fix(jabber): Fix Prosody startup and process detection

- Run Prosody as prosody user (not root) via su -s /bin/sh
- Fix process detection to look for lua.*prosody pattern
- Generate SSL certs using openssl instead of prosodyctl
- Remove deprecated cross_domain_websocket option
- Create config file before certificate generation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/secubox-app-jabber/files/usr/sbin/jabberctl

@@ -238,25 +238,18 @@ SOURCES
 create_startup_script() {
 	cat > "$LXC_ROOTFS/opt/start-jabber.sh" <<'STARTUP'
 #!/bin/bash
-set -e
 
 export PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
 
+# Get hostname from environment or default
+XMPP_DOMAIN="${XMPP_HOSTNAME:-jabber.local}"
+ADMIN_USER="${XMPP_ADMIN:-admin}"
+
 # Generate Prosody config if not exists
 if [ ! -f /etc/prosody/prosody.cfg.lua.configured ]; then
     echo "[JABBER] Generating Prosody configuration..."
 
-    # Get hostname from environment or default
+    # Create main config FIRST (before cert generation)
-    XMPP_DOMAIN="${XMPP_HOSTNAME:-jabber.local}"
-    ADMIN_USER="${XMPP_ADMIN:-admin}"
-
-    # Generate self-signed certificates
-    if [ ! -f /var/lib/prosody/${XMPP_DOMAIN}.crt ]; then
-        echo "[JABBER] Generating SSL certificates..."
-        prosodyctl cert generate "$XMPP_DOMAIN"
-    fi
-
-    # Create main config
     cat > /etc/prosody/prosody.cfg.lua <<PROSODY
 -- Prosody XMPP Server Configuration
 -- Generated by SecuBox Jabber
@@ -372,6 +365,16 @@ Component "conference.${XMPP_DOMAIN}" "muc"
 Include "conf.d/*.cfg.lua"
 PROSODY
 
+    # Now generate self-signed certificates (config must exist first)
+    echo "[JABBER] Generating SSL certificates..."
+    cd /var/lib/prosody
+    openssl req -new -x509 -days 3650 -nodes \
+        -out "${XMPP_DOMAIN}.crt" \
+        -keyout "${XMPP_DOMAIN}.key" \
+        -subj "/CN=${XMPP_DOMAIN}" 2>/dev/null
+    chown prosody:prosody "${XMPP_DOMAIN}.crt" "${XMPP_DOMAIN}.key"
+    chmod 600 "${XMPP_DOMAIN}.key"
+
     touch /etc/prosody/prosody.cfg.lua.configured
     echo "[JABBER] Configuration generated"
 fi
@@ -585,9 +588,9 @@ cmd_check() {
 		fi
 	done
 
-	# Prosody process
+	# Prosody process (runs as lua5.4)
 	if lxc_running; then
-		if lxc_exec pgrep prosody >/dev/null 2>&1; then
+		if lxc_exec pgrep -f "lua.*prosody" >/dev/null 2>&1; then
 			echo "[OK] Prosody process running"
 		else
 			echo "[FAIL] Prosody process not running"
@@ -606,7 +609,7 @@ cmd_status() {
 
 		lxc_running && running=1
 		if [ "$running" = "1" ]; then
-			lxc_exec pgrep prosody >/dev/null 2>&1 && prosody_proc=1
+			lxc_exec pgrep -f "lua.*prosody" >/dev/null 2>&1 && prosody_proc=1
 			user_count=$(lxc_exec find /var/lib/prosody -name "*.dat" -path "*accounts*" 2>/dev/null | wc -l)
 		fi
 
@@ -652,7 +655,7 @@ EOF
 		lxc-info -n "$LXC_NAME" | grep -E "PID|Memory" | sed 's/^/  /'
 		echo ""
 		echo "Services:"
-		lxc_exec pgrep prosody >/dev/null 2>&1 && echo "  Prosody:      UP" || echo "  Prosody:      DOWN"
+		lxc_exec pgrep -f "lua.*prosody" >/dev/null 2>&1 && echo "  Prosody:      UP" || echo "  Prosody:      DOWN"
 
 		# User count
 		local users=$(lxc_exec find /var/lib/prosody -name "*.dat" -path "*accounts*" 2>/dev/null | wc -l)