Make the Prosody Upload Url fancy 28.05.2018

Some serverowners might be interested in understanding how to properly set up http_upload with their Prosody instance.
It's still a challenge for many admins so i wanna try to enhance this situation today! :)

The following helps you to make this


to something like this

# (i think it makes sense to use a specific (sub-)domain for xmpp http stuff
# but it is your choice of course)
# In my specific case it looks like

First of all, make sure your mod_http_upload is loaded and uptodate, if it's too old some clients may refuse to upload anything (looking at you, Conversations)
Second, you may want to check Prosody's http documentation as well. As referenced in the modules own documentation.

mod_http_upload relies on Prosodys HTTP server and mod_http for serving HTTP requests. See Prosodys HTTP server documentation for information about how to configure ports, HTTP Host names etc.

This HowTo exists because this specific topic is confusing for many admins for some reason, also thus who have everything else set up.

Prosody Configuration

-- tell Prosody globally to use this http url for all teh http things
http_external_url = ""

-- component specific configuration
Component "" "http_upload"
    http_host = ""
    http_external_url = ""
    -- feel free to adjust this according to your needs as well btw
    http_upload_path = "/var/lib/prosody/http_upload"
    -- this is what i have configured as well, you may wanna ignore or modify it
    -- (check the module's readme for further information)
    http_upload_expire_after = 60 * 60 * 24 * 32
    http_upload_file_size_limit = 20 * 1024 * 1024
    http_upload_allowed_file_types = { "image/*", "text/plain", "application/pdf", "application/zip", "application/gzip" }

nginx Configuration

# /etc/nginx/sites-available/

server {
        listen 80;
        # this btw is useful to be able to run
        # certbot --webroot -w /tmp/le renew
        # or
        # certbot certonly --webroot -w /tmp/le -d
        # without the need of putting nginx down or such, u still need to reload tho
        # not my idea, i reference the gist when found it
        location '/.well-known/acme-challenge' {
           default_type "text/plain";
           root /tmp/le;
        location / {
           return 301 https://$server_name$request_uri;

server {
        listen 443 ssl;
        listen [::]:443 ssl spdy;
        root /var/www/xmpp;
        # actually this and root assumes you may have some greeter page laying around there
        index  index.html;

        # this assumes you have more tls settings in the nginx.conf - adjust it according to your needs
        ssl_certificate /etc/letsencrypt/live/;
        ssl_certificate_key /etc/letsencrypt/live/;
        # this is still not global, as far is i remember nginx workers segfaulted
        # with this in the global config, at least there was something strange and
        # bad going on so i always do it like this
        add_header Strict-Transport-Security max-age=15768000;

        location /upload {
          proxy_buffering off;
          proxy_set_header Host $host;
          # tbh you may not need the following,
          # i something just paste around lol
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
# weird spacing, right? lol
# if you don't have it global already, you may want to add something like
# client_max_body_size 20m;
# to this file.

Alright i hope this was useful for someone, i appreciate feedback.
Have a great day and good luck!

Wait, there's more in this topic!

Made with in Germany Imprint Privacy Contribute