aboutsummaryrefslogtreecommitdiffstats
path: root/articles/ejabberd.md
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--articles/ejabberd.md60
1 files changed, 40 insertions, 20 deletions
diff --git a/articles/ejabberd.md b/articles/ejabberd.md
index a828cd1..51a733a 100644
--- a/articles/ejabberd.md
+++ b/articles/ejabberd.md
@@ -19,8 +19,8 @@ checklist!:
- [ ] open firewall ports
- [ ] set up web server
- [ ] get ssl certificates
-- [ ] set up postgres database
- [ ] install ejabberd
+- [ ] set up postgres database
- [ ] write/edit configuration
- [ ] start service
- [ ] create admin user
@@ -111,25 +111,21 @@ you need to:
you can technically avoid using something like nginx + certbot, and use the built-in [ejabberd acme module](https://docs.ejabberd.im/admin/configuration/basic/#acme), thereby skipping this, but i am assuming you may also want to host other web services on your system, in which case you would want to reverse proxy each http service to a single https web service.
-## step 4: set up postgres database
-
-we will be creating a separate database for each virtualhost, as i feel this makes things clearer, and also it easier to migrate individual virtualhosts in the future. however, there is also now the ability to only have one, as described [here](https://docs.ejabberd.im/admin/configuration/database/#default-and-new-schemas).
-
-you should follow standard postgresql installation instructions for your OS. at the time of writing, the database driver for ejabberd does [not support](https://github.com/processone/p1_pgsql/issues/6) `scram-sha-256`, so you will need to [set](https://www.postgresql.org/docs/16/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION) `password_encryption = 'md5'` in your `postgresql.conf` file.
+## step 4: install ejabberd
-once this has been done, you should connect to your database as an admin and:
+now you should finally install the [system package](https://docs.ejabberd.im/admin/installation/#operating-system-packages). make sure that your build has postgresql support.
-1. create an ejabberd database user with `CREATE USER ejabberd WITH PASSWORD 'your_password';`. don't forget to change the password.
-2. create a database for your virtualhost with `CREATE DATABASE ejabberd_example OWNER ejabberd;`. replace `example` with something corresponding to your virtualhost.
-3. import the database schema from github with the command `su -c "curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | psql ejabberd_example" ejabberd` (once again replace `example`).
+make sure that the file `/etc/ejabberd/ejabberd.yml` exists, and of course, is readable by the user that runs ejabberd (almost definitely `ejabberd`), by, if necessary, copying over the example `ejabberd.yml` or `wget`/`curl`ing it from the [github repo](https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example). if you are getting it from the repo, make sure the version corresponds to the version of ejabberd packaged by your os.
-note down the postgres ejabberd user password.
+## step 5: set up postgres database
-## step 5: install ejabberd
+we will be creating a separate database for each virtualhost, as i feel this makes things clearer, and also it easier to migrate individual virtualhosts in the future. however, there is also now the ability to only have one, as described [here](https://docs.ejabberd.im/admin/configuration/database/#default-and-new-schemas).
-now you should finally install the [system package](https://docs.ejabberd.im/admin/installation/#operating-system-packages). make sure that your build has postgresql support.
+you should follow standard postgresql installation instructions for your OS. once this has been done, you should connect to your database as an admin and:
-make sure that the file `/etc/ejabberd/ejabberd.yml` exists, and of course, is readable by the user that runs ejabberd (almost definitely `ejabberd`), by, if necessary, copying over the example `ejabberd.yml` or `wget`/`curl`ing it from the [github repo](https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example). if you are getting it from the repo, make sure the version corresponds to the version of ejabberd packaged by your os.
+1. create an ejabberd database user with `CREATE USER ejabberd WITH PASSWORD 'your_password';`. don't forget to change the password, and note it down.
+2. create a database for your virtualhost with `CREATE DATABASE ejabberd_example OWNER ejabberd;`. replace `example` with something corresponding to your virtualhost.
+3. quit psql, and import the database schema from github with the command `curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | sudo -u ejabberd psql ejabberd_example` (once again replace `example`).
## step 6: ejabberd configuration
@@ -138,6 +134,14 @@ make sure that the file `/etc/ejabberd/ejabberd.yml` exists, and of course, is r
begin by replacing `localhost` under `hosts` with your virtualhost (e.g. `example.slay`), then list the certfiles you have obtained under `certfiles`.
+```
+hosts:
+ - example.slay
+
+certfiles:
+ - "/etc/ejabberd/certs/*/*"
+```
+
now set `default_db: sql` at the root level of the yaml file. this should be followed by `host_config` and the database configuration for your virtualhost, as shown below. customise each value to your setup.
```
@@ -183,7 +187,7 @@ listen:
max_stanza_size: 524288
```
-we will also be enabling the http server and the stun/turn server modules. make sure you have set `turn_ipv4_address` and `ip` to your server's ipv4 address.
+we will also be enabling the http server and the stun/turn server modules. make sure you have set `turn_ipv4_address` and `ip` to your server's ipv4 address. tls will be off for the http server as we are reverse proxying it through our web server.
```
-
@@ -238,7 +242,7 @@ access_rules:
next, we will be adding some modules under `modules` and changing some settings.
-add abuse addresses under `mod_disco`:
+add abuse addresses under `mod_disco`. you can also add other contact addresses according to [XEP-0157](https://xmpp.org/extensions/xep-0157.html):
```
modules:
@@ -342,7 +346,7 @@ make sure that you set the host to your muc subdomain, otherwise it will attempt
"Access-Control-Allow-Headers": "Content-Type"
```
-create the folder for the `docroot`, and make sure it is owned by the `ejabberd` user.
+create the folder for the `docroot`, and make sure it is owned by the `ejabberd` user. you can also change `max_size` (the max upload size) to whatever you prefer.
### pubsub:
@@ -362,9 +366,9 @@ create the folder for the `docroot`, and make sure it is owned by the `ejabberd`
start the ejabberd server!
-use `su -c "ejabberdctl register admin example.slay password" ejabberd` to register `admin@example.slay` with the password `password`.
+use `sudo -u ejabberd ejabberdctl register admin example.slay password` to register `admin@example.slay` with the password `password`.
-once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config.
+there is a compliance tester at [compliance.conversations.im](https://compliance.conversations.im) if you wish to test your server. once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config.
there will be an admin page accessible at [https://example.slay/xmpp/admin](https://example.slay/xmpp/admin).
@@ -376,7 +380,23 @@ there will be an admin page accessible at [https://example.slay/xmpp/admin](http
## web client
-you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint.
+you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint, as so:
+
+```
+listen:
+ -
+ port: 5443
+ module: ejabberd_http
+ request_handlers:
+ /xmpp/bosh: mod_bosh
+ /xmpp/ws: ejabberd_http_ws
+ /chat: mod_conversejs
+
+modules:
+ mod_conversejs:
+ websocket_url: "ws://@HOST@/xmpp/ws"
+ bosh_service_url: "https://@HOST@/xmpp/bosh"
+```
## further virtualhosts?