1 # Prosody {#module-services-prosody}
3 [Prosody](https://prosody.im/) is an open-source, modern XMPP server.
5 ## Basic usage {#module-services-prosody-basic-usage}
7 A common struggle for most XMPP newcomers is to find the right set
8 of XMPP Extensions (XEPs) to setup. Forget to activate a few of
9 those and your XMPP experience might turn into a nightmare!
11 The XMPP community tackles this problem by creating a meta-XEP
12 listing a decent set of XEPs you should implement. This meta-XEP
13 is issued every year, the 2020 edition being
14 [XEP-0423](https://xmpp.org/extensions/xep-0423.html).
16 The NixOS Prosody module will implement most of these recommendend XEPs out of
17 the box. That being said, two components still require some
18 manual configuration: the
19 [Multi User Chat (MUC)](https://xmpp.org/extensions/xep-0045.html)
20 and the [HTTP File Upload](https://xmpp.org/extensions/xep-0363.html) ones.
21 You'll need to create a DNS subdomain for each of those. The current convention is to name your
22 MUC endpoint `conference.example.org` and your HTTP upload domain `upload.example.org`.
24 A good configuration to start with, including a
25 [Multi User Chat (MUC)](https://xmpp.org/extensions/xep-0045.html)
26 endpoint as well as a [HTTP File Upload](https://xmpp.org/extensions/xep-0363.html)
27 endpoint will look like this:
32 admins = [ "root@example.org" ];
33 ssl.cert = "/var/lib/acme/example.org/fullchain.pem";
34 ssl.key = "/var/lib/acme/example.org/key.pem";
35 virtualHosts."example.org" = {
37 domain = "example.org";
38 ssl.cert = "/var/lib/acme/example.org/fullchain.pem";
39 ssl.key = "/var/lib/acme/example.org/key.pem";
42 domain = "conference.example.org";
45 domain = "upload.example.org";
51 ## Let's Encrypt Configuration {#module-services-prosody-letsencrypt}
53 As you can see in the code snippet from the
54 [previous section](#module-services-prosody-basic-usage),
55 you'll need a single TLS certificate covering your main endpoint,
56 the MUC one as well as the HTTP Upload one. We can generate such a
57 certificate by leveraging the ACME
58 [extraDomainNames](#opt-security.acme.certs._name_.extraDomainNames) module option.
60 Provided the setup detailed in the previous section, you'll need the following acme configuration to generate
61 a TLS certificate for the three endponits:
65 email = "root@example.org";
69 webroot = "/var/www/example.org";
70 email = "root@example.org";
71 extraDomainNames = [ "conference.example.org" "upload.example.org" ];