ejabberd
Contents
About
Conversations.im: XMPP Compliance Check
Links
Cross-Origin Resource Sharing CORS-Headers
Installation
Automatic discovery of connection options can be achieved via:
- Resolution of DNS SRV-Records
Download of a xml|json-file /\.well-known/host-meta(\.json)? from a webserver on port 80 or 443
DNS
It's probably the hardest task to setup all these XMPP Records used for XMPP-Service discovery and get the corresponding certificates in order. I'll try to gather them as a complete list of DNS-Rrcords as i implemented them.
SRV-Records
1 ;CERTIFICATE AUTHORITY AUTHORIZATION RECORD
2 rockstable.it CAA 128 issue "letsencrypt.org"
3
4 ;_service._proto.name TTL class SRV priority weight port target
5 ;XMPP
6 $ORIGIN _tcp.jabber.rockstable.it.
7 ;SIMPLE TRAVERSAL UDP NAT OVER TCP
8 _stun SRV 5 0 3478 jabber.rockstable.it.
9 _stuns SRV 5 0 5349 jabber.rockstable.it.
10 ; TRAVERSAL UDP RELAY NAT OVER TCP
11 _turn SRV 5 0 3478 jabber.rockstable.it.
12 _turns SRV 5 0 5349 jabber.rockstable.it.
13 ; XMPPS IMPLICIT CRYPTOGRAPHY (ALSO KNOWN AS LEGACY/TLS)
14 _xmpps-client SRV 5 0 5223 jabber.rockstable.it.
15 ; XMPP EXPLICIT CRYPTOGRAPHY (LEAKS STARTTLS PROTO "XMPP-CLIENT")
16 _xmpp-client SRV 10 0 5222 jabber.rockstable.it.
17 _xmpps-client SRV 15 0 443 jabber.rockstable.it.
18 ; XMPP-SERVER-TO-SERVER (S2S)
19 _xmpp-server SRV 5 0 5269 jabber.rockstable.it.
20 $ORIGIN _udp.jabber.rockstable.it.
21 ;SIMPLE TRAVERSAL UDP NAT OVER UDP
22 _stun SRV 5 0 3478 jabber.rockstable.it.
23 ; TRAVERSAL UDP RELAY NAT OVER UDP
24 _turn SRV 5 0 3478 jabber.rockstable.it.
25 $ORIGIN jabber.rockstable.it.
26 _xmppconnect TXT "_xmpp-client-xbosh=https://jabber.rockstable.it:443/http-bind/"
27 TXT "_xmpp-client-xbosh=https://jabber.rockstable.it:5280/http-bind/"
28 TXT "_xmpp-client-xbosh=https://jabber.rockstable.it:443/bosh/"
29 TXT "_xmpp-client-xbosh=https://jabber.rockstable.it:5280/bosh/"
30 TXT "_xmpp-client-websocket=wss://jabber.rockstable.it:443/websocket/"
31 TXT "_xmpp-client-websocket=wss://jabber.rockstable.it:5280/websocket/"
32 _xmpp-server._tcp.conference SRV 5 0 5222 jabber.rockstable.it.
33 $ORIGIN rockstable.it.
34 ; CANONICAL HOSTNAME
35 jabber CNAME jabber1
36 ; REAL HOSTNAME
37 jabber1 A 178.63.149.230
38 ; SUBDOMAINS OF THE SERVICES LIKE 'CONFERENCE' NEED RECORDS TOO
39 $ORIGIN jabber1.rockstable.it.
40 conference CNAME @
41 proxy CNAME @
42 pubsub CNAME @
43 upload CNAME @
44 ; LET'S ENCRYPT DNS CHALLENGES
45 _acme-challenge.jabber TXT "XTXyH8KOM5jSCaI6MCZSPRE3wP-8VU7KQ_bwcwZ1W4s"
46 TXT "ACprK1TjjqXru0Qxffm2QZKfT1X-RVx1E9SQVjQaDTg"
47 _acme-challenge.jabber1 TXT "P_HWFlmOfqAXP98dRHibUu5KWuxMPYtY4cHfD3gd9QE"
48 TXT "xdz9ruXUFf5C6oDgtx1cF3H54N3sLhlJ-ZSVaf55saI"
Websockets
Websocket URIs starting with
wss:// are implicitly encrypted
ws:// are plain text
Gajim insists on this …
Certificates
Should have the following X509v3 extensions
Should include all configured subdomains as Subject Alternative Names (SANs). It's probably the best to move jabber to a subdomain and add a wildcard to this subdomain.
This certbot command should do the job:
Configure
Dump running config of ejabberd. This is nice if you want to compare ejabberd yconf parsed configuration and the /etc/eajbber/ejabberd.yml created by yourself. to a file ~ejabberd/file_name.yml
1 ejabberdctl dump-config file_name.yml
Reset ejabberd
I had some problems configuring OMEMO, which itself is based on pubsub plugin PEP (Personal Event Pubsub). Pubsub stores its state in a database backend, and i was wondering if the state of pubsub in the database, i am carrying withj me since some versions, causes my difficulties with OMEMO. It turned out to be a correct assumption. So here's how i reset the database.
Delete variable data or just move it away to have a way back.
Create database as user postgres and make it owned by ejabberd.
Import database schema into postgres as user ejabberd, otherwise ejabberd-daemon doesn't have enough permissions to use the tables later.
Make sure you have set in /etc/ejabberd/ejabberd.yml
Start ejabberd and register users.
mod_mqtt
- Message Queuing Telemetry Transport (MQTT)
- IANA assigned ports
- plain text: tcp/1883
- encrypted: tcp/8883
https://en.wikipedia.org/wiki/Comparison_of_MQTT_implementations
Spectrum2 Transports
Install
Please refer to docker#Installation for a basic docker installation and later return here.