3.3 KiB
Enable ports
These are the ports needed for ejabberd to work. Ports 80 and 443 are needed for deploying and SSL certificate with certbot. Read more about ports in ejabberd's docs
declare -a ports=("80" "443" "5222" "5223" "5269" "5280" "5443" "1883" "8883" "3478" "5349" "7777")
for port in "${ports[@]}"; do ufw allow "$port" ; done
ufw reload
Download ejabberd
Debian conveniently offers the packages in the official repositories!
apt update
apt install ejabberd python3-certbot erlang-p1-pgsql
systemctl enable --now ejabberd
Generate certs
This is from Nerd on the Street. Change the DOMAIN variable to your preference.
DOMAIN="example.org"
# Set the domain names you want here, stun & turn are required for calls
declare -a subdomains=("" "conference." "proxy." "pubsub." "upload." "stun." "turn.")
for i in "${subdomains[@]}"; do
certbot -d $i$DOMAIN certonly --standalone --register-unsafely-without-email --agree-tos
mkdir -p /etc/ejabberd/certs/$i$DOMAIN
cp /etc/letsencrypt/live/$i$DOMAIN/fullchain.pem /etc/ejabberd/certs/$i$DOMAIN
cp /etc/letsencrypt/live/$i$DOMAIN/privkey.pem /etc/ejabberd/certs/$i$DOMAIN
done
Directories and permissions
chown -R ejabberd:ejabberd /etc/ejabberd/certs
mkdir -p /var/www/upload
chown -R ejabberd:ejabberd /var/www/upload
Base configuration
Fill with your domain.
hosts:
- example.org
Enable the path for previously generated certs.
certfiles:
- "/etc/ejabberd/certs/*/*.pem"
Note: Remember to systemctl restart ejabberd each time you modify /etc/ejabberd.yml.
Example for some configs (optional)
Admin user
Register admin user.
su -c "ejabberdctl register admin example.org ADMIN_PASSWORD" ejabberd
systemctl restart ejabberd
Enable admin user.
acl:
admin:
user: admin
Message archive and http upload
Uncomment for compliance with XMPP standards.
mod_http_upload:
put_url: https://@HOST@:5443/upload
docroot: /var/www/upload
custom_headers:
"Access-Control-Allow-Origin": "https://@HOST@"
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
"Access-Control-Allow-Headers": "Content-Type"
Enable message archive.
mod_mam:
assume_mam_usage: true
default: always
Postgresql database
Set postgresql as database. WARNING. I can't get this to work. Don't bother if you have few users anyway.
sudo -i -u postgres psql -c "CREATE USER ejabberd WITH PASSWORD 'DB_PASSWORD';"
sudo -i -u postgres psql -c "CREATE DATABASE ejabberd OWNER ejabberd;"
su -c "curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | psql ejabberd" postgres
sql_type: pgsql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "DB_PASSWORD"
default_db: sql
Call/Videocall support
Enable this module
ejabberd_stun:
Registration
Enable registration in your server
mod_register:
Otherwise registered via:
su -c "ejabberdctl register USERNAME example.org USER_PASSWORD" ejabberd
Note: Remember to systemctl restart ejabberd each time you modify /etc/ejabberd.yml.