Linux ejabberd

From John Freier
Jump to: navigation, search

ejabberd is an open source platform built on Jabber/XMPP.

XMPP (Extensible Messaging and Presence Protocol)

https://github.com/processone/ejabberd

ejabberd does not store messages on the server. There are mods available to do this called Message Archive Management (aka MAM).

Offline messages there is a mod to store these messages, mod_offline.

Install

OSX - I just downloaded the installer and app.

Fedora 

 # yum install ejabberd

Startup

To start, stop, status, restart 

 # ejabberdctl start

There is no auto startup script for ejabberd for Fedora if you google around you can find one.

Config

Host - Updated the host to include my domain. 

 {hosts, ["localhost", "johnfreier.com"]}.

Turned off the web admin interface 

 %%web_admin

Turned off user registration. Switch 'allow' to 'deny'. You will need to register users before turning this off. 

 {access, register, [{deny, all}]}.

TTLS - I needed to enable TTLS to be able to communicate between servers. To get this working correctly I also needed to uncomment out the pem cert. 

 {s2s_use_starttls, true}.
  
 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}

Added my user to the list of admin users. 

 {acl, admin, {user, "myusername", "johnfreier.com"}}.


Register an account CLI

This is how you register an account. 

 # ejabberdctl register myuser johnfreier.com password


File Locations

Configs 

 /etc/ejabberd/*

Logs 

 /var/log/ejabberd/*

Web Admin URL

If you choose to use the web admin interface.

http://yourdomain:5280/admin/

Ports

When ejabber is started by default it opens the following ports from nmap. 

 5222/tcp open     xmpp-client
 5269/tcp open     xmpp-server
 5280/tcp open     xmpp-bosh

5222 - standard port for clients to connect to. 5269 - standard port for servers to connect to. 5280 - is the same port as the web admin interface but when the webadmin interface is disabled this is still open??

After reading I heard about these ports. 

 4369 - I believe this port is used for the ./ejabberctl to talk to the server.

Might want to block port 4369 and 5280. 

# iptables -I INPUT ! -i lo -p tcp --dport 4369 -j DROP
# iptables -A INPUT -p tcp --dport 5280 -j DROP

The first line will block all but localhost because 4369 is needed for localhost only

Server 2 Server (S2S)

This is a feature that allows servers to talk to other servers.

Config properties that prefix with s2s_* are configurations with Server 2 Server.

To disable this feature look for and comment out. 

 ejabberd_s2s_in

Setup SSL (StartSSL)

  • Attempt not yet verified.

Created a Free account at https://www.startssl.com and register the domain name. Follow the instructions it will ask to run an openSSL command. 

 example.key
 example.csr

Download the zip it offers. 

 1_Intermeditate.crt
 2_example.com.crt
 root.crt

Concatenated them to create a PEM 

 # cat 2_example.com.crt example.key root.crt >ejabberd.pem

Chmod the file 

 # chmod 400 ejabberd.pem

Remove the password prompt from the key. 

 # openssl rsa -in ejabberd.pem -out newejabberd.pem
 # openssl x509 -in ejabberd.pem >>newejabberd.pem

Copy the pem 

 # cp ./newejabberd.pem /etc/ejabberd/ejabberd.pem

Uncomment config file 

 {5222, ejabberd_c2s, [
                       {certfile, "/etc/ejabberd/ejabberd.pem"}, starttls,
                       {access, c2s},
                       {shaper, c2s_shaper},
                       {max_stanza_size, 65536}
                      ]},

 {s2s_use_starttls, true}.

 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.

Restart 

 # ejabberdctl restart

Resource 

 http://hyperstruct.net/2007/06/20/installing-the-startcom-ssl-certificate-in-ejabberd/

Setup SSL (Custom)

  • This way will alert when connecting that the certificate cannot be validated.

Generate Key Pair 

 # openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem

you will be prompted for a passphrase and a bunch of questions.

Common Name is the domain name.

Remove the passphrase 

 # openssl rsa -in privkey.pem -out privkey.pem

Combine the Private and Public Key 

 # cat privkey.pem >> server.pem

Move Key 

 # mv server.pem /usr/local/etc/jabberd/server.pem

Set Permissions 

 # chmod 640 /usr/local/etc/jabberd/server.pem

Resource 

 http://www.jabberdoc.org/app_sslkey.html

Resources

http://michael-prokop.at/blog/2007/07/27/setting-up-your-own-jabber-server-ejabberd/ https://www.digitalocean.com/community/tutorials/how-to-install-ejabberd-xmpp-server-on-ubuntu https://docs.ejabberd.im/admin/guide/installation/ http://louwrentius.com/setting-up-a-jabber-instant-messaging-server-_http-title-site-doesnt-have-a-title-texthtml-charsetutf-8.html

Retrieved from "http://wiki.johnfreier.com/index.php?title=Linux_ejabberd&oldid=788"