Доброго времени суток, коллеги! Установил debian - server на virtualbox, и установил туда ХМРР сервер Prosody, для конфиденциального общения. В качестве прокси использую Socks5 i2pd, трафик кручу через i2p, используя виртуальный сервис i2pd. Вот мануал, по которому произвожу настройку: https://tgraph.io/CHerno-treugolnie-04-14 Много раз разворачивал этот проект на Kali, Whonix и Windows, все прекрасно работало, но в этот раз никак не мог достучаться Пиджином до сервера, посмотрев логи, я понял что нелады на самом сервере Prosody. Вот конфиг сервера /etc/prosody/prosody.cfg.lua -- Prosody Example Configuration File -- -- Information on configuring Prosody can be found on our -- website at https://prosody.im/doc/configure -- -- Tip: You can check that the syntax of this file is correct -- when you have finished by running this command: -- prosodyctl check config -- If there are any errors, it will let you know what and where -- they are, otherwise it will keep quiet. -- -- The only thing left to do is rename this file to remove the .dist ending, and fill in the -- blanks. Good luck, and happy Jabbering! ---------- Server-wide settings ---------- -- Settings in this section apply to the whole server and are the default settings -- for any virtual hosts -- This is a (by default, empty) list of accounts that are admins -- for the server. Note that you must create the accounts separately -- (see https://prosody.im/doc/creating_accounts for info) -- Example: admins = { "[email protected]", "[email protected]" } admins = {"[email protected]32.i2p" } -- Enable use of libevent for better performance under high load -- For more information see: https://prosody.im/doc/libevent --use_libevent = true -- Prosody will always look in its source directory for modules, but -- this option allows you to specify additional locations where Prosody -- will look for modules first. For community modules, see https://modules.prosody.im/ -- For a local administrator it's common to place local modifications -- under /usr/local/ hierarchy: plugin_paths = { "/usr/local/lib/prosody/modules" } -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules modules_enabled = { "roster"; "saslauth"; "tls"; "dialback"; "disco"; "posix"; "private"; "vcard"; "ping"; "register"; "admin_adhoc"; "darknet"; }; -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = {}; -- Disable account creation by default, for security -- For more information see https://prosody.im/doc/creating_accounts allow_registration = false -- Debian: -- Do not send the server to background, either systemd or start-stop-daemon take care of that. -- daemonize = false; -- Debian: -- Please, don't change this option since /run/prosody/ -- is one of the few directories Prosody is allowed to write to -- pidfile = "/run/prosody/prosody.pid"; -- Force clients to use encrypted connections? This option will -- prevent clients from authenticating unless they are using encryption. c2s_require_encryption = true -- Force servers to use encrypted connections? This option will -- prevent servers from authenticating unless they are using encryption. s2s_require_encryption = true -- Force certificate authentication for server-to-server connections? s2s_secure_auth = false -- Some servers have invalid or self-signed certificates. You can list -- remote domains here that will not be required to authenticate using -- certificates. They will be authenticated using DNS instead, even -- when s2s_secure_auth is enabled. --s2s_insecure_domains = { "insecure.example" } -- Even if you disable s2s_secure_auth, you can still require valid -- certificates for some domains by specifying a list here. --s2s_secure_domains = { "jabber.org" } -- Select the authentication backend to use. The 'internal' providers -- use Prosody's configured data storage to store the authentication data. authentication = "internal_hashed" -- Select the storage backend to use. By default Prosody uses flat files -- in its configured data directory, but it also supports more backends -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See https://prosody.im/doc/storage for more info. --storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the -- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work) -- For the "sql" backend, you can uncomment *one* of the below to configure: --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } -- Archiving configuration -- If mod_mam is enabled, Prosody will store a copy of every message. This -- is used to synchronize conversations between multiple clients, even if -- they are offline. This setting controls how long Prosody will keep -- messages in the archive before removing them. archive_expires_after = "1w" -- Remove archived messages after 1 week -- You can also configure messages to be stored in-memory only. For more -- archiving options, see https://prosody.im/doc/modules/mod_mam -- Logging configuration -- For advanced logging see https://prosody.im/doc/logging -- -- Debian: -- Logs info and higher to /var/log -- Logs errors to syslog also log = { -- Log files (change 'info' to 'debug' for debug logs): info = "/var/log/prosody/prosody.log"; error = "/var/log/prosody/prosody.err"; -- Syslog: { levels = { "error" }; to = "syslog"; }; } -- Uncomment to enable statistics -- For more info see https://prosody.im/doc/statistics -- statistics = "internal" -- Certificates -- Every virtual host and component needs a certificate so that clients and -- servers can securely verify its identity. Prosody will automatically load -- certificates/keys from the directory specified here. -- For more information, including how to use 'prosodyctl' to auto-import certificates -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates -- Location of directory to find certificates in (relative to main config file): certificates = "certs" -- HTTPS currently only supports a single certificate, specify it here: --https_certificate = "/etc/prosody/certs/localhost.crt" ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. -- It's customary to maintain VirtualHost entries in separate config files -- under /etc/prosody/conf.d/ directory. Examples of such config files can -- be found in /etc/prosody/conf.avail/ directory. ------ Additional config files ------ -- For organizational purposes you may prefer to add VirtualHost and -- Component definitions in their own config files. This line includes -- all config files in /etc/prosody/conf.d/ VirtualHost "krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p" enabled = true ssl = { key = "/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key"; certificate = "/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.crt"; } --VirtualHost "example.com" -- certificate = "/path/to/example.crt" ------ Components ------ -- You can specify components to add hosts that provide special services, -- like multi-user conferences, and transports. -- For more information on components, see https://prosody.im/doc/components ---Set up a MUC (multi-user chat) room server on conference.example.com: --Component "conference.example.com" "muc" --- Store MUC messages in an archive and allow users to access it --modules_enabled = { "muc_mam" } ---Set up an external component (default component port is 5347) -- -- External components allow adding various services, such as gateways/ -- transports to other networks like ICQ, MSN and Yahoo. For more info -- see: https://prosody.im/doc/components#adding_an_external_component -- --Component "gateway.example.com" -- component_secret = "password" Include "conf.d/*.cfg.lua" Вот лог сервера cat /var/log/prosody/prosody.log Apr 19 11:01:47 startup info Hello and welcome to Prosody version 0.11.2 Apr 19 11:01:47 startup info Prosody is using the select backend for connection handling Apr 19 11:01:47 portmanager info Activated service 's2s' on [::]:5269, [*]:5269 Apr 19 11:01:47 portmanager info Activated service 'c2s' on [::]:5222, [*]:5222 Apr 19 11:01:47 portmanager info Activated service 'legacy_ssl' on no ports Apr 19 11:04:03 mod_posix warn Received SIGTERM Apr 19 11:04:03 startup info Shutting down: Received SIGTERM Apr 19 11:04:03 general info Shutting down... Apr 19 11:04:03 general info Shutdown status: Cleaning up Apr 19 11:04:03 general info Shutdown complete Apr 19 11:04:03 startup info Hello and welcome to Prosody version 0.11.2 Apr 19 11:04:03 startup info Prosody is using the select backend for connection handling Apr 19 11:04:03 modulemanager error Unable to load module 'darknet': /usr/lib/prosody/modules/mod_darknet.lua: No such file or directory Apr 19 11:04:03 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key': Check that the path is correct, and the file exists. (for krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p) Apr 19 11:04:03 krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p:tls error Error creating context for c2s: error loading private key (No such file or directory) Apr 19 11:04:03 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key': Previous error (see logs), or other system error. (for krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p) Apr 19 11:04:03 krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p:tls error Error creating contexts for s2sout: error loading private key (system lib) Apr 19 11:04:03 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key': Previous error (see logs), or other system error. (for krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p) Apr 19 11:04:03 krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p:tls error Error creating contexts for s2sin: error loading private key (system lib) Apr 19 11:04:03 portmanager info Activated service 's2s' on [*]:5269, [::]:5269 Apr 19 11:04:03 portmanager info Activated service 'c2s' on [*]:5222, [::]:5222 Apr 19 11:04:03 portmanager info Activated service 'legacy_ssl' on no ports Apr 19 11:04:03 modulemanager error Unable to load module 'darknet': /usr/lib/prosody/modules/mod_darknet.lua: No such file or directory Apr 19 11:08:22 mod_posix warn Received SIGTERM Apr 19 11:08:22 startup info Shutting down: Received SIGTERM Apr 19 11:08:22 general info Shutting down... Apr 19 11:08:22 general info Shutdown status: Cleaning up Apr 19 11:08:22 general info Shutdown complete Apr 19 11:08:22 startup info Hello and welcome to Prosody version 0.11.2 Apr 19 11:08:22 startup info Prosody is using the select backend for connection handling Apr 19 11:08:22 portmanager info Activated service 'c2s' on [*]:5222, [::]:5222 Apr 19 11:08:22 portmanager info Activated service 'legacy_ssl' on no ports Apr 19 11:08:22 portmanager info Activated service 's2s' on [*]:5269, [::]:5269 Apr 19 11:10:20 mod_posix warn Received SIGTERM Apr 19 11:10:20 startup info Shutting down: Received SIGTERM Apr 19 11:10:20 general info Shutting down... Apr 19 11:10:20 general info Shutdown status: Cleaning up Apr 19 11:10:20 general info Shutdown complete Apr 19 11:10:20 startup info Hello and welcome to Prosody version 0.11.2 Apr 19 11:10:20 startup info Prosody is using the select backend for connection handling Apr 19 11:10:20 portmanager info Activated service 'c2s' on [::]:5222, [*]:5222 Apr 19 11:10:20 portmanager info Activated service 'legacy_ssl' on no ports Apr 19 11:10:20 portmanager info Activated service 's2s' on [::]:5269, [*]:5269 Вот лог по ошибкам cat /var/log/prosody/prosody.err Apr 19 11:04:03 modulemanager error Unable to load module 'darknet': /usr/lib/prosody/modules/mod_darknet.lua: No such file or directory Apr 19 11:04:03 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key': Check that the path is correct, and the file exists. (for krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p) Apr 19 11:04:03 krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p:tls error Error creating context for c2s: error loading private key (No such file or directory) Apr 19 11:04:03 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key': Previous error (see logs), or other system error. (for krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p) Apr 19 11:04:03 krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p:tls error Error creating contexts for s2sout: error loading private key (system lib) Apr 19 11:04:03 certmanager error SSL/TLS: Failed to load '/etc/prosody/certs/krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key': Previous error (see logs), or other system error. (for krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p) Apr 19 11:04:03 krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p:tls error Error creating contexts for s2sin: error loading private key (system lib) Apr 19 11:04:03 modulemanager error Unable to load module 'darknet': /usr/lib/prosody/modules/mod_darknet.lua: No such file or directory ПОЖАЛУЙСТА ПОМОГИТЕ ПОНЯТЬ, В ЧЕМ ИМЕННО ДЕЛО! Спасибо заранее!
поставьте модуль У вас либо в этой папке нет этого ключа, либо он имеет другое название файла или же у вас нет прав на чтение этого файла (под каким пользователем запускается сервис?), так что Code: ls -lh /etc/prosody/certs/
Здравствуйте! Спасибо за ответ! Все переустановил, все ровно не работает! Постоянно ошибки ловлю, не пойму в чем дело, раньше все работало! Вот лог по ошибкам: cat /var/log/prosody/prosody.err Apr 20 12:24:12 mod_posix error Failed to daemonize: already-daemonize А вот syslog: root@debian:~# cat /var/log/syslog | grep prosody Apr 20 12:24:11 debian systemd[1]: prosody.service: Succeeded. Apr 20 12:24:12 debian prosody[1422]: mod_posix: Prosody is about to detach from the console, disabling further console output Apr 20 12:24:12 debian prosody[1422]: mod_posix: Failed to daemonize: already-daemonized Вот по сертификатам: ls -lh /etc/prosody/certs/ итого 8,0K lrwxrwxrwx 1 root root 37 янв 9 2019 localhost.crt -> ../../ssl/certs/ssl-cert-snakeoil.pem lrwxrwxrwx 1 root root 39 янв 9 2019 localhost.key -> ../../ssl/private/ssl-cert-snakeoil.key -rw-r----- 1 root prosody 1,4K апр 20 12:23 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt -rw-r----- 1 root prosody 1,7K апр 20 12:21 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key Я неопытный, может подскажете куда копать... СПАСИБО ВАМ!
Как вы запускаете prosody? Как сервис Code: service prosody start или из-под консоли? Может у вас он уже запущен ( Code: pgrep prosody )? В конфиге у вас стоит совершенно другой файл krswzn3gt32blf54uam5l3otiilmu3te46333i7vy5hqwtkl4hvq.b32.i2p.key
Так точно, запускаю как сервис. Делаю как в документации. А сервер на Debian дгугой, я все переустановил по новой. Все ровно он не работает! Что-то не так с сертификатами, и модулем posix. просто не понимаю, что ему не нравится. Вот свежие логи: cat /var/log/syslog | grep prosody Apr 20 12:24:11 debian systemd[1]: prosody.service: Succeeded. Apr 20 12:24:12 debian prosody[1422]: mod_posix: Prosody is about to detach from the console, disabling further console output Apr 20 12:24:12 debian prosody[1422]: mod_posix: Failed to daemonize: already-daemonized Apr 20 13:15:07 debian prosody[433]: mod_posix: Prosody is about to detach from the console, disabling further console output Apr 20 13:15:07 debian prosody[433]: mod_posix: Failed to daemonize: already-daemonized Apr 20 13:15:07 debian prosody[433]: portmanager: No active service for c2s, activating... Apr 20 13:15:07 debian prosody[433]: socket: server.lua: new server listener on '[127.0.0.1]:5222' Apr 20 13:15:07 debian prosody[433]: portmanager: Added listening service c2s to [127.0.0.1]:5222 Apr 20 13:15:07 debian prosody[433]: portmanager: Activated service 'c2s' on [127.0.0.1]:5222 Apr 20 13:15:07 debian prosody[433]: portmanager: No active service for legacy_ssl, activating... Apr 20 13:15:07 debian prosody[433]: portmanager: Activated service 'legacy_ssl' on no ports Apr 20 13:15:07 debian prosody[433]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 20 13:15:07 debian prosody[433]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 20 13:15:07 debian prosody[433]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 20 13:15:07 debian prosody[433]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 20 13:15:07 debian prosody[433]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 20 13:15:07 debian prosody[433]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p
У вас с ключом/сертификатом всё нормально. А с сервисом попробуйте Code: daemonize = false; в конфигурации.
Да так и прописал! Пишет, какого-то сертификата не хватает! Я уже их повыпиливал и сгенерировал новые через prosodyctl cert generate ... Танцы с бубном, снова сделал через openssl как было. Не работает, не могу понять.((( Теперь лог таков cat /var/log/prosody/prosody.err Apr 20 12:24:12 mod_posix error Failed to daemonize: already-daemonized Apr 20 13:15:07 mod_posix error Failed to daemonize: already-daemonized Apr 20 13:47:23 mod_posix error Failed to daemonize: already-daemonized Apr 20 14:13:44 mod_posix error Failed to daemonize: already-daemonized Apr 20 14:26:31 mod_posix error Failed to daemonize: already-daemonized Apr 20 14:36:05 mod_posix error Failed to daemonize: already-daemonized Apr 20 14:40:49 mod_posix error Failed to daemonize: already-daemonized Apr 20 14:41:25 mod_posix error Failed to daemonize: already-daemonized Apr 20 14:43:55 mod_posix error Failed to daemonize: already-daemonized Apr 20 16:04:41 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p:tls error Error creating context for c2s: No certificate present in SSL/TLS configuration for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 20 16:04:41 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p:tls error Error creating contexts for s2sin: No certificate present in SSL/TLS configuration for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p root@debian:~# Пишет, нет сертификата.. Как нет, когда вот они все! ls -lh /etc/prosody/certs/ итого 8,0K -rw-r----- 1 root prosody 1,3K апр 20 16:13 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt -rw-r----- 1 root prosody 1,7K апр 20 16:12 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key root@debian:~# Вот его статус: systemctl status prosody ● prosody.service - Prosody XMPP Server Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-04-20 16:34:58 MSK; 13s ago Docs: https://prosody.im/doc Main PID: 435 (lua5.2) Tasks: 1 (limit: 1971) Memory: 6.1M CGroup: /system.slice/prosody.service └─435 lua5.2 /usr/bin/prosody апр 20 16:34:58 debian systemd[1]: Started Prosody XMPP Server. апр 20 16:35:01 debian prosody[435]: storagemanager: map storage driver unavailable, using shim on top of keyval store.
ну так он у вас вроде работает) А с сертификатами можете попробовать прописать глобальную переменную.
Да все без ошибок вроде, только Пиджином не достучаться туда все ровно, соединение разоравано! Просто беда! Вот суслог: cat /var/log/syslog | grep prosody Apr 21 12:55:19 debian prosody[438]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 21 12:55:19 debian prosody[438]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 21 12:55:19 debian prosody[438]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 21 12:55:19 debian prosody[438]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 21 12:55:19 debian prosody[438]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 21 12:55:19 debian prosody[438]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p По ошибкам ничего... i2pd тоже работает нормально.
Вот статус Прасоди после ребута: systemctl status prosody ● prosody.service - Prosody XMPP Server Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-04-21 11:46:48 MSK; 33s ago Docs: https://prosody.im/doc Main PID: 438 (lua5.2) Tasks: 1 (limit: 1971) Memory: 6.1M CGroup: /system.slice/prosody.service └─438 lua5.2 /usr/bin/prosody апр 21 11:46:48 debian systemd[1]: Started Prosody XMPP Server. апр 21 11:46:51 debian prosody[438]: xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p:darknet: mod_darknet ready and loaded апр 21 11:46:51 debian prosody[438]: storagemanager: map storage driver unavailable, using shim on top of keyval store. Какой-то драйвер недоступен почему-то. Читаю вот, пытаюсь разобраться. Гуглил, гуглин, ничего по этой ошибке нет! БЕДА!!!!!!!!!!
Сейчас такой статус показывает: systemctl status prosody ● prosody.service - Prosody XMPP Server Loaded: loaded (/lib/systemd/system/prosody.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-04-21 16:38:30 MSK; 1h 44min left Docs: https://prosody.im/doc Main PID: 432 (lua5.2) Tasks: 1 (limit: 1971) Memory: 5.9M CGroup: /system.slice/prosody.service └─432 lua5.2 /usr/bin/prosody апр 21 16:38:30 debian systemd[1]: Started Prosody XMPP Server. апр 21 16:38:33 debian prosody[432]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ika апр 21 16:38:33 debian prosody[432]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpu апр 21 16:38:33 debian prosody[432]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ika апр 21 16:38:33 debian prosody[432]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpu апр 21 16:38:33 debian prosody[432]: certmanager: Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ika апр 21 16:38:33 debian prosody[432]: certmanager: Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpu lines 1-17/17 (END) Вроде все работает, но все ровно НЕВОЗМОЖНО установить соединение с pidgin.
Статус говорит что у вас всё нормально. Вы хотя-бы посмотрели, открыл ли сервер нужные порты? Code: ss -tlpn Попробуйте увеличить информацию лога ("debug") и проверить соединение хотя-бы локально. Настройки брандмауера проверяли?
ss -tlpn State Recv-Q Send-Q Local Addressort Peer Addressort LISTEN 0 128 127.0.0.1:5222 0.0.0.0:* users("lua5.2",pid=431,fd=4)) LISTEN 0 128 127.0.0.1:7656 0.0.0.0:* users("i2pd",pid=442,fd=47)) LISTEN 0 128 127.0.0.1:6668 0.0.0.0:* users("i2pd",pid=442,fd=40)) LISTEN 0 128 0.0.0.0:2223 0.0.0.0:* users("sshd",pid=441,fd=3)) LISTEN 0 128 127.0.0.1:5269 0.0.0.0:* users("lua5.2",pid=431,fd=6)) LISTEN 0 128 0.0.0.0:25750 0.0.0.0:* users("i2pd",pid=442,fd=14)) LISTEN 0 128 127.0.0.1:4444 0.0.0.0:* users("i2pd",pid=442,fd=35)) LISTEN 0 128 127.0.0.1:7070 0.0.0.0:* users("i2pd",pid=442,fd=31)) LISTEN 0 128 127.0.0.1:4447 0.0.0.0:* users("i2pd",pid=442,fd=36)) LISTEN 0 128 [::]:2223 [::]:* users("sshd",pid=441,fd=4)) root@debian:~# Попробуйте увеличить информацию лога ("debug") Это значит добавить log = { debug = "/var/log/prosody/prosody.log"; -- Send debug and higher here error = "*syslog"; -- Send error and higher to the syslog sink } в конфиг прасоди?? Простите что туплю, я еще пока не так много знаю.( Вот свежий лог: Apr 21 16:01:19 startup info Hello and welcome to Prosody version 0.11.2 Apr 21 16:01:19 stats debug Statistics disabled Apr 21 16:01:20 certmanager debug Searching /etc/prosody/certs for a key and certificate for client_https... Apr 21 16:01:20 certmanager debug No certificate/key found for client_https Apr 21 16:01:20 startup info Prosody is using the select backend for connection handling Apr 21 16:01:20 hostmanager debug Activated host: xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 21 16:01:20 usermanager debug Host 'xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p' now set to use user provider 'internal_plain' Apr 21 16:01:20 portmanager debug No active service for s2s, activating... Apr 21 16:01:20 socket debug server.lua: new server listener on '[127.0.0.1]:5269' Apr 21 16:01:20 portmanager debug Added listening service s2s to [127.0.0.1]:5269 Apr 21 16:01:20 portmanager info Activated service 's2s' on [127.0.0.1]:5269 Apr 21 16:01:20 storagemanager debug map storage driver unavailable, using shim on top of keyval store. Apr 21 16:01:20 xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p:darknet debug mod_darknet ready and loaded Apr 21 16:01:20 certmanager debug Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 21 16:01:20 certmanager debug Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 21 16:01:20 certmanager debug Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 21 16:01:20 certmanager debug Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 21 16:01:20 certmanager debug Searching /etc/prosody/certs for a key and certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Apr 21 16:01:20 certmanager debug Selecting certificate /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt with key /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.key for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Apr 21 16:01:20 portmanager debug No active service for c2s, activating... Apr 21 16:01:20 socket debug server.lua: new server listener on '[127.0.0.1]:5222' Apr 21 16:01:20 portmanager debug Added listening service c2s to [127.0.0.1]:5222 Apr 21 16:01:20 portmanager info Activated service 'c2s' on [127.0.0.1]:5222 Apr 21 16:01:20 portmanager debug No active service for legacy_ssl, activating... Apr 21 16:01:20 portmanager info Activated service 'legacy_ssl' on no ports prosodyctl check Checking config... You have 1 option set under xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p that should be in the global section of the config file, above any VirtualHost or Component definitions, see https://prosody.im/doc/configure#overview for more information. You need to move the following option: legacy_ssl_ssl Done. Checking DNS for host xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p... Host xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p does not seem to resolve to this server (IPv4/IPv6) Checking certificates... Checking certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Certificate: /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt Not valid for client connections to xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p. Not valid for server-to-server connections to xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p. For more information about certificates please see https://prosody.im/doc/certificates Problems found, see above. Вот это уже интереснее, пишет, на сколько я понял, чтоб комент про ssl надо перенести в глобальный раздел сервера, я так и сделал и вот новый лог: root@debian:~# prosodyctl check Checking config... Done. Checking DNS for host Host xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p does not seem to resolve to this server (IPv4/IPv6)... Host xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p does not seem to resolve to this server (IPv4/IPv6) Checking certificates... Checking certificate for xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p Certificate: /etc/prosody/certs/xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p.crt Not valid for client connections to xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p. Not valid for server-to-server connections to xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p. For more information about certificates please see https://prosody.im/doc/certificates Problems found, see above. Теперь пишет, что мой хост Host xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p не разрешает этот сервер (IPv4 / IPv6)... Может дело в настройке iptables? Я пока что с iptables не очень дружу.((
ну вот тут видно, что у вас сервис "висит" только на "локальном" сетевом адресе 127.0.0.1, а он должен работать на внешнем сетевом адресе (или же у вас должен быть прокси). На данный момент у нас снаружи открыты 2 порта: 2223 на котором висит SSH и 25750 на котором висит сервис I2P. Насколько я понимаю порт 5222 и 5269 должны быть открыты только внутри I2P-сети. Тоесть у вас где ошибка между сетью i2P и локальным сервером прозоди. да нет, вам пишет что ваш сервер не известен под именем xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p, но это вполне ожидаемое сообщение, так как прозоди пытаяется узнать IP-адрес по обычному DNS запросу, а так как нет такого домена i2p, то он ничего не находит и выдаёт ошибку. может быть, но вряд-ли, скорее в настройке prosody.
СПАСИБО ОГРОМНОЕ, ЧТО ТРАТИТЕ ВРЕМЯ НА МЕНЯ - ДУРАКА! У меня должен быть только локалхост и прокси i2pd! Значит, не выходит подружить i2pd c prosody! Вот на всякий вывод iptables iptables -L -vv Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
А может быть в качестве ДНС указать все тот же xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p ???
это как ? в качестве DNS сервера? во первых вам надо будет указывать IPv4/IPv6-адрес а не xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p, во вторых надо будет поднять DNS сервер, ну а в третьих даже если поднимете DNS сервер вам это ничего не даст, так как никто другой кроме вас этот адрес знать не будет. у вас и так снаружи висит только SSH и прокси i2pd на 25750. ну так как везде policy ACCEPT то брандмауер по умолчанию разрешает все соединения, как исходящие так и входящие. Мой вам совет, не торопитесь и проверьте Code: sudo prosodyctl status и Code: telnet 127.0.0.1 5269 и потом Code: telnet xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p 5269
Ну да, чем я туплю.. Не на Дебиане надо его настраивать на прасоди... prosodyctl status Prosody is running with PID 509 root@debian:~# root@debian:~# root@debian:~# root@debian:~# telnet 127.0.0.1 5269 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ^CConnection closed by foreign host. root@debian:~# root@debian:~# root@debian:~# root@debian:~# telnet xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p 5269 telnet: could not resolve xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p/5269: Name or service not known root@debian:~# root@debian:~# root@debian:~# root@debian:~# telnet xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p 5222 telnet: could not resolve xbrngfnafl5zvhmg4hxjfk5ikaefbbz3rqlc7fcsmbpuzgew6ftq.b32.i2p/5222: Name or service not known Вот что я получаю.. Здравствуйте! Вот, покапался .... Пишет Прасоди следующее: prosodyctl check Checking config... Done. Checking DNS for host efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p... Host efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p does not seem to resolve to this server (IPv4/IPv6) Checking certificates... Checking certificate for efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p Certificate: /etc/prosody/certs/efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p.crt Not valid for client connections to efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p. Not valid for server-to-server connections to efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p. For more information about certificates please see https://prosody.im/doc/certificates Problems found, see above. Виртуалхост не разрешает этот сервер! Как это понять?? Как победить??? Проблема похоже одна, НЕ ПОЛУЧАЕТСЯ ПОДРУЖИТЬ ПРАСОДИ С ПРОКСИ! Переработал конфигурацию сервера, сейчас конфиг таков: interfaces = { "127.0.0.1" }; admins = { "[email protected]32.i2p" }; modules_enabled = { "roster"; "saslauth"; "tls"; "dialback"; "disco"; "posix"; "private"; "vcard"; "ping"; "register"; "admin_adhoc"; "darknet"; }; modules_disabled = {}; allow_registration = false; darknet_only = true; c2s_ports = { "5222" }; c2s_require_encryption = true; s2s_ports = { "5269" }; s2s_secure_auth = false; legacy_ssl_ports = { "6666" }; authentication = "internal_plain"; -- On Debian/Ubuntu daemonize = false; pidfile = "/var/run/prosody/prosody.pid"; log = { error = "/var/log/prosody/prosody.err"; "*syslog"; } certificates = "certs"; legacy_ssl_ssl = { key = "/etc/prosody/certs/efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p.key"; certificate = "/etc/prosody/certs/efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p.crt"; } VirtualHost "efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p"; Иначе ssl не мог настроить. Теперь, вроде, ошибка одна! Похоже на Прасоди нужно настроить DNS, вот его статус: prosodyctl check Checking config... Done. Checking DNS for host efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p... No _xmpp-client SRV record found for efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p, but it looks like you need one. No _xmpp-server SRV record found for efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p, but it looks like you need one. Host efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p does not seem to resolve to this server (IPv4/IPv6) No targets for efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p appear to resolve to this server. For more information about DNS configuration please see https://prosody.im/doc/dns Checking certificates... Checking certificate for efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p Certificate: /etc/prosody/certs/efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p.crt Not valid for client connections to efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p. Not valid for server-to-server connections to efbv5v5kre3c5scojsmizp265u3xn2sntdro5yg2upzo6osykbxa.b32.i2p. For more information about certificates please see https://prosody.im/doc/certificates Problems found, see above. Вот нашел документацию по настройке DNS на Прасоди, НО НЕ МУГУ ПОНЯТЬ КАК ЭТО У СЕБЯ НАСТРОИТЬ! Где именно эта запись должна быть и как ее прописать???? _xmpp-client._tcp. example.com . 18000 IN SRV 0 5 5222 xmpp.example.com . _xmpp-server._tcp. example.com . 18000 IN SRV 0 5 5269 xmpp.example.com . https://translate.googleusercontent...Mg4orT0aJagMIAbPZDQ#port_and_network_settings Разобрался! Помогла смена версии! 11.5 и 10.0 не работали с i2p, сменил версию на 0.9 и все взлетело!
