/paranoid-prosody

Script and files to set up Prosody with reasonably paranoid defaults and to allow hidden service connections over Tor.

Primary LanguageLuaGNU General Public License v3.0GPL-3.0

paranoid-prosody

This script is a fork of https://github.com/micahflee/tor-relay-bootstrap. It has been modified to install Prosody (An XMPP server) with strong SSL/TLS ciphers, disables logging, and does some other paranoid things. It also sets up Tor to provide a hidden service for Prosody.

This is a script to bootstrap a Debian/Ubuntu server to be a set-and-forget Prosody server . It's been tested on Debian Wheezy and Ubuntu 14.04, and should work on any other maintained version of those two distros.

paranoid-prosody does this:

  • Upgrades all the software on the system
  • Adds the deb.torproject.org and the packages.prosody.im/debian repositories to apt, so Prosody and Tor updates come directly from the source.
  • Installs and configures Prosody with reasonably paranoid defaults.
  • Installs and configures Tor to be a hidden service for Prosody (You can also manually edit torrc to make SSH an authenticated hidden service)
  • Configures sane default firewall rules
  • Configures automatic updates
  • Installs tlsdate to ensure time is synced
  • Gives instructions on what the sysadmin needs to manually do at the end

To use it, set up a new Debian or Ubuntu server, SSH into it, switch to the root user, and:

git clone https://github.com/NSAKEY/paranoid-prosody.git
cd paranoid-prosody
./bootstrap.sh