如何使用DNSmasq配置Prosody IM以在两台计算机之间进行通信

时间:2019-02-12 16:24:14

标签: dnsmasq srv prosody-im

我成功安装了Prosody IM,并在localhost中使用它。现在,我有两台计算机通过具有固定IP地址的交叉电缆连接(我检查了一下,并发送了ping命令)。在其中一台计算机中安装了Jabber服务器,在两台计算机中均安装了基于xmpp的客户端。

但是,此客户端无法解析我的服务器的名称,即使它在同一主机中也是如此。例如,如果我有一个虚拟主机“ lti.loc”,则尝试连接时我的客户端(基于aioxmpp)显示此错误:

ioxmpp.errors.MultiOSError: failed to connect to XMPP domain 'lti.loc': multiple errors: [Errno -2] Name or service not known

是否有一种工具或方式仅在本地网络的SRV记录中设置此服务?

更新:我找到了一个名为dnsmasq的工具,现在我正在正确配置它。如果有人进一步了解此配置,请回答。

1 个答案:

答案 0 :(得分:0)

我找到了解决方法:

首先,需要安装dnsmasq

此后,重要的是禁用系统名称的解析。在基于Ubuntu的系统中,命令为:

$ sudo systemctl disable systemd-resolved

$ sudo systemctl stop systemd-resolved

让我们配置dnsmasq配置文件以找到Prosody服务器。打开文件的命令是:

$ sudo gedit /etc/dnsmasq.conf

配置示例为:

local=/localnet/

address=/lti.loc/192.168.1.1
srv-host=_xmpp-client._tcp.lti.loc,lti.loc,5222
srv-host=_xmpp-server._tcp.lti.loc,lti.loc,5269

最后,使用以下命令启动dnsmasq:

$ sudo systemctl start dnsmasq

某些应用程序需要SSL才能连接到Prosody。韵律具有自动生成此命令的命令。最终的Prosody配置文件/etc/prosody/prosody.cfg.lua看起来像这样:

    -- Prosody Example Configuration File

    modules_enabled = {
    -- Generally required
        "roster"; -- Allow users to have a roster. Recommended ;)
        "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
        "tls"; -- Add support for secure TLS on c2s/s2s connections
        "dialback"; -- s2s dialback support
        "disco"; -- Service discovery

    -- Not essential, but recommended
        "carbons"; -- Keep multiple clients in sync
        "pep"; -- Enables users to publish their mood, activity, playing music and more
        "private"; -- Private XML storage (for room bookmarks, etc.)
        "blocklist"; -- Allow users to block communications with other users
        "vcard"; -- Allow users to set vCards

    -- Nice to have
        "version"; -- Replies to server version requests
        "uptime"; -- Report how long server has been running
        "time"; -- Let others know the time here on this server
        "ping"; -- Replies to XMPP pings with pongs
        "register"; -- Allow users to register on this server using a client and change passwords
        --"mam"; -- Store messages in an archive and allow users to access it
        --"smacks"; -- Stream manager
    -- Admin interfaces
        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
        --"admin_telnet"; -- Opens telnet console interface on localhost port 5582

    -- HTTP modules
        -- "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
        --"websocket"; -- XMPP over WebSockets
        --"http_files"; -- Serve static files from a directory over HTTP

    -- Other specific functionality
        --"limits"; -- Enable bandwidth limiting for XMPP connections
        --"groups"; -- Shared roster support
        --"server_contact_info"; -- Publish contact information for this service
        --"announce"; -- Send announcement to all online users
        --"welcome"; -- Welcome users who register accounts
        --"watchregistrations"; -- Alert admins of registrations
        --"motd"; -- Send a message to users when they log in
        --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
        --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
    -- "offline"; -- Store offline messages
    -- "c2s"; -- Handle client connections
    -- "s2s"; -- Handle server-to-server connections
    -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = true

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = false

-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.
-- Note that this is different from authentication

s2s_require_encryption = false


-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see https://prosody.im/doc/s2s#security

s2s_secure_auth = false

allow_unencrypted_plain_auth = false
disable_sasl_mechanisms = { "DIGEST-MD5" }

-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.

--s2s_insecure_domains = { "insecure.example" }

-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.

authentication = "internal_hashed"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

--storage = "sql" -- Default is "internal"

-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }


-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.

archive_expires_after = "1w" -- Remove archived messages after 1 week

-- You can also configure messages to be stored in-memory only. For more
-- archiving options, see https://prosody.im/doc/modules/mod_mam

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
    info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
    error = "prosody.err";
    -- "*syslog"; -- Uncomment this for logging to syslog
    -- "*console"; -- Log to the console, useful for debugging with daemonize=false
}

-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
-- statistics = "internal"

-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates

-- Location of directory to find certificates in (relative to main config file):
--certificates = "certs"

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

pidfile = "prosody.pid" -- stores prosody.pid in the current directory

VirtualHost "lti.loc"

ssl = {
    key = "/var/lib/prosody/lti.loc.key";
    certificate = "/var/lib/prosody/lti.loc.crt";
}

最后,正确设置/ etc / host /中的主机很重要!