tavo/guides
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
guides/self_hosting/ejabberd/README.md
tavo-wasd 6b68ecb447 rename & edit
2024-02-15 21:39:00 -06:00

3.2 KiB
Raw Blame History

Enable ports

These are the ports needed for ejabberd to work. Ports 80 and 443 are needed for deploying and SSL certificate with certbot. Read more about ports in ejabberd's docs, to see which ports are needed for whatever modules you need.

set -- 80 443 5222 5223 5269 5280 5443 1883 8883 3478 5349 7777
for port in "$@"; do ufw allow "$port" ; done
ufw reload

Download ejabberd

Debian conveniently offers the packages in the official repositories!

apt update
apt install ejabberd python3-certbot erlang-p1-pgsql
systemctl enable --now ejabberd

Generate certs

This is a slightly modified snippet from Nerd on the Street. Change the example.org to your preference.

#!/bin/sh

set -- example.org conference.example.org proxy.example.org pubsub.example.org upload.example.org stun.example.org turn.example.org
CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"

for i in "$@"; do
    certbot -d $i "$CERTBOT_OPTS"
    mkdir -p /etc/ejabberd/certs/$i
    cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
    cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
done

Directories and permissions

chown -R ejabberd:ejabberd /etc/ejabberd/certs
mkdir -p /var/www/upload
chown -R ejabberd:ejabberd /var/www/upload

Base configuration

Fill with your domain.

hosts:
  - example.org

Enable the path for previously generated certs.

certfiles:
  - "/etc/ejabberd/certs/*/*.pem"

Note: Remember to systemctl restart ejabberd each time you modify /etc/ejabberd.yml.

Example for some configs (optional)

Admin user

Register admin user.

su -c "ejabberdctl register admin example.org ADMIN_PASSWORD" ejabberd
systemctl restart ejabberd

Enable admin user.

acl:
  admin:
    user: admin

Message archive and http upload

Uncomment for compliance with XMPP standards.

mod_http_upload:
    put_url: https://@HOST@:5443/upload
    docroot: /var/www/upload
    custom_headers:
      "Access-Control-Allow-Origin": "https://@HOST@"
      "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
      "Access-Control-Allow-Headers": "Content-Type"

Enable message archive.

mod_mam:
  assume_mam_usage: true
  default: always

Postgresql database

Set postgresql as database. WARNING. I can't get this to work. Don't bother if you have few users anyway.

sudo -i -u postgres psql -c "CREATE USER ejabberd WITH PASSWORD 'DB_PASSWORD';"
sudo -i -u postgres psql -c "CREATE DATABASE ejabberd OWNER ejabberd;"
su -c "curl -s https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql | psql ejabberd" postgres

sql_type: pgsql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "DB_PASSWORD"
default_db: sql

Call/Videocall support

Enable this module

ejabberd_stun:

Registration

Enable registration in your server

mod_register:

Otherwise registered via:

su -c "ejabberdctl register USERNAME example.org USER_PASSWORD" ejabberd

Note: Remember to systemctl restart ejabberd each time you modify /etc/ejabberd.yml.