Xmpp with ejabberd

31 August,2021

• Installing ejabberd
  • To install from source: Download ejabberd. The root location of ejabberd is /opt/ejabberd or an location you desire

    wget https://static.process-one.net/ejabberd/downloads/21.07/ejabberd_21.07-0_amd64.deb

  • Debian

    apt install ejabberd

• Enable ejabberd service (source installisation)

  cp /opt/ejabberd-XX-XX/bin/ejabberd.service /etc/systemd/system/ systemctl daemon-reload systemctl enable ejabberd

• Start ejabberd with ejabberdctl (source installisation)

  systemctl start ejabberd or echo “alias ejbctl=”/opt/ejabberd-21.07/bin/ejabberdctl”” » ~/.bashrc source ~/.bashrc ejbctl start

• Register an admin account

  ejbctl register adminuser example.com adminpassword

• Edit /opt/ejabberd/conf/ejabberd.yml to add admin access to the user. Add adminuser@example.com to admin under acl.

  acl: admin: - adminuser@example.com

• Add TLS certificate
  • TLS worked for me when i combined privkey and fullchain to a file.
  • Copy certificate files for ejabberd host(example.com) to /opt/ejabberd/conf/ or /etc/ejabberd/
  • Change ownership of file to user & group ejabberd (source)

    chown -R ejabberd:ejabberd /opt/ejabberd/conf

  • Add location to ejabberd.yml

    certfiles:
      - "/path/to/cert.pem" 
  

• Change ip under listen to 0.0.0.0

  listen: - port: 5222 ip: 0.0.0.0 module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5269 ip: 0.0.0.0 tls: true module: ejabberd_s2s_in max_stanza_size: 524288 - port: 5443 ip: 0.0.0.0 tls: true module: ejabberd_http tls: true request_handlers: “/admin”: ejabberd_web_admin “/api”: mod_http_api “/bosh”: mod_bosh “/captcha”: ejabberd_captcha “/upload”: mod_http_upload “/ws”: ejabberd_http_ws “/oauth”: ejabberd_oauth - port: 5280 tls: true ip: 0.0.0.0 module: ejabberd_http request_handlers: “/admin”: ejabberd_web_admin

• Allow connection to ports

  ufw allow 5222 ufw allow 5280 ufw allow 5269 ufw allow 5443 ufw allow 5340 ufw allow 49153:65535/tcp

• Restart ejabberd

  ejbctl restart or systemctl restart ejabberd

• Admin page can be accessed at example.com:5280.

• LDAP integration

  auth_method: [ldap] ldap_servers: [localhost] ldap_rootdn: “cn=admin,dc=example,dc=com” ldap_password: password ldap_encrypt: tls ldap_port: 636 ldap_base: “ou=userbase,dc=example,dc=com” ldap_filter: “(objectClass=userclass)”

  • tls is optional. Its not really required since everything is in one server.
• Video and Audio calls with stun server
  • Add under listen

    - port: 5349 module: ejabberd_stun transport: tcp tls: true use_turn: true turn_ipv4_address: server_public_ip turn_min_port: 49152 turn_max_port: 65535 certfile: “/path/to/cert.pem” Use certificate (fullchain.pem in case of letsencrypt) with ejabberd as owner

  • Add stun module

    mod_stun_disco: credentials_lifetime: 12h services: - host: example.com port: 5349 type: stuns transport: tcp restricted: false - host: example.com port: 5349 type: turns transport: tcp restricted: true

  • Add SRV records to dns

    _turns._tcp IN SRV 0 0 5349 example.com. _stuns._tcp IN SRV 0 0 5349 example.com.

Links

• Inorder to get 100% xmpp compliance folow steps
• Stun/TURN server steps
• Ejabberd