Configure ejabberd

Jaussoin Timothée edited this page Jan 24, 2018 · 18 revisions

HTTP Upload

Movim requires a few CORS headers to be included by the HTTP Upload service. ejabberd 17.04 and newer can be configured to do this, like in the following example:

# For ejabberd >= 17.12
certfiles:
  - "/etc/ejabberd/*.pem"

listen:
  # [...]
  -
    module: ejabberd_http
    port: 8443
    tls: true
    # For ejabberd < 17.12 only
    # certfile: "/etc/ejabberd/certificate.pem"
    # dhfile: "/etc/ejabberd/dh-parameters.pem"
    # ciphers: "ECDH:DH:!MEDIUM:!3DES:!aNULL:!eNULL@STRENGTH"
    # protocol_options:
    #  - "no_sslv3"
    #  - "cipher_server_preference"
    #  - "no_compression"
    request_handlers:
      "upload": mod_http_upload
    custom_headers:
      "Access-Control-Allow-Origin": "*"
      "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
      "Access-Control-Allow-Headers": "Authorization"
      "Access-Control-Allow-Credentials": "true"

modules:
  # [...]
  mod_http_upload:
    name: "HTTP File Upload"
    access: local
    max_size: 104857600 # 100 MiB.
    file_mode: "0640"
    dir_mode: "2750"
    docroot: "/var/www/upload/@HOST@"
    put_url: "https://@HOST@:8443/upload"
    thumbnail: false

Contact Addresses

You can also define contact addresses for your XMPP server, they will then be displayed in the Movim UI.

modules:
  # [...]
  mod_disco:
    server_info:
      -
        modules: all
        name: "admin-addresses"
        urls:
          - "xmpp:admin@server.tld"
          - "xmpp:admin2@server.tld"
      -
        modules: all
        name: "security-addresses"
        urls:
          - "xmpp:security@server.tld"
      -
        modules: all
        name: "abuse-addresses"
        urls:
          - "xmpp:abuse@server.tld"
      -
        modules: all
        name: "feedback-addresses"
        urls:
          - "xmpp:muc@conference.server.tld?join"
      -
        modules: all
        name: "support-addresses"
        urls:
          - "mailto:support@server.tld"
          - "http://server.tld/support.html"

PubSub

You should use ejabberd 14.12 or newer, as the PEP support in older versions is buggy.

Then, ejabberd's PubSub configuration should be tweaked a bit in order to make it work well with Movim. For example, Movim uses PEP nodes for microblogging, and by default, ejabberd stores only the most recent posting. ejabberd allows Movim to increase the number of stored items per PubSub node, but only to up to a maximum of 10 items by default. A PubSub setup such as the following takes care of these and other issues:

modules:
  # [...]
  mod_caps: {}
  mod_pubsub:
    access_createnode: local
    ignore_pep_from_offline: false
    last_item_cache: false
    max_items_node: 1000
    default_node_config:
      max_items: 1000
    plugins:
      - "flat"
      - "pep" # Requires mod_caps.

How to configure multiple PubSub services on one domain

ejabberd 17.08 and newer

Use hosts option of pubsub module, e.g.:

modules:
  mod_pubsub:
    hosts:
      - "news.@HOST@"
      - "comics.@HOST@"
      - "nsfw.@HOST@"

Older ejabberd versions

In older ejabberd versions, each virtual domain can only have a single PubSub service. If you want to have multiple group services (such as news.mydomain.org and comics.mydomain.org), you should use the following trick.

Configure your current PubSub service name:

    modules:
      mod_pubsub:
        host: "news.@HOST@"

Create a new dummy virtual domain on your server like this:

    hosts:
      - "dummy.domain"
      - "mydomain.org"

Change the service node to match your domain:

    host_config:
      "dummy.domain":
        modules:
          mod_pubsub:
            host: "comics.mydomain.org"

As a bonus, you can add the new PubSub service to the Service Discovery configuration of your real host:

    modules:
      mod_disco:
        extra_domains:
          - "comics.mydomain.org"

Remember to create your DNS entries for the PubSub services and have the TLS certificate updated, and you are ready to enjoy your multi-group PubSub service.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.