From 1f501327706e8107cf57f6382e57261b6a10efc4 Mon Sep 17 00:00:00 2001 From: cel 🌸 Date: Sat, 16 Sep 2023 21:30:01 +0100 Subject: edit ejabberd article --- articles/ejabberd.md | 60 ++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 16 deletions(-) (limited to 'articles/ejabberd.md') diff --git a/articles/ejabberd.md b/articles/ejabberd.md index 52b1047..b832f70 100644 --- a/articles/ejabberd.md +++ b/articles/ejabberd.md @@ -20,8 +20,10 @@ checklist!: - [ ] get ssl certificates - [ ] set up postgres database - [ ] install ejabberd -- [ ] write configuration +- [ ] write/edit configuration - [ ] start service +- [ ] create admin user +- [ ] change loglevel @@ -36,7 +38,7 @@ you will need a records for: - `upload.example.slay` (for http file upload) - `pubsub.example.slay` (for the pubsub node) - `proxy.example.slay` (for file transfer proxy) -- `stun.example.slay` (for stun/turn) +- `turn.example.slay` (for stun/turn) each pointing to the ip address of your server that is going to run ejabberd. the last two are technically optional, but i would recommend them. @@ -61,21 +63,21 @@ _xmpp-server._tcp.muc IN SRV 5 0 5269 example.slay. _xmpps-server._tcp.muc IN SRV 5 0 5270 example.slay. ``` -for each of the subdomains (starting with muc). exclude `stun.example.slay`. +for each of the subdomains (starting with muc). exclude `turn.example.slay`. you will then have to add one last set of srv records for stun/turn. ``` -_stun._udp IN SRV 5 0 3478 stun.example.slay. -_stun._tcp IN SRV 5 0 3478 stun.example.slay. -_stuns._tcp IN SRV 5 0 5349 stun.example.slay. +_stun._udp IN SRV 5 0 3478 turn.example.slay. +_stun._tcp IN SRV 5 0 3478 turn.example.slay. +_stuns._tcp IN SRV 5 0 5349 turn.example.slay. -_turn._udp IN SRV 5 0 3478 stun.example.slay. -_turn._tcp IN SRV 5 0 3478 stun.example.slay. -_turns._tcp IN SRV 5 0 5349 stun.example.slay. +_turn._udp IN SRV 5 0 3478 turn.example.slay. +_turn._tcp IN SRV 5 0 3478 turn.example.slay. +_turns._tcp IN SRV 5 0 5349 turn.example.slay. ``` -extra info: as a result of these records, you could technically play around with hosting xmpp on a server other than the one at `example.slay` (i.e. if you were splitting services across servers on one domain) by using the srv delegation. further info can be found at [XEP-0368](https://xmpp.org/extensions/xep-0368.html). +extra info: as a result of these records, you could technically play around with hosting xmpp on a server other than the one at `example.slay` (i.e. if you were splitting services across servers on one domain) by using the srv delegation. further info can be found at [XEP-0368](https://xmpp.org/extensions/xep-0368.html). ## step 2: open your firewall ports @@ -97,7 +99,7 @@ you need to: - `upload.example.slay` - `pubsub.example.slay` - `proxy.example.slay` - - `stun.example.slay` + - `turn.example.slay` - proxypass http://127.0.0.1:5443 through to: - https://example.slay/xmpp - https://example.slay/.well-known/host-meta @@ -216,7 +218,7 @@ we will also be enabling the http server and the stun/turn server modules. make now set `s2s_use_starttls: required` at the root. -at this point you can set up some ACLs. `acls` are just the access control lists, you can also set up `access_rules` corresponding to your needs, which will be what are passed to module settings. example: +at this point you can set up some ACLs. `acls` are just the access control lists, you can also set up `access_rules` corresponding to your needs, which will be what are passed to module settings. you should at the minimum add an admin user. example: ``` acl: @@ -284,13 +286,13 @@ add `mod_stun_disco` to advertise the stun service to clients, changing `0.0.0.0 transport: udp restricted: true - - host: stun.example.slay + host: turn.example.slay port: 5349 type: stuns transport: tcp restricted: false - - host: stun.example.slay + host: turn.example.slay port: 5349 type: turns transport: tcp @@ -355,9 +357,15 @@ create the folder for the `docroot`, and make sure it is owned by the `ejabberd` access_model: whitelist ``` -## step 7: +## step 7: start server and create admin user -start the ejabberd server! once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config. +start the ejabberd server! + +use `su -c "ejabberdctl register admin example.slay password" ejabberd` to register `admin@example.slay` with the password `password`. + +once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config. + +there will be an admin page accessible at [https://example.slay/xmpp/admin](https://example.slay/xmpp/admin). @@ -365,6 +373,10 @@ start the ejabberd server! once you are done and believe everything has been set # extra goodies! +## web client + +you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint. + ## further virtualhosts? for further virtualhosts you should create a new database for each, and add them to the database part of the config. e.g.: @@ -465,3 +477,19 @@ append_host_config: as you can see above, you may also want to disable access to certain services per virtualhost using ACLs, in order to e.g. prevent users on `example.slay` from creating MUCs on `muc.example.flop`. +## separate turn server (coturn) + +in this case, change `mod_stun_disco` to this, and don't enable the `listen` opts for stun/turn. generate an auth secret and share it with your turn server instance. + +``` + mod_stun_disco: + secret: "auth_secret" + services: + - + host: turn.example.slay + type: stun + - + host: turn.example.slay + type: turn +``` + -- cgit