diff options
Diffstat (limited to 'articles')
| -rw-r--r-- | articles/ejabberd.md | 60 | 
1 files changed, 44 insertions, 16 deletions
| diff --git a/articles/ejabberd.md b/articles/ejabberd.md index 52b1047..b832f70 100644 --- a/articles/ejabberd.md +++ b/articles/ejabberd.md @@ -20,8 +20,10 @@ checklist!:  - [ ] get ssl certificates  - [ ] set up postgres database  - [ ] install ejabberd -- [ ] write configuration +- [ ] write/edit configuration  - [ ] start service +- [ ] create admin user +- [ ] change loglevel  </div> @@ -36,7 +38,7 @@ you will need a records for:  - `upload.example.slay` (for http file upload)  - `pubsub.example.slay` (for the pubsub node)  - `proxy.example.slay` (for file transfer proxy) -- `stun.example.slay` (for stun/turn) +- `turn.example.slay` (for stun/turn)  each pointing to the ip address of your server that is going to run ejabberd. the last two are technically optional, but i would recommend them. @@ -61,21 +63,21 @@ _xmpp-server._tcp.muc   IN SRV  5 0 5269 example.slay.  _xmpps-server._tcp.muc  IN SRV  5 0 5270 example.slay.  ``` -for each of the subdomains (starting with muc). exclude `stun.example.slay`. +for each of the subdomains (starting with muc). exclude `turn.example.slay`.  you will then have to add one last set of srv records for stun/turn.  ``` -_stun._udp   IN SRV  5 0 3478 stun.example.slay. -_stun._tcp   IN SRV  5 0 3478 stun.example.slay. -_stuns._tcp  IN SRV  5 0 5349 stun.example.slay. +_stun._udp   IN SRV  5 0 3478 turn.example.slay. +_stun._tcp   IN SRV  5 0 3478 turn.example.slay. +_stuns._tcp  IN SRV  5 0 5349 turn.example.slay. -_turn._udp   IN SRV  5 0 3478 stun.example.slay. -_turn._tcp   IN SRV  5 0 3478 stun.example.slay. -_turns._tcp  IN SRV  5 0 5349 stun.example.slay. +_turn._udp   IN SRV  5 0 3478 turn.example.slay. +_turn._tcp   IN SRV  5 0 3478 turn.example.slay. +_turns._tcp  IN SRV  5 0 5349 turn.example.slay.  ``` -extra info: as a result of these records, you could technically play around with hosting xmpp on a server other than the one at `example.slay` (i.e. if you were splitting services across servers on one domain) by using the srv delegation. further info can be found at [XEP-0368](https://xmpp.org/extensions/xep-0368.html). +extra info: as a result of these records, you could technically play around with hosting xmpp on a server other than the one at `example.slay` (i.e. if you were splitting services across servers on one domain) by using the srv delegation. further info can be found at [XEP-0368](https://xmpp.org/extensions/xep-0368.html).   ## step 2: open your firewall ports @@ -97,7 +99,7 @@ you need to:    - `upload.example.slay`    - `pubsub.example.slay`    - `proxy.example.slay` -  - `stun.example.slay` +  - `turn.example.slay`  - proxypass http://127.0.0.1:5443 through to:    - https://example.slay/xmpp    - https://example.slay/.well-known/host-meta @@ -216,7 +218,7 @@ we will also be enabling the http server and the stun/turn server modules. make  now set `s2s_use_starttls: required` at the root. -at this point you can set up some ACLs. `acls` are just the access control lists, you can also set up `access_rules` corresponding to your needs, which will be what are passed to module settings. example: +at this point you can set up some ACLs. `acls` are just the access control lists, you can also set up `access_rules` corresponding to your needs, which will be what are passed to module settings. you should at the minimum add an admin user. example:  ```  acl: @@ -284,13 +286,13 @@ add `mod_stun_disco` to advertise the stun service to clients, changing `0.0.0.0            transport: udp            restricted: true          - -          host: stun.example.slay +          host: turn.example.slay            port: 5349            type: stuns            transport: tcp            restricted: false          - -          host: stun.example.slay +          host: turn.example.slay            port: 5349            type: turns            transport: tcp @@ -355,9 +357,15 @@ create the folder for the `docroot`, and make sure it is owned by the `ejabberd`          access_model: whitelist  ``` -## step 7: +## step 7: start server and create admin user  -start the ejabberd server! once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config. +start the ejabberd server!  + +use `su -c "ejabberdctl register admin example.slay password" ejabberd` to register `admin@example.slay` with the password `password`. + +once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config. + +there will be an admin page accessible at [https://example.slay/xmpp/admin](https://example.slay/xmpp/admin).  </div> @@ -365,6 +373,10 @@ start the ejabberd server! once you are done and believe everything has been set  # extra goodies! +## web client + +you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint. +  ## further virtualhosts?  for further virtualhosts you should create a new database for each, and add them to the database part of the config. e.g.: @@ -465,3 +477,19 @@ append_host_config:  as you can see above, you may also want to disable access to certain services per virtualhost using ACLs, in order to e.g. prevent users on `example.slay` from creating MUCs on `muc.example.flop`. +## separate turn server (coturn) + +in this case, change `mod_stun_disco` to this, and don't enable the `listen` opts for stun/turn. generate an auth secret and share it with your turn server instance. + +```  +  mod_stun_disco: +    secret: "auth_secret" +    services: +      - +        host: turn.example.slay +        type: stun +      - +        host: turn.example.slay +        type: turn +``` + | 
