Skip to content

Script and files to set up Prosody with reasonably paranoid defaults and to allow hidden service connections over Tor.

License

Notifications You must be signed in to change notification settings

NSAKEY/paranoid-prosody

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

paranoid-prosody

This script is a fork of https://github.com/micahflee/tor-relay-bootstrap. It has been modified to install Prosody (An XMPP server) with strong SSL/TLS ciphers, disables logging, and does some other paranoid things. It also sets up Tor to provide a hidden service for Prosody.

This is a script to bootstrap a Debian/Ubuntu server to be a set-and-forget Prosody server . It's been tested on Debian Wheezy and Ubuntu 14.04, and should work on any other maintained version of those two distros.

paranoid-prosody does this:

  • Upgrades all the software on the system
  • Adds the deb.torproject.org and the packages.prosody.im/debian repositories to apt, so Prosody and Tor updates come directly from the source.
  • Installs and configures Prosody with reasonably paranoid defaults.
  • Installs and configures Tor to be a hidden service for Prosody (You can also manually edit torrc to make SSH an authenticated hidden service)
  • Configures sane default firewall rules
  • Configures automatic updates
  • Installs tlsdate to ensure time is synced
  • Gives instructions on what the sysadmin needs to manually do at the end

To use it, set up a new Debian or Ubuntu server, SSH into it, switch to the root user, and:

git clone https://github.com/NSAKEY/paranoid-prosody.git
cd paranoid-prosody
./bootstrap.sh

About

Script and files to set up Prosody with reasonably paranoid defaults and to allow hidden service connections over Tor.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published