From 8c03d9a53f4bc2f70fb5c1e0487bc74fe0137fcb Mon Sep 17 00:00:00 2001 From: cel 🌸 Date: Sun, 17 Sep 2023 15:29:55 +0100 Subject: edit ejabberd article --- articles/ejabberd.md | 60 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 20 deletions(-) (limited to 'articles') diff --git a/articles/ejabberd.md b/articles/ejabberd.md index a828cd1..51a733a 100644 --- a/articles/ejabberd.md +++ b/articles/ejabberd.md @@ -19,8 +19,8 @@ checklist!: - [ ] open firewall ports - [ ] set up web server - [ ] get ssl certificates -- [ ] set up postgres database - [ ] install ejabberd +- [ ] set up postgres database - [ ] write/edit configuration - [ ] start service - [ ] create admin user @@ -111,25 +111,21 @@ you need to: you can technically avoid using something like nginx + certbot, and use the built-in [ejabberd acme module](https://docs.ejabberd.im/admin/configuration/basic/#acme), thereby skipping this, but i am assuming you may also want to host other web services on your system, in which case you would want to reverse proxy each http service to a single https web service. -## step 4: set up postgres database - -we will be creating a separate database for each virtualhost, as i feel this makes things clearer, and also it easier to migrate individual virtualhosts in the future. however, there is also now the ability to only have one, as described [here](https://docs.ejabberd.im/admin/configuration/database/#default-and-new-schemas). - -you should follow standard postgresql installation instructions for your OS. at the time of writing, the database driver for ejabberd does [not support](https://github.com/processone/p1_pgsql/issues/6) `scram-sha-256`, so you will need to [set](https://www.postgresql.org/docs/16/runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION) `password_encryption = 'md5'` in your `postgresql.conf` file. +## step 4: install ejabberd -once this has been done, you should connect to your database as an admin and: +now you should finally install the [system package](https://docs.ejabberd.im/admin/installation/#operating-system-packages). make sure that your build has postgresql support. -1. create an ejabberd database user with `CREATE USER ejabberd WITH PASSWORD 'your_password';`. don't forget to change the password. -2. create a database for your virtualhost with `CREATE DATABASE ejabberd_example OWNER ejabberd;`. replace `example` with something corresponding to your virtualhost. -3. import the database schema from github with the command `su -c "curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | psql ejabberd_example" ejabberd` (once again replace `example`). +make sure that the file `/etc/ejabberd/ejabberd.yml` exists, and of course, is readable by the user that runs ejabberd (almost definitely `ejabberd`), by, if necessary, copying over the example `ejabberd.yml` or `wget`/`curl`ing it from the [github repo](https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example). if you are getting it from the repo, make sure the version corresponds to the version of ejabberd packaged by your os. -note down the postgres ejabberd user password. +## step 5: set up postgres database -## step 5: install ejabberd +we will be creating a separate database for each virtualhost, as i feel this makes things clearer, and also it easier to migrate individual virtualhosts in the future. however, there is also now the ability to only have one, as described [here](https://docs.ejabberd.im/admin/configuration/database/#default-and-new-schemas). -now you should finally install the [system package](https://docs.ejabberd.im/admin/installation/#operating-system-packages). make sure that your build has postgresql support. +you should follow standard postgresql installation instructions for your OS. once this has been done, you should connect to your database as an admin and: -make sure that the file `/etc/ejabberd/ejabberd.yml` exists, and of course, is readable by the user that runs ejabberd (almost definitely `ejabberd`), by, if necessary, copying over the example `ejabberd.yml` or `wget`/`curl`ing it from the [github repo](https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example). if you are getting it from the repo, make sure the version corresponds to the version of ejabberd packaged by your os. +1. create an ejabberd database user with `CREATE USER ejabberd WITH PASSWORD 'your_password';`. don't forget to change the password, and note it down. +2. create a database for your virtualhost with `CREATE DATABASE ejabberd_example OWNER ejabberd;`. replace `example` with something corresponding to your virtualhost. +3. quit psql, and import the database schema from github with the command `curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | sudo -u ejabberd psql ejabberd_example` (once again replace `example`). ## step 6: ejabberd configuration @@ -138,6 +134,14 @@ make sure that the file `/etc/ejabberd/ejabberd.yml` exists, and of course, is r begin by replacing `localhost` under `hosts` with your virtualhost (e.g. `example.slay`), then list the certfiles you have obtained under `certfiles`. +``` +hosts: + - example.slay + +certfiles: + - "/etc/ejabberd/certs/*/*" +``` + now set `default_db: sql` at the root level of the yaml file. this should be followed by `host_config` and the database configuration for your virtualhost, as shown below. customise each value to your setup. ``` @@ -183,7 +187,7 @@ listen: max_stanza_size: 524288 ``` -we will also be enabling the http server and the stun/turn server modules. make sure you have set `turn_ipv4_address` and `ip` to your server's ipv4 address. +we will also be enabling the http server and the stun/turn server modules. make sure you have set `turn_ipv4_address` and `ip` to your server's ipv4 address. tls will be off for the http server as we are reverse proxying it through our web server. ``` - @@ -238,7 +242,7 @@ access_rules: next, we will be adding some modules under `modules` and changing some settings. -add abuse addresses under `mod_disco`: +add abuse addresses under `mod_disco`. you can also add other contact addresses according to [XEP-0157](https://xmpp.org/extensions/xep-0157.html): ``` modules: @@ -342,7 +346,7 @@ make sure that you set the host to your muc subdomain, otherwise it will attempt "Access-Control-Allow-Headers": "Content-Type" ``` -create the folder for the `docroot`, and make sure it is owned by the `ejabberd` user. +create the folder for the `docroot`, and make sure it is owned by the `ejabberd` user. you can also change `max_size` (the max upload size) to whatever you prefer. ### pubsub: @@ -362,9 +366,9 @@ create the folder for the `docroot`, and make sure it is owned by the `ejabberd` start the ejabberd server! -use `su -c "ejabberdctl register admin example.slay password" ejabberd` to register `admin@example.slay` with the password `password`. +use `sudo -u ejabberd ejabberdctl register admin example.slay password` to register `admin@example.slay` with the password `password`. -once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config. +there is a compliance tester at [compliance.conversations.im](https://compliance.conversations.im) if you wish to test your server. once you are done and believe everything has been set up correctly, you can optionally change the [`loglevel`](https://docs.ejabberd.im/admin/configuration/toplevel/#loglevel) at the root of the config. there will be an admin page accessible at [https://example.slay/xmpp/admin](https://example.slay/xmpp/admin). @@ -376,7 +380,23 @@ there will be an admin page accessible at [https://example.slay/xmpp/admin](http ## web client -you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint. +you can set up conversejs using [`mod_conversejs`](https://docs.ejabberd.im/admin/configuration/modules/#mod-conversejs). you will also need to possibly update your web server config to proxy the new endpoint, as so: + +``` +listen: + - + port: 5443 + module: ejabberd_http + request_handlers: + /xmpp/bosh: mod_bosh + /xmpp/ws: ejabberd_http_ws + /chat: mod_conversejs + +modules: + mod_conversejs: + websocket_url: "ws://@HOST@/xmpp/ws" + bosh_service_url: "https://@HOST@/xmpp/bosh" +``` ## further virtualhosts? -- cgit