Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

404 Could not initialize OMEMO support #2653

Closed
JLueke opened this issue Feb 29, 2020 · 6 comments
Closed

404 Could not initialize OMEMO support #2653

JLueke opened this issue Feb 29, 2020 · 6 comments
Assignees
Labels
community Non ESL issues and PRs

Comments

@JLueke
Copy link

JLueke commented Feb 29, 2020

MongooseIM version: 3.6.2
Installed from: using the docker image
docker run -d -t -h mongooseim-1 --name mongooseim-1 -p 5222:5222 -p 5280:5280 -v $(pwd)/mongooseim-1:/member mongooseim/mongooseim:3.6.2
Where the folder mongooseim-1 only contains a slightly modified mongooseim.cfg (see comment below).
Erlang/OTP version: ?

My goal is to use encrypted chats with Converse JS and MongooseIM.

When I login a user with Converse JS, it tries to initialize OMEMO support but following error is shown in the browser console.

ERROR: <iq xmlns="jabber:client" from="alice@localhost" to="alice@localhost/converse.js-94611691" id="ebf5b37f-abe0-4834-9bd7-626285b25677:sendIQ" type="error"><error code="404" type="cancel"><item-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/></error><pubsub xmlns="http://jabber.org/protocol/pubsub"><items node="eu.siacs.conversations.axolotl.devicelist"/></pubsub></iq>

I've followed the Getting Started guide (with the exception that I used the docker image) and used the example config for mod_pubsub (without rdbms as backend).

@JLueke
Copy link
Author

JLueke commented Feb 29, 2020

I've already had a look at #2215 (tested with the provided config there) but I wasn't able to get it to work.

@JLueke
Copy link
Author

JLueke commented Feb 29, 2020

My current configuration for mongooseim.cfg is

%%%
%%%               ejabberd configuration file
%%%
%%%'

%%% The parameters used in this configuration file are explained in more detail
%%% in the ejabberd Installation and Operation Guide.
%%% Please consult the Guide in case of doubts, it is included with
%%% your copy of ejabberd, and is also available online at
%%% http://www.process-one.net/en/ejabberd/docs/

%%% This configuration file contains Erlang terms.
%%% In case you want to understand the syntax, here are the concepts:
%%%
%%%  - The character to comment a line is %
%%%
%%%  - Each term ends in a dot, for example:
%%%      override_global.
%%%
%%%  - A tuple has a fixed definition, its elements are
%%%    enclosed in {}, and separated with commas:
%%%      {loglevel, 4}.
%%%
%%%  - A list can have as many elements as you want,
%%%    and is enclosed in [], for example:
%%%      [http_poll, web_admin, tls]
%%%
%%%    Pay attention that list elements are delimited with commas,
%%%    but no comma is allowed after the last list element. This will
%%%    give a syntax error unlike in more lenient languages (e.g. Python).
%%%
%%%  - A keyword of ejabberd is a word in lowercase.
%%%    Strings are enclosed in "" and can contain spaces, dots, ...
%%%      {language, "en"}.
%%%      {ldap_rootdn, "dc=example,dc=com"}.
%%%
%%%  - This term includes a tuple, a keyword, a list, and two strings:
%%%      {hosts, ["jabber.example.net", "im.example.com"]}.
%%%
%%%  - This config is preprocessed during release generation by a tool which
%%%    interprets double curly braces as substitution markers, so avoid this
%%%    syntax in this file (though it's valid Erlang).
%%%
%%%    So this is OK (though arguably looks quite ugly):
%%%      { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
%%%
%%%    And I can't give an example of what's not OK exactly because
%%%    of this rule.
%%%


%%%.   =======================
%%%'   OVERRIDE STORED OPTIONS

%%
%% Override the old values stored in the database.
%%

%%
%% Override global options (shared by all ejabberd nodes in a cluster).
%%
%%override_global.

%%
%% Override local options (specific for this particular ejabberd node).
%%
%%override_local.

%%
%% Remove the Access Control Lists before new ones are added.
%%
%%override_acls.

%%%.   =========
%%%'   DEBUGGING

%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 4}.

%%%.   ================
%%%'   SERVED HOSTNAMES

%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
{hosts, ["localhost"] }.

%%
%% route_subdomains: Delegate subdomains to other XMPP servers.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with an XMPP server called im.example.org.
%%
%%{route_subdomains, s2s}.


%%%.   ===============
%%%'   LISTENING PORTS

%%
%% listen: The ports ejabberd will listen on, which service each is handled
%% by and what options to start it with.
%%
{listen,
 [
  %% BOSH and WS endpoints over HTTP
  { 5280, ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {modules, [

          {"_", "/http-bind", mod_bosh},
          {"_", "/ws-xmpp", mod_websockets, [{ejabberd_service, [
                                        {access, all},
                                        {shaper_rule, fast},
                                        {ip, {127, 0, 0, 1}},
                                        {password, "secret"}]}
          %% Uncomment to enable connection dropping or/and server-side pings
          %{timeout, 600000}, {ping_rate, 2000}
          ]}
          %% Uncomment to serve static files
          %{"_", "/static/[...]", cowboy_static,
          %  {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
          %},

          %% Example usage of mod_revproxy

          %% {"_", "/[...]", mod_revproxy, [{timeout, 5000},
          %%                                % time limit for upstream to respond
          %%                                {body_length, 8000000},
          %%                                % maximum body size (may be infinity)
          %%                                {custom_headers, [{<<"header">>,<<"value">>}]}
          %%                                % list of extra headers that are send to upstream
          %%                               ]}

          %% Example usage of mod_cowboy

          %% {"_", "/[...]", mod_cowboy, [{http, mod_revproxy,
          %%                                [{timeout, 5000},
          %%                                 % time limit for upstream to respond
          %%                                 {body_length, 8000000},
          %%                                 % maximum body size (may be infinity)
          %%                                 {custom_headers, [{<<"header">>,<<"value">>}]}
          %%                                 % list of extra headers that are send to upstream
          %%                                ]},
          %%                               {ws, xmpp, mod_websockets}
          %%                             ]}
      ]}
  ]},

  %% BOSH and WS endpoints over HTTPS
  { 5285, ejabberd_cowboy, [
        {num_acceptors, 10},
        {transport_options, [{max_connections, 1024}]},
        {ssl, [{certfile, "priv/ssl/fake_cert.pem"}, {keyfile, "priv/ssl/fake_key.pem"}, {password, ""}]},
        {modules, [
            {"_", "/http-bind", mod_bosh},
            {"_", "/ws-xmpp", mod_websockets, [
            %% Uncomment to enable connection dropping or/and server-side pings
            %{timeout, 600000}, {ping_rate, 60000}
            ]}
            %% Uncomment to serve static files
            %{"_", "/static/[...]", cowboy_static,
            %  {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
            %},
        ]}
    ]},

  %% MongooseIM HTTP API it's important to start it on localhost
  %% or some private interface only (not accessible from the outside)
  %% At least start it on different port which will be hidden behind firewall

  { {8088, "127.0.0.1"} , ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {modules, [
          {"localhost", "/api", mongoose_api_admin, []}
      ]}
  ]},

  { 8089 , ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {protocol_options, [{compress, true}]},
      {ssl, [{certfile, "priv/ssl/fake_cert.pem"}, {keyfile, "priv/ssl/fake_key.pem"}, {password, ""}]},
      {modules, [
          {"_", "/api/sse", lasse_handler, [mongoose_client_api_sse]},
          {"_", "/api/messages/[:with]", mongoose_client_api_messages, []},
          {"_", "/api/contacts/[:jid]", mongoose_client_api_contacts, []},
          {"_", "/api/rooms/[:id]",    mongoose_client_api_rooms, []},
          {"_", "/api/rooms/[:id]/config",    mongoose_client_api_rooms_config, []},
          {"_", "/api/rooms/:id/users/[:user]",    mongoose_client_api_rooms_users, []},
          {"_", "/api/rooms/[:id]/messages",    mongoose_client_api_rooms_messages, []},
          %% Swagger
          {"_", "/api-docs", cowboy_swagger_redirect_handler, {priv_file, cowboy_swagger, "swagger/index.html"}},
          {"_", "/api-docs/swagger.json", cowboy_swagger_json_handler, #{}},
          {"_", "/api-docs/[...]", cowboy_static, {priv_dir, cowboy_swagger, "swagger", [{mimetypes, cow_mimetypes, all}]}}
      ]}
  ]},

  %% Following HTTP API is deprected, the new one abouve should be used instead

  { {5288, "127.0.0.1"} , ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {modules, [
          {"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics,
                                                           mongoose_api_users]}]}
      ]}
  ]},

  { 5222, ejabberd_c2s, [

			%%
			%% If TLS is compiled in and you installed a SSL
			%% certificate, specify the full path to the
			%% file and uncomment this line:
			%%
                        {certfile, "priv/ssl/fake_server.pem"}, starttls,

                        %%{zlib, 10000},
			%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
			%% {ciphers, "TLSv1.2:TLSv1.3"},
			{access, c2s},
			{shaper, c2s_shaper},
			{max_stanza_size, 65536}

		       ]},



  %%
  %% To enable the old SSL connection method on port 5223:
  %%
  %%{5223, ejabberd_c2s, [
  %%			{access, c2s},
  %%			{shaper, c2s_shaper},
  %%			{certfile, "/path/to/ssl.pem"}, tls,
  %%			{max_stanza_size, 65536}
  %%		       ]},

  { 5269, ejabberd_s2s_in, [
			   {shaper, s2s_shaper},
			   {max_stanza_size, 131072}

			  ]}

  %%
  %% ejabberd_service: Interact with external components (transports, ...)
  %%
  ,{8888, ejabberd_service, [
                {access, all},
                {shaper_rule, fast},
                {ip, {127, 0, 0, 1}},
                {password, "secret"}
           ]}

  %%
  %% ejabberd_stun: Handles STUN Binding requests
  %%
  %%{ {3478, udp}, ejabberd_stun, []}

 ]}.

%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: false optional required required_trusted
%% You must specify a certificate file.
%%
{s2s_use_starttls, optional}.
%%
%% s2s_certfile: Specify a certificate file.
%%
{s2s_certfile, "priv/ssl/fake_server.pem"}.

%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
%% {s2s_ciphers, "TLSv1.2:TLSv1.3"}.

%%
%% domain_certfile: Specify a different certificate for each served hostname.
%%
%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.

%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
{s2s_default_policy, deny }.

%%
%% Allow or deny communication with specific servers.
%%
%%{ {s2s_host, "goodhost.org"}, allow}.
%%{ {s2s_host, "badhost.org"}, deny}.

{outgoing_s2s_port, 5269 }.

%%
%% IP addresses predefined for specific hosts to skip DNS lookups.
%% Ports defined here take precedence over outgoing_s2s_port.
%% Examples:
%%
%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.

%%
%% Outgoing S2S options
%%
%% Preferred address families (which to try first) and connect timeout
%% in milliseconds.
%%
%%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
%%
%%%.   ==============
%%%'   SESSION BACKEND

%%{sm_backend, {mnesia, []}}.

%% Requires {redis, global, default, ..., ...} outgoing pool
%%{sm_backend, {redis, []}}.

{sm_backend, {mnesia, []} }.


%%%.   ==============
%%%'   AUTHENTICATION

%% Advertised SASL mechanisms
%%{sasl_mechanisms, [cyrsasl_scram, cyrsasl_plain]}.

%%
%% auth_method: Method used to authenticate the users.
%% The default method is the internal.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
{auth_method, internal }.
{auth_opts, [
             %% Store the plain passwords or hashed for SCRAM:
             %% {password_format, plain} % default
             %% {password_format, scram}

             %% {scram_iterations, 4096} % default

             %%
             %% For auth_http:
             %% {basic_auth, "user:password"}
             %% {path_prefix, "/"} % default
             %% auth_http requires {http, Host | global, auth, ..., ...} outgoing pool.
             %%
             %% For auth_external
             %%{extauth_program, "/path/to/authentication/script"}.
             %%
             %% For auth_jwt
             %% {jwt_secret_source, "/path/to/file"},
             %% {jwt_algorithm, "RS256"},
             %% {jwt_username_key, user}
             %%
             %% For cyrsasl_external
             %% {authenticate_with_cn, false}
             {cyrsasl_external, standard}
             %%
             %% For auth_ldap
             %% {ldap_base, "dc=example,dc=com"},
             %% {ldap_filter, "(objectClass=shadowAccount)"},
             %% {ldap_uids, [{"mail", "%u@mail.example.org"}]}.

            ]}.

%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
%%{auth_method, external}.

%%
%% Authentication using RDBMS
%% Remember to setup a database in the next section.
%%
%%{auth_method, rdbms}.

%%
%% Authentication using LDAP
%% Requires connection setup in the 'outgoing_pools' section
%%
%%{auth_method, ldap}.
%%

%%
%% Anonymous login support:
%%   auth_method: anonymous
%%   anonymous_protocol: sasl_anon | login_anon | both
%%   allow_multiple_connections: true | false
%%
%%{host_config, "public.example.org", [{auth_method, anonymous},
%%                                     {allow_multiple_connections, false},
%%                                     {anonymous_protocol, sasl_anon}]}.
%%
%% To use both anonymous and internal authentication:
%%
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.


%%%.   ==============
%%%'   OUTGOING CONNECTIONS (e.g. DB)

%% Here you may configure all outgoing connections used by MongooseIM,
%% e.g. to RDBMS (such as MySQL), Riak or external HTTP components.
%% Default MongooseIM configuration uses only Mnesia (non-Mnesia extensions are disabled),
%% so no options here are uncommented out of the box.
%% This section includes configuration examples; for comprehensive guide
%% please consult MongooseIM documentation, page "Outgoing connections":
%% - doc/advanced-configuration/outgoing-connections.md
%% - https://mongooseim.readthedocs.io/en/latest/advanced-configuration/outgoing-connections/


%{outgoing_pools, [
%  {riak, global, default, [{workers, 5}], [{address, "127.0.0.1"}, {port, 8087}]},
%  {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
%  {http, global, conn1, [{workers, 50}], [{server, "http://server:8080"}]},
%  {cassandra, global, default, [{workers, 100}], [{servers, [{"server1", 9042}]}, {keyspace, "big_mongooseim"}]},
%  {rdbms, global, default, [{workers, 10}], [{server, {mysql, "server", 3306, "database", "username", "password"}}]}
%]}.

%% More examples that may be added to outgoing_pools list:
%%
%% == MySQL ==
%%  {rdbms, global, default, [{workers, 10}],
%%   [{server, {mysql, "server", 3306, "database", "username", "password"}},
%%    {keepalive_interval, 10}]},
%% keepalive_interval is optional

%% == PostgreSQL ==
%%  {rdbms, global, default, [{workers, 10}],
%%   [{server, {pgsql, "server", 5432, "database", "username", "password"}}]},

%% == ODBC (MSSQL) ==
%%  {rdbms, global, default, [{workers, 10}],
%%   [{server, "DSN=mongooseim;UID=mongooseim;PWD=mongooseim"}]},

%% == Elastic Search ==
%%  {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},

%% == Riak ==
%%  {riak, global, default, [{workers, 20}], [{address, "127.0.0.1"}, {port, 8087}]},

%% == HTTP ==
%%  {http, global, conn1, [{workers, 50}], [{server, "http://server:8080"}]},

%% == Cassandra ==
%%  {cassandra, global, default, [{workers, 100}],
%%    [
%%      {servers, [
%%                 {"cassandra_server1.example.com", 9042},
%%                 {"cassandra_server2.example.com", 9042},
%%                 {"cassandra_server3.example.com", 9042},
%%                 {"cassandra_server4.example.com", 9042}
%%                ]},
%%      {keyspace, "big_mongooseim"}
%%    ]},

%% == LDAP ==
%%  {ldap, global, default, [{workers, 5}], [{servers, ["ldap-server.example.com"]},
%%                                           {rootdn, "cn=admin,dc=example,dc=com"},
%%                                           {password, "secret"}]}

%% == Extra options ==
%%
%% If you use PostgreSQL, have a large database, and need a
%% faster but inexact replacement for "select count(*) from users"
%%
%%{pgsql_users_number_estimate, true}.
%%
%% rdbms_server_type specifies what database is used over the RDBMS layer
%% Can take values mssql, pgsql, mysql
%% In some cases (for example for MAM with pgsql) it is required to set proper value.
%%
%% {rdbms_server_type, pgsql}.

%%%.   ===============
%%%'   TRAFFIC SHAPERS

%%
%% The "normal" shaper limits traffic speed to 1000 B/s
%%
{shaper, normal, {maxrate, 1000}}.

%%
%% The "fast" shaper limits traffic speed to 50000 B/s
%%
{shaper, fast, {maxrate, 50000}}.

%%
%% This option specifies the maximum number of elements in the queue
%% of the FSM. Refer to the documentation for details.
%%
{max_fsm_queue, 1000}.

%%%.   ====================
%%%'   ACCESS CONTROL LISTS

%%
%% The 'admin' ACL grants administrative privileges to XMPP accounts.
%% You can put here as many accounts as you want.
%%
%{acl, admin, {user, "alice", "localhost"}}.
%{acl, admin, {user, "a", "localhost"}}.

%%
%% Blocked users
%%
%%{acl, blocked, {user, "baduser", "example.org"}}.
%%{acl, blocked, {user, "test"}}.

%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.

%%
%% More examples of ACLs
%%
%%{acl, jabberorg, {server, "jabber.org"}}.
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%%{acl, test, {user_regexp, "^test"}}.
%%{acl, test, {user_glob, "test*"}}.

%%
%% Define specific ACLs in a virtual host.
%%
%%{host_config, "localhost",
%% [
%%  {acl, admin, {user, "bob-local", "localhost"}}
%% ]
%%}.

%%%.   ============
%%%'   ACCESS RULES

%% Maximum number of simultaneous sessions allowed for a single user:
{access, max_user_sessions, [{10, all}]}.

%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.

%% This rule allows access only for local users:
{access, local, [{allow, local}]}.

%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
	       {allow, all}]}.

%% For C2S connections, all users except admins use the "normal" shaper
{access, c2s_shaper, [{none, admin},
		      {normal, all}]}.

%% All S2S connections use the "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

%% Admins of this server are also admins of the MUC service:
{access, muc_admin, [{allow, admin}]}.

%% Only accounts of the local ejabberd server can create rooms:
{access, muc_create, [{allow, local}]}.

%% All users are allowed to use the MUC service:
{access, muc, [{allow, all}]}.

%% In-band registration allows registration of any possible username.
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{allow, all}]}.

%% By default the frequency of account registrations from the same IP
%% is limited to 1 account every 10 minutes. To disable, specify: infinity
{registration_timeout, infinity}.

%% Default settings for MAM.
%% To set non-standard value, replace 'default' with 'allow' or 'deny'.
%% Only user can access his/her archive by default.
%% An online user can read room's archive by default.
%% Only an owner can change settings and purge messages by default.
%% Empty list (i.e. `[]`) means `[{deny, all}]`.
{access, mam_set_prefs, [{default, all}]}.
{access, mam_get_prefs, [{default, all}]}.
{access, mam_lookup_messages, [{default, all}]}.

%% 1 command of the specified type per second.
{shaper, mam_shaper, {maxrate, 1}}.
%% This shaper is primeraly for Mnesia overload protection during stress testing.
%% The limit is 1000 operations of each type per second.
{shaper, mam_global_shaper, {maxrate, 1000}}.

{access, mam_set_prefs_shaper, [{mam_shaper, all}]}.
{access, mam_get_prefs_shaper, [{mam_shaper, all}]}.
{access, mam_lookup_messages_shaper, [{mam_shaper, all}]}.

{access, mam_set_prefs_global_shaper, [{mam_global_shaper, all}]}.
{access, mam_get_prefs_global_shaper, [{mam_global_shaper, all}]}.
{access, mam_lookup_messages_global_shaper, [{mam_global_shaper, all}]}.

%%
%% Define specific Access Rules in a virtual host.
%%
%%{host_config, "localhost",
%% [
%%  {access, c2s, [{allow, admin}, {deny, all}]},
%%  {access, register, [{deny, all}]}
%% ]
%%}.

%%%.   ================
%%%'   DEFAULT LANGUAGE

%%
%% language: Default language used for server messages.
%%
{language, "en"}.

%%
%% Set a different default language in a virtual host.
%%
%%{host_config, "localhost",
%% [{language, "ru"}]
%%}.

%%%.   ================
%%%'   MISCELLANEOUS

{all_metrics_are_global, false }.



%%%.   ========
%%%'   SERVICES

%% Unlike modules, services are started per node and provide either features which are not
%% related to any particular host, or backend stuff which is used by modules.
%% This is handled by `mongoose_service` module.

{services,
    [
        {service_admin_extra, [{submods, [node, accounts, sessions, vcard, gdpr,
                                          roster, last, private, stanza, stats]}]},
        {service_mongoose_system_metrics, [{initial_report, 300000},
                                           {periodic_report, 10800000}]}
    ]
}.

%%%.   =======
%%%'   MODULES

%%
%% Modules enabled in all mongooseim virtual hosts.
%% For list of possible modules options, check documentation.
%%
{modules,
 [

  %% The format for a single route is as follows:
  %% {Host, Path, Method, Upstream}
  %%
  %% "_" can be used as wildcard for Host, Path and Method
  %% Upstream can be either host (just http(s)://host:port) or uri
  %% The difference is that host upstreams append whole path while
  %% uri upstreams append only remainder that follows the matched Path
  %% (this behaviour is similar to nginx's proxy_pass rules)
  %%
  %% Bindings can be used to match certain parts of host or path.
  %% They will be later overlaid with parts of the upstream uri.
  %%
  %% {mod_revproxy,
  %%    [{routes, [{"www.erlang-solutions.com", "/admin", "_",
  %%                "https://www.erlang-solutions.com/"},
  %%               {":var.com", "/:var", "_", "http://localhost:8080/"},
  %%               {":domain.com", "/", "_", "http://localhost:8080/:domain"}]
  %%     }]},

% {mod_http_upload, [
    %% Set max file size in bytes. Defaults to 10 MB.
    %% Disabled if value is `undefined`.
%   {max_file_size, 1024},
    %% Use S3 storage backend
%   {backend, s3},
    %% Set options for S3 backend
%   {s3, [
%     {bucket_url, "http://s3-eu-west-1.amazonaws.com/konbucket2"},
%     {region, "eu-west-1"},
%     {access_key_id, "AKIAIAOAONIULXQGMOUA"},
%     {secret_access_key, "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"}
%   ]}
% ]},

  {mod_adhoc, []},

  {mod_disco, [{users_can_see_hidden_services, false}]},
  {mod_commands, []},
  {mod_muc_commands, []},
  {mod_muc_light_commands, []},
  {mod_last, []},
  {mod_stream_management, [
                           % default 100
                           % size of a buffer of unacked messages
                           % {buffer_max, 100}

                           % default 1 - server sends the ack request after each stanza
                           % {ack_freq, 1}

                           % default: 600 seconds
                           % {resume_timeout, 600}

                           % default:  [{enabled, false}]
                           % {stale_h, [{enabled, false}]
                           % {stale_h, [{enabled, true},
                           %            {stale_h_repeat_after, 1800},
                           %            {stale_h_geriatric, 3600}]}
                          ]},
  %% {mod_muc_light, [{host, "muclight.@HOST@"}]},
  {mod_muc, [
             {host, "muc.@HOST@"},
             {access, muc},
             {access_create, muc_create}
            ]},
  %% {mod_muc_log, [
  %%                {outdir, "/tmp/muclogs"},
  %%                {access_log, muc}
  %%               ]},
  {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
  {mod_privacy, []},
  {mod_blocking, []},
  {mod_private, []},
% {mod_private, [{backend, mnesia}]},
% {mod_private, [{backend, rdbms}]},
  {mod_register, [
		  %%
		  %% Set the minimum informational entropy for passwords.
		  %%
		  %%{password_strength, 32},

		  %%
		  %% After successful registration, the user receives
		  %% a message with this subject and body.
		  %%
		  {welcome_message, {""}},

		  %%
		  %% When a user registers, send a notification to
		  %% these XMPP accounts.
		  %%


		  %%
		  %% Only clients in the server machine can register accounts
		  %%
		  {ip_access, [{allow, "127.0.0.0/8"},
			       {deny, "0.0.0.0/0"}]},

		  %%
		  %% Local c2s or remote s2s users cannot register accounts
		  %%
		  %%{access_from, deny},

		  {access, register}
		 ]},
  {mod_roster, [
                {versioning, true},
                {store_current_id, true}
               ]},
  {mod_sic, []},
  {mod_vcard, [%{matches, 1},
%{search, true},
%{ldap_search_operator, 'or'}, %% either 'or' or 'and'
%{ldap_binary_search_fields, [<<"PHOTO">>]},
%% list of binary search fields (as in vcard after mapping)
{host, "vjud.@HOST@"}
]},
  {mod_bosh, []},
  {mod_carboncopy, []},

  %%
  %% Message Archive Management (MAM, XEP-0313) for registered users and
  %% Multi-User chats (MUCs).
  %%

% {mod_mam_meta, [
    %% Use RDBMS backend (default)
%   {backend, rdbms},

    %% Do not store user preferences (default)
%   {user_prefs_store, false},
    %% Store user preferences in RDBMS
%   {user_prefs_store, rdbms},
    %% Store user preferences in Mnesia (recommended).
    %% The preferences store will be called each time, as a message is routed.
    %% That is why Mnesia is better suited for this job.
%   {user_prefs_store, mnesia},

    %% Enables a pool of asynchronous writers. (default)
    %% Messages will be grouped together based on archive id.
%   {async_writer, true},

    %% Cache information about users (default)
%   {cache_users, true},

    %% Enable archivization for private messages (default)
%   {pm, [
      %% Top-level options can be overriden here if needed, for example:
%     {async_writer, false}
%   ]},

    %%
    %% Message Archive Management (MAM) for multi-user chats (MUC).
    %% Enable XEP-0313 for "muc.@HOST@".
    %%
%   {muc, [
%     {host, "muc.@HOST@"}
      %% As with pm, top-level options can be overriden for MUC archive
%   ]},
%
    %% Do not use a <stanza-id/> element (by default stanzaid is used)
%   no_stanzaid_element,
% ]},


  %%
  %% MAM configuration examples
  %%

  %% Only MUC, no user-defined preferences, good performance.
% {mod_mam_meta, [
%   {backend, rdbms},
%   {pm, false},
%   {muc, [
%     {host, "muc.@HOST@"}
%   ]}
% ]},

  %% Only archives for c2c messages, good performance.
% {mod_mam_meta, [
%   {backend, rdbms},
%   {pm, [
%     {user_prefs_store, mnesia}
%   ]}
% ]},

  %% Basic configuration for c2c messages, bad performance, easy to debug.
% {mod_mam_meta, [
%   {backend, rdbms},
%   {async_writer, false},
%   {cache_users, false}
% ]},

  %% Cassandra archive for c2c and MUC conversations.
  %% No custom settings supported (always archive).
% {mod_mam_meta, [
%   {backend, cassandra},
%   {user_prefs_store, cassandra},
%   {muc, [{host, "muc.@HOST@"}]}
% ]}

{ mod_caps, [] },

{mod_pubsub, [
  {access_createnode, pubsub_createnode},
  {ignore_pep_from_offline, false},
  {last_item_cache, mnesia},
  {max_items_node, 1000},
  {plugins, [<<"flat">>, <<"pep">>]}
]}

]}.


%%
%% Enable modules with custom options in a specific virtual host
%%
%%{host_config, "localhost",
%% [{ {add, modules},
%%   [
%%    {mod_some_module, []}
%%   ]
%%  }
%% ]}.

%%%.
%%%'

%%% $Id$

%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
%%%.

@fenek fenek self-assigned this Apr 29, 2020
@fenek fenek added the community Non ESL issues and PRs label Apr 29, 2020
@fenek
Copy link
Member

fenek commented Apr 29, 2020

Hi @JLueke

I was able to turn on OMEMO in Converse.js with the MIM configuration you've provided. The error you've pasted doesn't mean that encryption is not supported. It is reported only on the first login of a user, because it is caused by a lack of OMEMO server-side data, which is populated by the client.

However I noticed there is some bug in OMEMO implementation in Converse.js which essentialy breaks the encryption after first message. My JS skill is insufficient to debug why the app throws strange errors about invalid identity. Please submit an issue report on Converse.js GitHub.

@Neustradamus

This comment was marked as spam.

@JLueke
Copy link
Author

JLueke commented May 4, 2020

@fenek thanks for testing and the explanation

the problem regarding "Identity key changed" already has some issues in ConverseJs so, I'll close this issue and add the solution afterwards, if I find one for that problem

@JLueke JLueke closed this as completed May 4, 2020
@JLueke
Copy link
Author

JLueke commented May 4, 2020

Issue in CoverseJs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community Non ESL issues and PRs
Projects
None yet
Development

No branches or pull requests

3 participants