Monster Manual: Prosody
Stat Block
| Dimension | Score | Rating |
|---|---|---|
| Structural difficulty | 2/14 | Easy |
| Compliance/maintenance | 7/13 | High |
| Confidence | High | |
| Estimated packaging effort | 20-35 hours | |
| Ongoing maintenance | Moderate to High |
Repository: github.com/prosody/prosody-docker Language: Lua License: MIT/X11 Stars: 175 (Docker repo) | Last release: 13.0.4, January 2026 | Release frequency: 3-5 per year
The Verdict
Prosody is the most realistic XMPP server candidate for Cloudron, and significant community work already exists. The core application is lightweight (Lua, ~30 MB RAM idle), supports MySQL/PostgreSQL via Cloudron addons, has native LDAP auth since v0.12.0, and is configurable via a clean Lua config file.
Crucially, Cloudron does support tcpPorts in the app manifest, meaning ports 5222 (c2s) and 5269 (s2s) can be exposed directly. This corrects a common misconception that Cloudron cannot expose raw TCP ports at all. The actual blockers are more subtle: TLS certificate management for the XMPP domain (not the app subdomain), DNS SRV record requirements, and secondary domain TLS addon behaviour.
A community member (DerekJarvis) has a working package with XMPP messaging functional.
Structural Analysis
A1. Processes (0): Single Lua process. prosodyctl is a CLI tool, not a daemon.
A2. Data storage (0): Supports PostgreSQL and MySQL via lua-dbi, both Cloudron addons. Default is flat files in /var/lib/prosody.
A3. Runtime (1): Lua is not in cloudron/base:5.0.0, but Prosody is available as a Debian package from the official apt repository. Dependencies come with the package.
A4. Message broker (0): No broker needed.
A5. Filesystem writes (1): Writes to /var/lib/prosody, /var/log/prosody, /etc/prosody, /etc/prosody/certs, and optionally a community modules directory. Requires 4-5 symlinks.
A6. Authentication (0): Native mod_auth_ldap since v0.12.0. Supports bind mode and getpasswd mode. Also available: mod_auth_ldap2 (community), mod_auth_cyrus.
Compliance Analysis
B1. SSO quality (1): Native mod_auth_ldap works but depends on lua-ldap. Bind mode restricts XMPP clients to PLAIN authentication (acceptable over TLS). Not specifically tested against Cloudron’s LDAP addon.
B2. Upstream stability (1): Mature project since 2008. Active v13.0 release line. The v0.12 to v13.0 version renumbering introduced some config changes.
B3. Backup complexity (0): SQL backend handled by Cloudron addon. Internal storage is flat files. No special snapshot procedures.
B4. Platform fit (3): The primary challenge. Needs TCP ports 5222 and 5269 (Cloudron supports via tcpPorts). But XMPP requires TLS certificates for the bare domain, not the app subdomain. DNS SRV records must be configured manually. MUC subdomains need their own TLS certificates.
B5. Config drift (2): prosody.cfg.lua is Lua code that must be generated from environment variables on each boot. Community modules can be installed at runtime via prosodyctl.
Key Risks
TLS certificate access for the XMPP domain is the single most discussed blocker across years of forum threads. XMPP clients connecting to user@example.com on port 5222 expect a certificate for example.com, not chat.example.com.
DNS SRV records are external to Cloudron and must be documented as a manual post-install step.
HTTP endpoint proxying tripped up an experienced packager due to how Cloudron’s httpPort maps to the external HTTPS port.
Existing Community Work
- DerekJarvis (2025-26): Active package at github.com/DerekJarvis/cloudron-prosody. XMPP messaging works.
- syn (2018-2022): Earlier package, got stuck on TLS certificates for component subdomains.
- Forum thread: forum.cloudron.io/topic/10465/xmpp-server-prosody (40+ pages of discussion).
Recommendation
Viable candidate with known, bounded risks. The structural difficulty is low (2/14). The compliance cost (7/13) is driven by XMPP protocol requirements, not application problems. These same issues affect any XMPP server on Cloudron.
Build on DerekJarvis’s existing work. Focus on TLS certificate access and DNS SRV documentation. Estimated time from current state to publishable: 10-20 hours.
Prosody is the clear choice over ejabberd for Cloudron XMPP. Lighter, simpler to configure, active community packaging effort, and the remaining blockers are protocol-level issues that affect both equally.