| .. | ||
| README.md | ||
Enable ports
These are the ports needed for ejabberd to work. Ports 80 and 443 are needed for deploying and SSL certificate with certbot.
declare -a ports=("80" "443" "5222" "5223" "5269" "5280" "5443" "1883" "8883" "3478" "5349" "7777")
for port in "${ports[@]}"; do ufw allow "$port" ; done
ufw reload
Download ejabberd
Debian conveniently offers the packages in the official repositories!
apt update
apt install ejabberd python3-certbot erlang-p1-pgsql
systemctl enable --now ejabberd
Generate certs
This is from Nerd on the Street. Change the DOMAIN variable to your preference.
DOMAIN="example.org"
# Set the domain names you want here, stun & turn are required for calls
declare -a subdomains=("" "conference." "proxy." "pubsub." "upload." "stun." "turn.")
for i in "${subdomains[@]}"; do
certbot -d $i$DOMAIN certonly --standalone --register-unsafely-without-email --agree-tos
mkdir -p /etc/ejabberd/certs/$i$DOMAIN
cp /etc/letsencrypt/live/$i$DOMAIN/fullchain.pem /etc/ejabberd/certs/$i$DOMAIN
cp /etc/letsencrypt/live/$i$DOMAIN/privkey.pem /etc/ejabberd/certs/$i$DOMAIN
done
Directories and permissions
chown -R ejabberd:ejabberd /etc/ejabberd/certs
mkdir -p /var/www/upload
chown -R ejabberd:ejabberd /var/www/upload
Base configuration
Fill with your domain.
hosts:
- example.org
Enable the path for previously generated certs.
certfiles:
- "/etc/ejabberd/certs/*/*.pem"
Note: Remember to systemctl restart ejabberd each time you modify /etc/ejabberd.yml.
Example for some configs (optional)
Admin user
Register admin user.
su -c "ejabberdctl register admin example.org ADMIN_PASSWORD" ejabberd
systemctl restart ejabberd
Enable admin user.
acl:
admin:
user: admin
Message archive and http upload
Uncomment for compliance with XMPP standards.
mod_http_upload:
put_url: https://@HOST@:5443/upload
docroot: /var/www/upload
custom_headers:
"Access-Control-Allow-Origin": "https://@HOST@"
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
"Access-Control-Allow-Headers": "Content-Type"
Enable message archive.
mod_mam:
assume_mam_usage: true
default: always
Postgresql database
Set postgresql as database. WARNING. I can't get this to work. Don't bother if you have few users anyway.
sudo -i -u postgres psql -c "CREATE USER ejabberd WITH PASSWORD 'DB_PASSWORD';"
sudo -i -u postgres psql -c "CREATE DATABASE ejabberd OWNER ejabberd;"
su -c "curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | psql ejabberd" postgres
sql_type: pgsql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "DB_PASSWORD"
default_db: sql
Call/Videocall support
Enable this module
ejabberd_stun:
Registration
Enable registration in your server
mod_register:
Otherwise registered via:
su -c "ejabberdctl register USERNAME example.org USER_PASSWORD" ejabberd
Note: Remember to systemctl restart ejabberd each time you modify /etc/ejabberd.yml.