cloud_notify"; --This is an implementation of the server bits of XEP-0357: Push Notifications. "csi"; -- This module implements Client State Indication (XEP-0352). "omemo_all_access"; -- Disable access control for all OMEMO related PEP nodes. } -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections -- "s2s"; -- Handle server-to-server connections -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. } -- Disable account creation by default, for security -- For more information see https://prosody.im/doc/creating_accounts allow_registration = false registration_watchers = {"lars@meine-domain.de"}; registration_notification = "User $username just registered on $host from $ip"; welcome_message = "Welcome to the XMPP/Jabber-Server by Lars Dorbandt. Your account -$user- has been successfully created. You can use and add your contacts him now." -- These are the SSL/TLS-related settings. --ssl = { -- certificate = "/etc/prosody/certs/fullchain.pem"; -- key = "/etc/prosody/certs/privkey.pem"; --} -- Force clients to use encrypted connections? This option will -- prevent clients from authenticating unless they are using encryption. c2s_require_encryption = true -- Force servers to use encrypted connections? This option will -- prevent servers from authenticating unless they are using encryption. -- Note that this is different from authentication s2s_require_encryption = true -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. -- NOTE: Your version of LuaSec must support certificate verification! -- For more information see https://prosody.im/doc/s2s#security s2s_secure_auth = true --geändert am 13.01.2019 -- Some servers have invalid or self-signed certificates. You can list -- remote domains here that will not be required to authenticate using -- certificates. They will be authenticated using DNS instead, even -- when s2s_secure_auth is enabled. s2s_insecure_domains = { "gmail.com" } -- Even if you leave s2s_secure_auth disabled, you can still require valid -- certificates for some domains by specifying a list here. s2s_secure_domains = { "trashserver.net", "jabber.org", "xmpp.org", "einfachjabber.de", "jabber.at", "jabber.de" }; -- Required for init scripts and prosodyctl pidfile = "/var/run/prosody/prosody.pid" -- BOSH bosh_max_inactivity = 60 consider_bosh_secure = true -- Use if proxying HTTPS->HTTP on the server side cross_domain_bosh = true -- Allow access from scripts on any site with no proxy (requires a modern browser) -- Select the authentication backend to use. The 'internal' providers -- use Prosody's configured data storage to store the authentication data. -- To allow Prosody to offer secure authentication mechanisms to clients, the -- default provider stores passwords in plaintext. If you do not trust your -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed -- for information about using the hashed backend. authentication = "internal_hashed" -- Select the storage backend to use. By default Prosody uses flat files -- in its configured data directory, but it also supports more backends -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See https://prosody.im/doc/storage for more info. storage = "sql" -- Default is "internal" -- For the "sql" backend, you can uncomment *one* of the below to configure: --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. sql = { driver = "MySQL", database = "prosody", username = "ichbins", password = "xxxxxxxx", host = "localhost" } --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } -- Archiving configuration -- If mod_mam is enabled, Prosody will store a copy of every message. This -- is used to synchronize conversations between multiple clients, even if -- they are offline. This setting controls how long Prosody will keep -- messages in the archive before removing them. archive_expires_after = "2w" -- Remove archived messages after 2 week -- You can also configure messages to be stored in-memory only. For more -- archiving options, see https://prosody.im/doc/modules/mod_mam -- Logging configuration -- For advanced logging see https://prosody.im/doc/logging log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; -- "*syslog"; -- Uncomment this for logging to syslog -- "*console"; -- Log to the console, useful for debugging with daemonize=false } --Smacks Einstellungen für den Server-Push bei Chatsecure IOS smacks_enabled_s2s = true smacks_hibernation_time = 172800 smacks_max_unacked_stanzas = 10 smacks_max_ack_delay = 60 smacks_max_hibernated_sessions = 10 smacks_max_old_sessions = 10 -- Einstellungen für http_upload http_upload_expire_after = 60 * 60 * 24 * 30 --30 Tage http_upload_file_size_limit = 1024 *1024 * 10 -- 10MB -- Proxy65-Einstellungen Component "proxy.meine-domain.de" "proxy65" proxy65_address = "00.00.00.00.00" -- Uncomment to enable statistics -- For more info see https://prosody.im/doc/statistics -- statistics = "internal" -- Certificates -- Every virtual host and component needs a certificate so that clients and -- servers can securely verify its identity. Prosody will automatically load -- certificates/keys from the directory specified here. -- For more information, including how to use 'prosodyctl' to auto-import certificates -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates -- Location of directory to find certificates in (relative to main config file): certificates = "/etc/prosody/certs" -- HTTPS currently only supports a single certificate, specify it here: -- https_certificate = "/etc/prosody/certs/localhost.crt" https_certificate = "/etc/prosody/certs/meine-domain.de.crt" https_key = "/etc/prosody/certs/meine-domain.de.key" https_ssl = { [5281] = { key = "/etc/prosody/certs/meine-domain.de.key"; certificate = "/etc/prosody/certs/meine-domain.de.crt"; }; } ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. VirtualHost "meine-domain.de" --ssl = { -- key = "/var/lib/prosody/xx.xx.xx.xx.key"; -- certificate = "/var/lib/prosody/xx.xx.xx.xx.crt"; -- } --VirtualHost "example.com" -- certificate = "/path/to/example.crt" ------ Components ------ -- You can specify components to add hosts that provide special services, -- like multi-user conferences, and transports. -- For more information on components, see https://prosody.im/doc/components ---Set up a MUC (multi-user chat) room server on conference.example.com: --Component "conference.example.com" "muc" Component "conference.meine-domain.de" "muc" modules_enabled = { "muc_mam"; } name = "Jabber-Now chatroom-Server" max_history_messages = 30 Component "pubsub.meine-domain.de" "pubsub" autocreate_on_subscribe = true autocreate_on_publish = true ---Set up an external component (default component port is 5347) -- -- External components allow adding various services, such as gateways/ -- transports to other networks like ICQ, MSN and Yahoo. For more info -- see: https://prosody.im/doc/components#adding_an_external_component -- --Component "gateway.example.com" -- component_secret = "password"
Ich hoffe, ihr könnt mir helfen. - Damit meine ergrauenenden Haare nicht noch weiß werden. Ich habe wirklich schon viele Stunden mit dem Thema verbracht. Liegt es an der config, am Apache oder sonstwienoch.... Solltet ihr durch Zufall auch noch über andere Merkwürdigkeiten in der config von Prosody stolpern, sage ich auch nicht Nein.
Vielen vielen Dank vorab!!!!!!!!!!!!!!!!!!!!
Moderiert von Cruiz:
Dieses Thema ist verschoben worden. Bitte beachte die als wichtig markierten Themen („Welche Themen gehören hier her und welche nicht?“)!