Production-ready XMPP server with comprehensive features, extensive XEP compliance, and enterprise security.
Comprehensive Prosody XMPP server setup with both production and development configurations. Built from research of real-world XMPP deployments, this setup provides enterprise-level features with modern XMPP capabilities enabled by default.
# Clone repository
git clone https://github.com/allthingslinux/xmpp.atl.chat /opt/xmpp.atl.chat
cd /opt/xmpp.atl.chat
# Run setup with unified CLI
./prosody-manager setup📢 New Unified CLI Available!
We've consolidated all scripts into a singleprosody-managerCLI tool with better error handling, interactive modes, and integrated help. See the Migration Guide for details.
The setup process will:
- Check dependencies (Docker, Docker Compose, OpenSSL)
- Configure environment variables (.env file)
- Set up Cloudflare API credentials
- Generate wildcard SSL certificates
- Set up automatic certificate renewal
- Start all services
- Create administrator user
# Clone and setup development environment
git clone https://github.com/allthingslinux/xmpp.atl.chat
cd xmpp.atl.chat
# Use unified CLI
./prosody-manager setup --devDevelopment environment includes:
- Full XMPP server with all modern features
- PostgreSQL database with web admin interface
- TURN/STUN server for voice/video calls
- Development tools (log viewer, metrics, admin panel)
- Test users automatically created
- Self-signed certificates for localhost testing
# Configure environment
cp examples/env.example .env
# Edit .env with your domain and database password
# Generate SSL certificate (Cloudflare DNS-01)
cp examples/cloudflare-credentials.ini.example cloudflare-credentials.ini
# Edit with your Cloudflare API token
docker compose --profile letsencrypt run --rm xmpp-certbot
# Set up certificate renewal
(crontab -l 2>/dev/null; echo "0 3 * * * cd /opt/xmpp.atl.chat && ./prosody-manager cert renew your-domain.com") | crontab -
# Deploy server
docker compose up -d xmpp-prosody xmpp-postgres
# Check status
docker compose logs -f xmpp-prosody# Using unified CLI tool
./prosody-manager prosodyctl adduser [email protected]
./prosody-manager prosodyctl adduser [email protected]
# Or directly with Docker
docker compose exec xmpp-prosody prosodyctl adduser [email protected]- Server:
atl.chat - Ports: 5222 (STARTTLS), 5223 (Direct TLS)
- Web Admin:
https://xmpp.atl.chat:5281/admin - WebSocket:
wss://xmpp.atl.chat:5281/xmpp-websocket
- Server:
localhost - Domain:
localhost - Ports: 5222 (STARTTLS), 5223 (Direct TLS)
- Web Admin:
http://localhost:5280/admin - Test Users:
admin@localhost(admin123),alice@localhost(alice123),bob@localhost(bob123)
- TLS 1.3 with perfect forward secrecy
- SCRAM-SHA-256 authentication (XEP-0474)
- Anti-spam and abuse protection with DNS blocklists
- Certificate validation with DANE/TLSA support
- Message Archive Management (MAM) - XEP-0313
- Message Carbons - XEP-0280
- Stream Management (SMACKS) - XEP-0198
- Client State Indication (CSI) - XEP-0352
- HTTP File Upload - XEP-0363
- Push Notifications - XEP-0357
- Battery-saving CSI configuration
- Mobile presence deduplication
- Optimized offline message handling
- WebSocket and BOSH support
- Multi-User Chat (MUC) - XEP-0045
- Publish-Subscribe (PubSub) - XEP-0060
- External Service Discovery - XEP-0215
- TURN/STUN integration for voice/video calls
- Web admin interface and monitoring
| Service | Purpose | Port(s) | Status |
|---|---|---|---|
| Prosody | XMPP server with PostgreSQL | 5222, 5223, 5269, 5280, 5281 | Core |
| PostgreSQL | Database backend | 5432 (internal) | Core |
| Adminer | Database management interface | 8080 | Optional |
| Coturn | TURN/STUN server for voice/video | 3478, 5349, 49152-65535 | Optional |
# Minimal deployment (XMPP + Database only)
docker compose up -d xmpp-prosody xmpp-postgres
# With database management
docker compose up -d xmpp-prosody xmpp-postgres xmpp-adminer
# Full deployment (all services)
docker compose up -d
# Development environment
docker compose -f docker-compose.dev.yml up -d| Service | URL | Purpose |
|---|---|---|
| Development Dashboard | http://localhost:8081 | Central hub with all links |
| Admin Panel | http://localhost:5280/admin | XMPP server management |
| Database Admin | http://localhost:8080 | PostgreSQL web interface |
| Log Viewer | http://localhost:8082 | Real-time log monitoring |
| Metrics | http://localhost:5280/metrics | Prometheus metrics |
# Show environment status
./prosody-manager dev status
# Test all connectivity
./prosody-manager dev test
# Create more users
./prosody-manager dev adduser newuser password123
# View logs
./prosody-manager dev logs
# Show all URLs
./prosody-manager dev urls
# Complete cleanup (removes all data)
./prosody-manager dev cleanupThis server supports 50+ XMPP Extension Protocols (XEPs) for maximum client compatibility:
| Category | Key XEPs | Status |
|---|---|---|
| Core Protocol | XEP-0030 (Service Discovery), XEP-0115 (Entity Capabilities) | ✅ |
| Modern Messaging | XEP-0313 (MAM), XEP-0280 (Carbons), XEP-0198 (Stream Management) | ✅ |
| File Sharing | XEP-0363 (HTTP Upload), XEP-0447 (Stateless File Sharing) | ✅ |
| Security | XEP-0384 (OMEMO), XEP-0474 (SASL SCRAM Downgrade Protection) | ✅ |
| Mobile | XEP-0352 (CSI), XEP-0357 (Push), XEP-0198 (Stream Management) | ✅ |
| Real-time | XEP-0215 (External Services), XEP-0167/0176 (Jingle A/V) | ✅ |
View complete XEP compliance list
- Transport Security: TLS 1.3, perfect forward secrecy, modern cipher suites
- Anti-Spam: DNS blocklists, rate limiting, JID reputation scoring
- Authentication: Multi-factor auth support, SASL 2.0, SCRAM-SHA-256
- Monitoring: Audit logging, security alerts, compliance reports
- Network: IPv6 support, DNSSEC validation, SRV record discovery
View detailed security documentation
Adminer provides a web-based database management interface:
# Start with database management
docker compose up -d xmpp-prosody xmpp-postgres xmpp-adminer
# Access Adminer at http://localhost:8080
# Login credentials are automatically configured from your .env fileThe prosody-manager script provides comprehensive server management:
# Show all available commands
./prosody-manager help
# User management
./prosody-manager prosodyctl adduser [email protected]
./prosody-manager prosodyctl passwd [email protected]
# Health monitoring
./prosody-manager health all
# Certificate management
./prosody-manager cert check atl.chat
./prosody-manager cert install atl.chat
# Backup operations
./prosody-manager backup create
./prosody-manager backup restore backup.tar.gz
# Deployment management
./prosody-manager deploy up full- Getting Started Guide - Detailed deployment walkthrough
- Configuration Guide - Environment variables and settings
- Administrator Guide - Essential admin documentation and CLI tool
- DNS Setup - Required DNS records and security
- Certificate Management - SSL/TLS certificates and Let's Encrypt
- Security Hardening - Production security configuration
- Architecture Overview - System design and structure
- Localhost Testing - Development environment guide
- Prosody Modern Features - Advanced XMPP features
- Module Reference - Complete module documentation
- XEP Compliance - Supported XMPP extensions
Development environment is NOT secure:
- Open registration enabled
- Debug logging active
- Self-signed certificates
- Relaxed security settings
Never expose development environment to the internet! Use only for localhost testing.
xmpp.atl.chat/
├── prosody-manager # Unified CLI management tool
├── core/ # Core configuration files
│ ├── config/ # Single comprehensive Prosody configuration
│ └── database/ # Database initialization and migrations
├── web/ # Web components and themes
│ ├── admin/ # Administrative web interfaces
│ ├── registration/ # User registration components
│ ├── webclient/ # Web-based XMPP client
│ └── assets/ # Static web assets
├── scripts/ # Essential system scripts
│ ├── setup/ # Docker entrypoint and module installation
│ ├── maintenance/ # Health check for Docker
│ └── migrate-to-cli.sh # Migration helper (temporary)
├── deployment/ # Production deployment configurations
│ ├── reverse-proxy/ # nginx/Apache proxy configurations
│ ├── systemd/ # systemd service configurations
│ └── monitoring/ # Prometheus/Grafana configurations
├── templates/ # Configuration templates and examples
│ ├── env/ # Environment variable templates
│ ├── configs/ # Configuration file examples
│ └── deployment/ # Deployment configuration templates
├── docs/ # Comprehensive documentation
│ ├── user/ # End-user guides (getting started, configuration)
│ ├── admin/ # Administrator guides (deployment, security)
│ ├── dev/ # Developer documentation (architecture, features)
│ └── reference/ # Technical reference (XEPs, modules, troubleshooting)
└── .runtime/ # Runtime data (certificates, logs, backups - gitignored)
See docs/dev/architecture.md for development guidelines and project structure.
