Buddycloud notes

  1. Summary
  2. Base install
  3. Configuration
  4. DNS
  5. SSL cert
  6. Prosody
  7. Postgres config
  8. Manual server deploy
  10. Current status
  11. Other todos


I am not running buddycloud. Installing it was a nightmare, partly because it uses nodejs (and not the stable version!), partly because the install instructions are kind of all over the place and incomplete. Furthermore, it doesn't actually federate with anything else than buddycloud and XMPP, which is granted, a good start, but not good enough for my needs.

I need:

So buddycloud doesn't cut it right now.

Base install

Base software built and installed.

git clone git://github.com/buddycloud/buddycloud-server.git
cd buddycloud-server
npm i .
# just to rebuilt the code after a git pull:
npm run-script install
sudo mkdir /opt/buddycloud
cd /opt/buddycloud
sudo tar zxf ~-/buddycloud-*tar.gz

Fix perms:

cd /opt/buddycloud
chown root .
chmod -R 755 .
chmod -R a-x,a+X .
chmod a+x bin/*

(!) Still can't run from there! Files are missing:

Error: ENOENT, no such file or directory '/opt/buddycloud/node_modules/node-xmpp/node_modules/request/node_modules/mime/types/mime.types'

Will run from the build directory directly.


Next is to install and configure it.



Using a shorter version, and using CNAME instead of A.

buddycloud                   IN CNAME        marcos
anon                         IN CNAME        buddycloud
_xmpp-server._tcp            IN SRV 5 0 5269 buddycloud
_xmpp-server._tcp.buddycloud IN SRV 5 0 5269 buddycloud
_xmpp-server._tcp.media      IN SRV 5 0 5269 buddycloud
_xmpp-server._tcp.anon       IN SRV 5 0 5269 buddycloud
_buddycloud-api._tcp         IN TXT "v=1.0" "host=buddycloud.orangeseeds.org" "protocol=https" "path=/api" "port=443"

SSL cert

2048 bit self-signed SSL key, valid for one year:

cd /etc/private/ssl
openssl genrsa -out orangeseeds.org.key 2048
openssl req -new -config orangeseeds.org.cnf -key orangeseeds.org.key -out orangeseeds.org.csr
openssl x509 -req -days 365 -in orangeseeds.org.csr -signkey orangeseeds.org.key -out orangeseeds.org.crt

.cnf file:

[ req ]
prompt                  = no
distinguished_name      = DN
encrypt_key             = no
req_extensions          = v3_req

[ DN ]
commonName              = orangeseeds.org

[ v3_req ]
subjectAltName          = DNS:*.orangeseeds.org


sudo apt-get install prosody lua-zlib

In /etc/prodosy/conf.d/buddycloud.orangeseeds.org.cfg.lua:

admins = { "anarcat@orangeseeds.org" }

registration_whitelist      = { "" }
whitelist_registration_only = true

VirtualHost "orangeseeds.org"
  authentication        = "internal_hashed"
  allow_registration    = true
  anonymous_login       = false
  ssl                   = {         key = "/etc/ssl/private/orangeseeds.org.key";
                            certificate = "/etc/ssl/private/orangeseeds.org.crt" }

-- for non-logged in browsing of open channels.
VirtualHost "anon.orangeseeds.org"
  authentication        = "anonymous"
  allow_registration    = false
  anonymous_login       = true
  disallow_s2s          = true

Component "buddycloud.orangeseeds.org"
  component_secret      = "tellnoone"

Component "pusher.orangeseeds.org"
  component_secret      = "tellnoone"

Other changes, to main config:

--- a/prosody/prosody.cfg.lua
+++ b/prosody/prosody.cfg.lua
@@ -41,8 +41,8 @@ modules_enabled = {
        -- Not essential, but recommended
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "vcard"; -- Allow users to set vCards
-               --"privacy"; -- Support privacy lists
-               --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
+               "privacy"; -- Support privacy lists
+               "compression"; -- Stream compression (Debian: requires lua-zlib module to work)

        -- Nice to have
                "legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
@@ -64,7 +64,7 @@ modules_enabled = {
                --"groups"; -- Shared roster support
                --"announce"; -- Send announcement to all online users
                --"welcome"; -- Welcome users who register accounts
-               --"watchregistrations"; -- Alert admins of registrations
+               "watchregistrations"; -- Alert admins of registrations
                --"motd"; -- Send a message to users when they log in
        -- Debian: do not remove this module, or you lose syslog
        -- support


service prosody restart

Check out logs in /var/log/prosody/prosody.log for any errors.

Postgres config

sudo apt-get install postgresql
# switch to the postgres user
sudo su - postgres
# create the database user and assign them a password
sudo createuser buddycloud_server --pwprompt --no-superuser --no-createdb --no-createrole
# create the database
sudo createdb --owner buddycloud_server --encoding UTF8 buddycloud_server
psql -U buddycloud_server -W -d buddycloud_server < postgres/install.sql
psql -U buddycloud_server -W -d buddycloud_server < postgres/upgrade-1.sql
psql -U buddycloud_server -W -d buddycloud_server < postgres/upgrade-2.sql

Manual server deploy

root@marcos:/home/anarcat/dist/buddycloud-server# cp _etc_init.d_buddycloud-server /etc/init.d/buddycloud-server
root@marcos:/home/anarcat/dist/buddycloud-server# chmod a+x /etc/init.d/buddycloud-server
root@marcos:/home/anarcat/dist/buddycloud-server# cp config.js.example /etc/buddycloud-server

Fix DAEMON path and home path in startup script:

diff --git a/init.d/buddycloud-server b/init.d/buddycloud-server
index 4d416a3..f98c74e 100755
--- a/init.d/buddycloud-server
+++ b/init.d/buddycloud-server
@@ -22,8 +22,8 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
 DESC="buddycloud server"
-DAEMON=`which nodejs`
 DAEMON_ARGS="lib/main.js --config config.js"


Edit /etc/buddycloud-server/config.js:

--- a/buddycloud-server/config.js
+++ b/buddycloud-server/config.js
@@ -2,7 +2,7 @@
 // change EXAMPLE.COM to match your domain

 // jid referrs to your server component
-exports.xmpp = { jid: 'buddycloud.EXAMPLE.COM',
+exports.xmpp = { jid: 'buddycloud.orangeseeds.org',
                 password: 'tellnoone',
                 host: 'localhost',
                 port: 5347
@@ -41,13 +41,13 @@ exports.logging = {
 // restrict creation of topic channels to just your domain - a good idea
 exports.checkCreateNode = function(opts) {
     return (opts.nodeUser === opts.actor) ||
-       (opts.nodeUser.split("@")[1] === "topics.EXAMPLE.COM");
+       (opts.nodeUser.split("@")[1] === "topics.orangeseeds.org");

 // JID of the pusher. This component will be notified of *all* events, including
 // those on private channels. If you don't know what the pusher component is, or
 // if you don't have one, you really should leave this commented.
-//exports.pusherJid = "pusher.EXAMPLE.COM";
+//exports.pusherJid = "pusher.orangeseeds.org";

 // autosubscribe users to a few channels

then create a user for buddycloud

adduser --system --home /var/lib/buddycloud buddycloud

and create its log dir:

sudo mkdir /var/log/buddycloud-server
sudo chown buddycloud /var/log/buddycloud-server


git clone https://github.com/buddycloud/buddycloud-http-api.git
cd buddycloud-http-api
npm i .

(!) Fails!

npm http GET https://registry.npmjs.org/connect/-/connect-1.9.2.tgz
make: entrant dans le répertoire « /home/anarcat/dist/buddycloud-http-api/node_modules/node-stringprep/build »
  CXX(target) Release/obj.target/node_stringprep/node-stringprep.o

> libxmljs@0.5.4 install /home/anarcat/dist/buddycloud-http-api/node_modules/libxmljs
> node-waf configure build

sh: 1: node-waf: not found

> libxmljs@0.5.4 preuninstall /home/anarcat/dist/buddycloud-http-api/node_modules/libxmljs
> node-waf clean

sh: 1: node-waf: not found
npm WARN continuing anyway undefined
unbuild libxmljs@0.5.4
npm ERR! weird error 127
npm ERR! not ok code 0

Doesn't seem that necessary for basic XMPP functionality: https://buddycloud.org/wiki/buddycloud_HTTP_API

Current status

We are stuck! We have the server running, but it just does XMPP, and I have no clue what to do with it. The HTTP API doesn't build in NodeJS 0.10, and all the packages are out of date and not even in wheezy (package page).

Furthermore, it doesn't seem all that clear that buddycloud really supports Ostatus. I see it as a "todo" in the buddycloud-server.

I will wait for this software to mature.

Other todos

SSL cert?

We need an SSL cert for prosody.. Seems like i don't have a free cert at Gandi, but we can use monkeysphere or DANE (requires DNSSEC).


Created . Edited .