NOTE: Oops, when I put this up my session expired, and I accedentally copy-pasted this post into the wrong forum... this was supposed to be in Linux Networking... If somebody wanted to move it...
I installed ejabberd on my linode; I wanted a personal server that supported TLS between client and server and server and server... secure from end to end, if you trust the servers, of course
So, I installed ejabbered by putting these into /etc/apt/sources.list:
Code:
deb http://sgolovan.nes.ru/debian sarge main
deb-src http://sgolovan.nes.ru/debian sarge main
Then
apt-get install ejabberd. YAY!
Then I edited /etc/ejabberd/ejabberd.cfg:
Code:
%override_acls.
% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "autodmc"}}.
% Blocked users:
%{acl, blocked, {user, "test"}}.
% Local users:
{acl, local, {user_regexp, ""}}.
% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.
% After successful registration user will get message with following subject
% and body:
{welcome_message,
{"Welcome!",
"Welcome to AutoDMC Labs Jabber Service. "
"For information about Jabber visit http://jabber.org"}}.
% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
% "admin2@localhost"]}.
% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
% This rule allows access only for local users:
{access, local, [{allow, local}]}.
% Authentication method. If you want to use internal user base, then use
% this line:
{auth_method, internal}.
% Host(s) name: (replace for your hostname(s))
% Old {host, "localhost"}. option is equivalent to {hosts, ["localhost"]}.
{hosts, ["autodmclabs.com"]}.
% Default language for server messages
{language, "en"}.
% Listen for unencrypted traffic (untrusted)
{listen,
{5222, ejabberd_c2s, [{access, c2s},
{shaper, c2s_shaper}]},
% SSL-enabled client-2-server service (trusted)
{5223, ejabberd_c2s, [{access, c2s},
tls, {certfile, "/home/ejabberd/server.pem"},
{shaper, c2s_shaper}]},
% Server-2-server service
{5269, ejabberd_s2s_in, [{s2s_use_starttls, true},
{domain_certfile, "/home/ejabberd/server.pem"},
{shaper, s2s_shaper}]},
% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
{5280, ejabberd_http, [http_poll, web_admin]}
]}.
% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.
% Used modules:
{modules,
[
{mod_announce, [{access, announce}]},
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_shared_roster, []},
{mod_privacy, []},
{mod_configure, []},
{mod_configure2, []},
{mod_disco, [{extra_domains, ["users.jabber.org"]}]},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, []},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
{mod_pubsub, []},
{mod_time, []},
{mod_last, []},
{mod_version, []}
]}.
Starting ejabberd, it gave me a "host name not resolved" error, or soemthing like that.
Took me a bit to figure out my problem; it was my firewall. So I opened a CLIENT for DNS (
client DNS accept) in Firehol, and everyone was happy.
However, I can't connect with my jabber client to ejabberd, or through the web interface.
Here's my Firehol Rules:
Code:
version 5
server_ejabberd_ports="tcp/5222 tcp/5223 tcp/5269 tcp/5280"
client_ejabberd_ports="default 5222 5223 5269 5280"
interface eth0 linode
policy reject
server ping accept
server ejabberd accept
client dns accept
I wanted to use Jabber as a request protocol between some servers (request a file, etc), and I wanted it to be encrypted and authinticated, so if client
SetTopBox requests a file from
FileCabinet, FileCabinet gets the request without anybody else knowing what the request is (encrypted, etc), then setup a different type of communication to actually transfer the encrypted file, etc, etc, etc.
But before I can dump time into this project and see if it makes any sense I need a working jabber server that I can play with, that's the point of installing ejabberd... but it's not working!
Any help would be much much appreciated.
FAQ
Search
Members
Register
Login [ Anonymous ]
