stevenroose/a-httpupload-prosody.md

## a-httpupload-prosody.md

      
    Raw
  

              a-httpupload-prosody.md
            
          
    Instructions for Prosody on Debian

1. Install


Install Python and PIP

sudo apt-get install python3.4 python3-pip


Clone the repo somewhere

git clone https://github.com/siacs/HttpUploadComponent httpupload
cd httpupload


Install dependencies

sudo pip3 install -r requirements.txt


Create config file

cp config.example.yml config.yml


Edit config file
Some of the things I set:

storage_path : /var/lib/prosody/http_upload
# Add all your hosts
whitelist:
  - domain.tld
# We use nginx so this can just be
http_address: 127.0.0.1
http_port: 8080
# But the urls must have https
get_url : https://upload.domain.tld
put_url : https://upload.domain.tld


Add Prosody config: see prosody.cfg.lua


Restart Prosody: sudo service prosody restart


Configure init script and start:


sudo nano /etc/init.d/httpupload # see `httpupload` file
sudo chmod +x /etc/init.d/httpupload
sudo update-rc.d httpupload defaults
# run httpupload
sudo service httpupload start


Configure nginx: see upload.nginx.conf file


Restart nginx: sudo service nginx reload


Then the tricky part that took me long. Since we are serving the files directly from Nginx, we need to set the proper permissions to the directories.


sudo mkdir -p /var/lib/prosody/http_upload
sudo chmod +x -R /var/lib/prosody/
sudo chown prosody:www-data -R /var/lib/prosody/http_upload
sudo chmod 755 -R /var/lib/prosody/http_upload

I guess that's all, hopefully I did not forget something. You can find me on Jabber at steven@roose.ch or e-mail stevenroose@gmail.com.

  
## httpupload
#!/bin/bash
### BEGIN INIT INFO
# Provides:          HttpUploadComponent
# Required-Start:    prosody
# Required-Stop:     prosody
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start HttpUploadComponent
# Description:       HttpUploadComponent for prosody
### END INIT INFO
## more info: http://wiki.debian.org/LSBInitScripts

. /lib/lsb/init-functions

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
DAEMON=/opt/HttpUploadComponent/httpupload/server.py
NAME=httpupload
DESC=HttpUploadComponent
CONFIG=/opt/HttpUploadComponent/config.yml
LOGFILE=/var/log/prosody/http_upload.log
PIDFILE=/var/run/${NAME}.pid
USER=prosody

# Allow user to override default values listed above
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

export LOGNAME=$USER

test -x $DAEMON || exit 0

set -e

function _start() {
    start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$USER --background --make-pidfile --exec $DAEMON -- --config $CONFIG --logfile $LOGFILE
}

function _stop() {
    start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo --retry 3
    rm -f $PIDFILE
}

function _status() {
    start-stop-daemon --status --quiet --pidfile $PIDFILE
    return $?
}


case "$1" in
        start)
                echo -n "Starting $DESC: "
                _start
                echo "ok"
                ;;
        stop)
                echo -n "Stopping $DESC: "
                _stop
                echo "ok"
                ;;
        restart|force-reload)
                echo -n "Restarting $DESC: "
                _stop
                sleep 1
                _start
                echo "ok"
                ;;
        status)
                echo -n "Status of $DESC: "
                _status && echo "running" || echo "stopped"
                ;;
        *)
                N=/etc/init.d/$NAME
                echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
                exit 1
                ;;
esac

exit 0

## prosody.cfg.lua
-- disco_items probably already exists, so add the one line
disco_items = {
	{ "upload.yoursite.tld", "request slots to upload files via http"};
}

-- add this wherever you want
Component "upload.domain.tld"
	component_secret = "yoursecret" --match the secret from the config.yml

## upload.nginx.conf
server {
  listen         80;
  listen         [::]:80;
  server_name    upload.domain.tld;
  location / {
    return         301 https://$server_name$request_uri;
  }
}

server {
  listen         443 ssl;
  listen         [::]:443 ssl;
  server_name    upload.domain.tld;
  add_header     Strict-Transport-Security "max-age=31536000";

  # Point to your certificate files
  ssl_certificate         /etc/letsencrypt/live/chat.domain.tld/fullchain.pem;
  ssl_certificate_key     /etc/letsencrypt/live/chat.domain.tld/privkey.pem;

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL;
  ssl_prefer_server_ciphers on;

  root /var/lib/prosody/http_upload;

  location / {
    limit_except GET {
      proxy_pass        http://127.0.0.1:8080;
    }
    proxy_set_header    Host    $host;
    charset             utf-8;
    add_header          X-Frame-Options           DENY;
  }
}
	#!/bin/bash
	### BEGIN INIT INFO
	# Provides: HttpUploadComponent
	# Required-Start: prosody
	# Required-Stop: prosody
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: Start HttpUploadComponent
	# Description: HttpUploadComponent for prosody
	### END INIT INFO
	## more info: http://wiki.debian.org/LSBInitScripts

	. /lib/lsb/init-functions

	PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
	DAEMON=/opt/HttpUploadComponent/httpupload/server.py
	NAME=httpupload
	DESC=HttpUploadComponent
	CONFIG=/opt/HttpUploadComponent/config.yml
	LOGFILE=/var/log/prosody/http_upload.log
	PIDFILE=/var/run/${NAME}.pid
	USER=prosody

	# Allow user to override default values listed above
	[ -r /etc/default/$NAME ] && . /etc/default/$NAME

	export LOGNAME=$USER

	test -x $DAEMON \|\| exit 0

	set -e

	function _start() {
	start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$USER --background --make-pidfile --exec $DAEMON -- --config $CONFIG --logfile $LOGFILE
	}

	function _stop() {
	start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo --retry 3
	rm -f $PIDFILE
	}

	function _status() {
	start-stop-daemon --status --quiet --pidfile $PIDFILE
	return $?
	}


	case "$1" in
	start)
	echo -n "Starting $DESC: "
	_start
	echo "ok"
	;;
	stop)
	echo -n "Stopping $DESC: "
	_stop
	echo "ok"
	;;
	restart\|force-reload)
	echo -n "Restarting $DESC: "
	_stop
	sleep 1
	_start
	echo "ok"
	;;
	status)
	echo -n "Status of $DESC: "
	_status && echo "running" \|\| echo "stopped"
	;;
	*)
	N=/etc/init.d/$NAME
	echo "Usage: $N {start\|stop\|restart\|force-reload\|status}" >&2
	exit 1
	;;
	esac

	exit 0
	-- disco_items probably already exists, so add the one line
	disco_items = {
	{ "upload.yoursite.tld", "request slots to upload files via http"};
	}

	-- add this wherever you want
	Component "upload.domain.tld"
	component_secret = "yoursecret" --match the secret from the config.yml
	server {
	listen 80;
	listen [::]:80;
	server_name upload.domain.tld;
	location / {
	return 301 https://$server_name$request_uri;
	}
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name upload.domain.tld;
	add_header Strict-Transport-Security "max-age=31536000";

	# Point to your certificate files
	ssl_certificate /etc/letsencrypt/live/chat.domain.tld/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/chat.domain.tld/privkey.pem;

	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL;
	ssl_prefer_server_ciphers on;

	root /var/lib/prosody/http_upload;

	location / {
	limit_except GET {
	proxy_pass http://127.0.0.1:8080;
	}
	proxy_set_header Host $host;
	charset utf-8;
	add_header X-Frame-Options DENY;
	}
	}