![]() ![]() Operating system specific packages such as RPM and DEB files were not provided until ejabberd-15.06, so our existing instance was not installed with the RPM file but instead from the binary file, meaning there is no existing ejabberd RPM installed for us to simply upgrade. # reduces resource comsumption, but XEP incompliant # accesslog: "/var/log/ejabberd/access.log"Īccess_max_user_messages: max_user_offline_messages # Do not establish S2S connections with bad servers # To disable in-band registration, replace 'allow' with 'deny'. # In-band registration allows registration of any possible username. # Only accounts on the local ejabberd server can create Pubsub nodes: # All users are allowed to use the MUC service: # Only accounts of the local ejabberd server can create rooms: # Admins of this server are also admins of the MUC service: # Only admins can use the configuration interface: # Only admins can send announcement messages: # All S2S connections use the "fast" shaper # For C2S connections, all users except admins use the "normal" shaper # Only non-blocked users can use c2s connections: # This rule allows access only for local users: # Maximum number of offline messages that users can have: # Maximum number of simultaneous sessions allowed for a single user: # This option specifies the maximum number of elements in the queue S2s_ciphers: "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256ĭomain_certfile: "/etc/ejabberd/ejabberd-s2s.pem" S2s_certfile: "/etc/ejabberd/ejabberd-s2s.pem" !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" $ openssl s_client -connect 127.0.0.1:5222 -starttls xmpp ejabberd configurationĮjabberd v14 uses a yaml configuration file: (Note: the cipher lists are wrapped for readability) # =Ĭertfile: "/etc/ejabberd/ejabberd-c2s.pem"Ĭiphers: "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256ĮECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA $ openssl s_client -connect :5222 -starttls xmpp $ openssl s_client -connect 127.0.0.1:5269 -starttls xmpp $ openssl s_client -connect :5269 -starttls xmpp Use the IM Observatory page to verify the status of the server: # ejabberdctl register admin .nz PmBdEmu7krraQGVocLvniee3qa8oD7 Verify TLS support It is important to note that the erlang cookie file must be the same as the one used by the ejabberd process (which runs as 'ejabberd'): # cp /var/lib/ejabberd/.okie ~/.okie It can be constrained to a port range with the FIREWALL_WINDOW setting in ' /etc/ejabbers/ejabberdctl.cfg'.Ĭreate a master administrator account from the command line. This can be found in the epm with ' epmd -names'. If a cluster environment is setup then this must be accessable by cluster nodes.Ī high port number used for ejabberd for communication between nodes in a cluster environment. This needs to be publically accessable to allow incoming federated connections.Įrlang endpoint mapper. A tcpIn -p tcp -m tcp -dport 5280 -source fd0c:898b:471c/48 -m state -state NEW -j ACCEPT PortsĬlient to server communications. A tcpIn -p tcp -m tcp -dport 5280 -source 10.20.0.0/16 -m state -state NEW -j ACCEPTĪdd the following ipv6 firewall rules: # xmpp (client and server) A tcpOut -p tcp -m tcp -dport 5269 -m conntrack -ctstate NEW -j ACCEPT A tcpIn -p tcp -m tcp -dport 5269 -m conntrack -ctstate NEW -j ACCEPT A tcpIn -p tcp -m tcp -dport 5222 -m conntrack -ctstate NEW -j ACCEPT StartĮnable and start the systemd based service: # systemctl enable ejabberdĪdd the following ipv4 firewall rules: # xmpp (client and server) Install the EPEL repository and the ejabberd RPM: # rpm -Uvh Įdit ' /etc/ejaberd/ejabberd.yml' as required.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |