From 1453474a3995d1aa7af4bc58e8a0b5dcae7fb8e8 Mon Sep 17 00:00:00 2001 From: Elena ``of Valhalla'' Grandi Date: Wed, 7 Jan 2026 09:25:45 +0100 Subject: XMPP server: add DNS records --- source/self_hosting/modern_xmpp_server/index.rst | 56 +++++++++++++++++------- 1 file changed, 40 insertions(+), 16 deletions(-) (limited to 'source/self_hosting/modern_xmpp_server/index.rst') diff --git a/source/self_hosting/modern_xmpp_server/index.rst b/source/self_hosting/modern_xmpp_server/index.rst index 4ac2bef..ed635e6 100644 --- a/source/self_hosting/modern_xmpp_server/index.rst +++ b/source/self_hosting/modern_xmpp_server/index.rst @@ -32,6 +32,46 @@ trixie and prosody 0.13. .. _Debian: https://www.debian.org .. _backports: https://backports.debian.org/ +For ease of configuration, this guide assumes that the server will be +called chat.example.org; configuring a server to work on example.org +(possibly on a different machine than other services provided at the +same address) is possibly, but requires a different DNS configuration. + +DNS and network +--------------- + +Assuming that the server is reachable at 192.0.2.32 and 2001:DB8:42::32, +you need to setup the following DNS records: + +============================ ====== ========================== +chat.example.org A 192.0.2.32 +chat.example.org AAAA 2001:DB8:42::32 + +conference.chat.example.org CNAME chat.example.org. +proxy.chat.example.org CNAME chat.example.org. +turn.chat.example.org CNAME chat.example.org. +upload.chat.example.org CNAME chat.example.org. + +_xmpp-client._tcp.chat SRV 0 5 5222 chat.example.org. +_xmpp-server._tcp.chat SRV 0 5 5269 chat.example.org. +_xmpps-client._tcp.chat SRV 0 2 5223 chat.example.org. +============================ ====== ========================== + +On your firewall, you'll need to open the following TCP ports: + +* 5222 (client2server) +* 5223 (client2server, https) +* 5269 (server2server) +* 5280 (default http port for prosody) +* 5281 (default https port for prosody) +* 3478 (coturn) + +As well as the following port for UDP + +* 3478 (coturn) + +The http ports are needed to enable some services provided via http(s), +including rich media transfers. Installation and prerequisites ------------------------------ @@ -63,22 +103,6 @@ the following to explicitely set a certificate location:: key = "/etc/ssl/private/example.org-key.pem"; } -On your firewall, you'll need to open the following TCP ports: - -* 5222 (client2server) -* 5223 (client2server, https) -* 5269 (server2server) -* 5280 (default http port for prosody) -* 5281 (default https port for prosody) -* 3478 (coturn) - -As well as the following port for UDP - -* 3478 (coturn) - -The http ports are needed to enable some services provided via http(s), -including rich media transfers. - With just a handful of users, I didn't bother to configure LDAP or anything else, but just created users manually via:: -- cgit v1.2.3