Difference between revisions of "Installing Ejabberd on Debian"

From WIKI
 
(No difference)

Latest revision as of 10:40, 27 January 2021

Install Ejabberd

  • For debian 10 (stable version)
apt install ejabberd
  • For Debian 10 (backport)

add line in /etc/apt/sources.list

deb http://deb.debian.org/debian buster-backports main

Install ejabberd packages in comand line

apt update
apt-get -t buster-backports install ejabberd
  • Edit /etc/ejabberd/ejabberd.yml
hosts:
#  - localhost
   - example.com

Your server is installed, but if you want to communicate with other servers add an encryption certificate

Let's Encrypt configuration

mv /etc/ejabberd/ejabberd.pem "/etc/ejabberd/backup.pem.$(date +%Y%m%d-%H%M%S)"; cat /root/.acme.sh/404.city_ecc/404.city.key /root/.acme.sh/404.city_ecc/fullchain.cer >> /etc/ejabberd/ejabberd.pem; chown ejabberd  /etc/ejabberd/ejabberd.pem;
  • Reload config
ejabberdctl reload_config

Congratulations Your personal server is installed and ready to use! Other configuration is optional.

Create user "admin" for host "example.com" with password "password"

ejabberctl register admin examle.com password

Security configuration

Enable trust e2e encryption

Delete 'mod_s2s_dialback: {}'. XMPP was created in 1999 when self-signed certificates were the norm. This is a deprecated option allowing the use of self-signed certificates s2s or are engaged in debugging the connection

  mod_roster:
    versioning: true
# mod_s2s_dialback: {} Delete me PLZ!
  mod_shared_roster: {}

Spam protection

By enabling this option, you will stop receiving spam if other server. In order to receive a message from a spammer, you will need to confirm his right to send you spam


  mod_block_strangers:
     allow_local_users: true
     drop: true

Opening a public XMPP server

Uses PostgreSQL or MySQL

Do not use Mnesia or SQLite for public XMPP server. The Mnesia base is limited in size to 2GB and can be damaged at any time. Use PostgreSQL or MySQL. The Postgresql database is preferred, becase PostgreSQL database is better suited for storing images (avatars).


apt install erlang-p1-mysql erlang-p1-pgsql

Create database PostgreSQL or MySQL and grant all user rights to the database


Edit file ejabberd.yml (pgsql):

auth_method: sql
auth_password_format: scram

sql_type: pgsql
#sql_type: mysql
sql_server: "localhost"
sql_database: "xmpp"
sql_username: "xmpp"
sql_password: "password"


sql_pool_size: 10
new_sql_schema: true
default_db: sql

SRV DNS configuration

Need if the ip of your site and the ip of your server are different or you use non-standard port

SRV record

_xmpp-client._tcp.example.com.	300	IN	SRV	0			1	5222	xmpp.example.com.
_xmpp-server._tcp.example.com.	300	IN	SRV	0			1	5269	xmpp.example.com.

A record:

Change ip 8.8.8.8 to your IP-adress

xmpp.example.com.	300	IN	A	8.8.8.8


http upload enable

  mod_http_upload:
     put_url: "https://xmpp.@HOST@:5280/upload"
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
    ## captcha: true
    ## register: true
    tls: true
    protocol_options: 'TLS_OPTIONS'
    web_admin: true


Captha + open inband registration

apt install imagemagick
chown ejabberd /usr/share/ejabberd/captcha.sh


  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/usershare": mod_http_upload
      "/ws": ejabberd_http_ws
    captcha: true
    ## register: true
    tls: true
    protocol_options: 'TLS_OPTIONS'
    ##web_admin: true
captcha_cmd: "/usr/share/ejabberd/captcha.sh"
captcha_host: "xmpp.@HOST@:5280"
captcha_limit: 5
 mod_register:
    captcha_protected: true
    ip_access: all