Tor - XMPP Server (eJabberd)
XMPP Hidden Service
The script below provides a basic roll-out setup.
Please refer to ejabberd docs for adding users.
- sudo apt-get install tor ejabberd -y
#!/bin/bash
# aMiscreant
set -e
TORRC="/etc/tor/torrc"
SSL_DIR="/etc/ejabberd/ssl"
EJABBERD_YML="/etc/ejabberd/ejabberd.yml"
# 1. Ensure SSL directory exists
sudo mkdir -p "$SSL_DIR"
sudo chown $(whoami) "$SSL_DIR"
# 2. Append Tor Hidden Service for XMPP if not already present
if ! grep -q "HiddenServiceDir /var/lib/tor/xmppserver/" "$TORRC"; then
echo -e "\n# Jabber/XMPP" | sudo tee -a "$TORRC"
echo "HiddenServiceDir /var/lib/tor/xmppserver/" | sudo tee -a "$TORRC"
echo "HiddenServiceVersion 3" | sudo tee -a "$TORRC"
echo "HiddenServicePort 5222 127.0.0.1:5222" | sudo tee -a "$TORRC"
fi
# 3. Restart Tor to generate hostname
sudo systemctl restart tor
# 4. Wait a bit for Tor to create the hostname
sleep 2
ONION_HOSTNAME=$(sudo cat /var/lib/tor/xmppserver/hostname)
echo "Generated .onion hostname: $ONION_HOSTNAME"
# 5. Generate self-signed cert
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
-keyout "$SSL_DIR/$ONION_HOSTNAME.key" \
-out "$SSL_DIR/$ONION_HOSTNAME.crt" \
-subj "/CN=$ONION_HOSTNAME"
sudo chown ejabberd:ejabberd "$SSL_DIR/$ONION_HOSTNAME".*
sudo chmod 644 "$SSL_DIR/$ONION_HOSTNAME.crt"
sudo chmod 600 "$SSL_DIR/$ONION_HOSTNAME.key"
# 6. Update ejabberd.yml (hosts and certfiles)
sudo sed -i "/^hosts:/c\hosts:\n - \"$ONION_HOSTNAME\"" "$EJABBERD_YML"
sudo sed -i "/^certfiles:/c\certfiles:\n - \"$SSL_DIR/$ONION_HOSTNAME.crt\"\n - \"$SSL_DIR/$ONION_HOSTNAME.key\"" "$EJABBERD_YML"
# 7. Restart ejabberd
sudo systemctl restart ejabberd
echo "Ejabberd configured for Tor XMPP at $ONION_HOSTNAME"