aboutsummaryrefslogtreecommitdiffstats
path: root/articles
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--articles/ejabberd.md60
1 files changed, 44 insertions, 16 deletions
diff --git a/articles/ejabberd.md b/articles/ejabberd.md
index 52b1047..b832f70 100644
--- a/articles/ejabberd.md
+++ b/articles/ejabberd.md
@@ -20,8 +20,10 @@ checklist!:
- [ ] get ssl certificates
- [ ] set up postgres database
- [ ] install ejabberd
-- [ ] write configuration
+- [ ] write/edit configuration
- [ ] start service
+- [ ] create admin user
+- [ ] change loglevel
</div>
@@ -36,7 +38,7 @@ you will need a records for:
- `upload.example.slay` (for http file upload)
- `pubsub.example.slay` (for the pubsub node)
- `proxy.example.slay` (for file transfer proxy)
-- `stun.example.slay` (for stun/turn)
+- `turn.example.slay` (for stun/turn)
each pointing to the ip address of your server that is going to run ejabberd. the last two are technically optional, but i would recommend them.
@@ -61,21 +63,21 @@ _xmpp-server._tcp.muc IN SRV 5 0 5269 example.slay.
_xmpps-server._tcp.muc IN SRV 5 0 5270 example.slay.
```
-for each of the subdomains (starting with muc). exclude `stun.example.slay`.
+for each of the subdomains (starting with muc). exclude `turn.example.slay`.
you will then have to add one last set of srv records for stun/turn.
```
-_stun._udp IN SRV 5 0 3478 stun.example.slay.
-_stun._tcp IN SRV 5 0 3478 stun.example.slay.
-_stuns._tcp IN SRV 5 0 5349 stun.example.slay.
+_stun._udp IN SRV 5 0 3478 turn.example.slay.
+_stun._tcp IN SRV 5 0 3478 turn.example.slay.
+_stuns._tcp IN SRV 5 0 5349 turn.example.slay.
-_turn._udp IN SRV 5 0 3478 stun.example.slay.
-_turn._tcp IN SRV 5 0 3478 stun.example.slay.
-_turns._tcp IN SRV 5 0 5349 stun.example.slay.
+_turn._udp IN SRV 5 0 3478 turn.example.slay.
+_turn._tcp IN SRV 5 0 3478 turn.example.slay.
+_turns._tcp IN SRV 5 0 5349 turn.example.slay.
```
-extra info: as a result of these records, you could technically play around with hosting xmpp on a server other than the one at `example.slay` (i.e. if you were splitting services across servers on one domain) by using the srv delegation. further info can be found at [XEP-0368](https://xmpp.org/extensions/xep-0368.html).
+extra info: as a result of these records, you could technically play around with hosting xmpp on a server other than the one at `example.slay` (i.e. if you were splitting services across servers on one domain) by using the srv delegation. further info can be found at [XEP-0368](https://xmpp.org/extensions/xep-0368.html).
## step 2: open your firewall ports
@@ -97,7 +99,7 @@ you need to:
- `upload.example.slay`
- `pubsub.example.slay`
- `proxy.example.slay`
- - `stun.example.slay`
+ - `turn.example.slay`
- proxypass http://127.0.0.1:5443 through to:
- https://example.slay/xmpp
- https://example.slay/.well-known/host-meta
@@ -216,7 +218,7 @@ we will also be enabling the http server and the stun/turn server modules. make
now set `s2s_use_starttls: required` at the root.
-at this point you can set up some ACLs. `acls` are just the access control lists, you can also set up `access_rules` corresponding to your needs, which will be what are passed to module settings. example:
+at this point you can set up some ACLs. `acls` are just the access control lists, you can also set up `access_rules` corresponding to your needs, which will be what are passed to module settings. you should at the minimum add an admin user. example:
```
acl:
@@ -284,13 +286,13 @@ add `mod_stun_disco` to advertise the stun service to clients, changing `0.0.0.0
transport: udp
restricted: true
-
- host: stun.example.slay
+ host: turn.example.slay
port: 5349
type: stuns
transport: tcp
restricted: false
-
- host: stun.example.slay
+ host: turn.example.slay
port: 5349
type: turns
transport: tcp
@@ -355,9 +357,15 @@ create the folder for the `docroot`, and make sure it is owned by the `ejabberd`
access_model: whitelist
```
-## step 7:
+## step 7: start server and create admin user
-start the ejabberd server! once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config.
+start the ejabberd server!
+
+use `su -c "ejabberdctl register admin example.slay password" ejabberd` to register `admin@example.slay` with the password `password`.
+
+once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config.
+
+there will be an admin page accessible at [https://example.slay/xmpp/admin](https://example.slay/xmpp/admin).
</div>
@@ -365,6 +373,10 @@ start the ejabberd server! once you are done and believe everything has been set
# extra goodies!
+## web client
+
+you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint.
+
## further virtualhosts?
for further virtualhosts you should create a new database for each, and add them to the database part of the config. e.g.:
@@ -465,3 +477,19 @@ append_host_config:
as you can see above, you may also want to disable access to certain services per virtualhost using ACLs, in order to e.g. prevent users on `example.slay` from creating MUCs on `muc.example.flop`.
+## separate turn server (coturn)
+
+in this case, change `mod_stun_disco` to this, and don't enable the `listen` opts for stun/turn. generate an auth secret and share it with your turn server instance.
+
+```
+ mod_stun_disco:
+ secret: "auth_secret"
+ services:
+ -
+ host: turn.example.slay
+ type: stun
+ -
+ host: turn.example.slay
+ type: turn
+```
+