Ejabberd: Configuration

Cyril Peponnet edited this page Mar 16, 2016 · 33 revisions

Configuration

Ejabberd dropped their erlang configuration file format for a better readable yaml configuration file. Although this is still compatible with the old format, we will no longer provide default configuration file erlang format.

Important note: If you can't start ejabberd with this config file, this is mainly because something is wrong with your module installation, and Archipel will certainly not work. Go back to how to install ejabberd]

This sample file contains the ejabberd configuration needed for Archipel. It is not ready for production, but allows you to quickly start playing with Archipel.

WARING: In the next section we assume that configuration files are stored under /etc/ejabberd/ (if you have only done the default binary installation the files will be located under /opt/ejabberd/conf)

ejabberd YAML configuration

Important note: Ejabberd will take by default any erlang configuration file present in the configuration directory. Be sure to rename or delete it.

###
###             ejabberd configuration file
###         Archipel Sample default condiguration

###     =========
###     DEBUGGING

# Increase this if you want sone insane erlang debug
loglevel: 3

###     ================
###     SERVED HOSTNAMES

# Change it for you FQDN
hosts:
    - "FQDN"

###     ===============
###     LISTENING PORTS

listen:
    -
      #it's a good idea to put xmlrpc behing a reverse proxy
      #because you can't use tls directly, make it listen to localhost
      #ip : "127.0.0.1"
      # and read the Security section on the wiki
      port: 4560
      module: ejabberd_xmlrpc
      access_commands:
            xmlrpcaccess:
                all : []

## ejabberd c2s
    -
      port: 5222
      module: ejabberd_c2s
      ##
      ## If you installed a SSL
      ## certificate, specify the full path to the
      ## file and uncomment this line:
      ##
      ## certfile: "/etc/ejabberd/ejabberd.pem"
      ## starttls: true
      max_stanza_size: 65536000
      shaper: c2s_shaper
      access: c2s

## ejabbed s2s
    -
      port: 5269
      module: ejabberd_s2s_in
      max_stanza_size: 65536000

## ejabberd http/s and websocket/s
    -
      port: 5280
      module: ejabberd_http
      request_handlers:
        "/xmpp": ejabberd_http_ws
      # if you want to use starttls with websock
      # the URI will be wss://
      # please be sure that the certificate belong
      # to a trusted AC in your browser
      # certfile: "/etc/ejabberd/ejabberd.pem"
      # tls: true
      web_admin: true
      http_bind: true

###     ===
###     S2S
s2s_access: Access
s2s_use_starttls: optional
#s2s_certfile: "/etc/ejabberd/ejabberd.pem"

## domain_certfile: Specify a different certificate for each served hostname.
##
## host_config:
##   "example.org":
##     domain_certfile: "/path/to/example_org.pem"
##   "example.com":
##     domain_certfile: "/path/to/example_com.pem"

###     ==============
###     AUTHENTICATION

auth_method: internal

###     ===============
###     TRAFFIC SHAPERS

shaper:
  # in B/s
  normal: 1000
  fast: 50000000

###     ====================
###     ACCESS CONTROL LISTS

acl:
    admin:
        user:
            - "admin": "FQDN"
    local:
        user_regexp: ""


###     ============
###     ACCESS RULES

access:
    max_user_sessions:
        all: 10
    local:
        local: allow
    c2s:
        blocked: deny
        all: allow
    c2s_shaper:
        admin: none
        all: fast
    s2s_shaper:
        all: fast
    s2s_access:
        all: allow
    announce:
        admin: allow
    configure:
        admin: allow
    muc_admin:
        admin: allow
    muc_create:
        local: allow
    muc:
        all: allow
    pubsub_createnode:
        all: allow
    register:
        all: allow
    xmlrpcaccess:
        admin : allow

### Frequency of account registration
registration_timeout: infinity

###     ================
###     DEFAULT LANGUAGE

language: "en"

###     =======
###     MODULES

modules:
    mod_adhoc: []
    mod_announce:
        access: announce
    mod_caps: []
    mod_configure: []
    mod_disco: []
    mod_http_bind:
        max_inactivity: 400 # timeout valie for BOSH usefull for a large number of VM
    mod_irc: []
    mod_last: []
    mod_muc:
        access: muc
        access_create: muc_create
        access_persistent: muc_create
        access_admin: muc_admin
    mod_offline: []
    mod_privacy: []
    mod_private: []
    mod_pubsub:
        access_createnode: pubsub_createnode
        ignore_pep_from_offline: true
        last_item_cache: false
        max_items_node: 1000
        plugins:
            - "flat"
            - "hometree"
            - "pep"
    mod_ping:
        send_pings: true
        ping_interval: 60
        ping_ack_timeout: 30
        timeout_action: kill
    mod_register:
        access: register
    mod_roster: []
    mod_shared_roster: []
    mod_time: []
    mod_vcard: []
    mod_version: []
    mod_admin_extra: []

Note you have to replace all FQDN by your accessible fully qualified domain name manually or with:

sed -i 's/FQDN/your.fqnd.com/' /etc/ejabberd/ejabberd.yaml

If you have not access to a DNS, you need to add in all the /etc/hosts files of your platform:

X.X.X.X    your.fqdn.com

Generate your self-signed certificate if you don't have any.

Important note: Be sure to enter your FQDN when asked for "Common Name (e.g. server FQDN or YOUR name)".

openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout /etc/ejabberd/privkey.pem -out /etc/ejabberd/ejabberd.pem
openssl rsa -in /etc/ejabberd/privkey.pem -out /etc/ejabberd/privkey.pem
cat /etc/ejabberd/privkey.pem >> /etc/ejabberd/ejabberd.pem
rm /etc/ejabberd/privkey.pem

Start Ejabberd

For modern linux distros

On every system ejabberdctl is used for controlling the already running ejabberd process. The proper way to start ejabberd under linux is to use the service manager (often run as root):

service ejabberd start

Depending on the distro this could rely to your old felow init.d or brand new buddy systemd.

Stopping and restarting follow the same method.

You can check that ejabberd is started and working with (often run as root):

ejabberdctl status
> The node ejabberd@FQDN is started with status: started
>ejabberd 15.07 is running in that node

Failed RPC connection troubles

If you are getting Failed RPC connection to the node ejabberd@localhost: nodedown, modify your /etc/ejabberd/ejabberdctl.conf:

ERLANG_NODE=ejabberd@FQDN

Note : ejabberdctl command will try to reach the epmd daemon listening to localhost as defined in /etc/ejabberd/ejabberdctl.conf by default.

#.
#' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes
#
# This communication is used by ejabberdctl command line tool,
# and in a cluster of several ejabberd nodes.
#
# Default: 127.0.0.1
#
#INET_DIST_INTERFACE=127.0.0.1

So the command first tries to resolve hostname via inet:gethostbyname, and gets hosts FQDN and public IP via dns (since /etc/resolv.conf have "search" line). Then it tries to connect to epmd port on that public IP, but as epmd is listening only on 127.0.0.1 it will failed.

In this case, you will have to add an entry to your /etc/hosts file :

127.0.0.1    FQDN ShortName

example :

127.0.0.1    archipel.local archipel

It is not recommended to make the epmd daemon listening on 0.0.0.0 (or don't forget to add iptables rules).

Continue Archipel installation

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.