![]() In case it is not installed by default install ~]$ yum install logrotateĭefine how the rotation will ~]$ vi /etc/logrotate.d/ejabberd # ejabberd Startup script for the ejabberd XMPP ServerĮcho "Usage: ejabberd Service ejabberd _option_ copy the following script in /etc/init.d/. To run ejabberd automatically at boot and manage it with This is not needed on CentOS 7 since it uses Systemd (sigh). Refer to the following post for more informations: link. Use HTTP File Upload (XEP-0363), more info in the following link:Ī SOCKS5 proxy can also be used to allow file sharing betwen clients, for more Section by using s2s_dhfile, s2s_ciphers and s2s_protocol_options. I like to enforce STARTTLS for server-to-server connections too certfile,ĭhparam and protocol options we already specified outside the s2s listener What kind of encryption is used and more. This section defines how server to server connections are handled, XMPP protocol, just like email, is based on the concept of federation, everyoneĬan run his own server and still be able to communicate with people using other Some old insecure ciphers are also disabled. ![]() Openssl s_client -connect host:port -starttls xmpp To be sure that the selected cipher is actually being used run: The ciphers paramater in ejabberd’s config file accept every cipher supportedīy OpenSSL, this can be checked with openssl ciphers command. Zlib stream compression is disabled because it poses a security threat when This section defines how client to server connections are handled, what kind ofĮncryption is used and a bunch of other important stuff. 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096 pem file containing the private key followed by /]$ cd /]$ cat privkey.pem fullchain.pem /usr/local/etc/ejabberd/ejabberd.pemĪlso define some macro in ejabberd.yml configuration file: The certificate will be used to encrypt server-to-server (s2s),Ĭlient-to-server (c2s), ejabberd_http and HTTP File Upload connections.Īlternatively a valid certificate issued by letsencrypt can be used, to do soĬreate a single. Securing the connectionĬreate a self signed SSL /]$ cd ejabberd]$ openssl req -x509 -sha256 -nodes -days 1826 -newkey rsa:2048 -keyout ejabberd.pem -out ejabberd]$ openssl dhparam -out dhparams.pem ejabberd]$ chmod 600 ejabberd.pem dhparams.pem & chown ejabberd:ejabberd ejabberd.pem dhparams.pemĤ096 might be overkill but better be on the safe side, SHA-2 is also used pem files are following the same naming scheme and that all Replace domain.tld with a valid domain name and admin with a valid userĪlso check that. The complete configuration file I use can be downloaded Now ejabberd should be installed, if everything went well it is time to createĪ jabber user and grant him admin ~]$ ejabberdctl register admin domain.tld ~]$ vi /usr/local/etc/ejabberd/ejabberd.yml ![]() configure -enable-user=ejabberd ejabberd-xxx]$ make & make install # where `ejabber` is the unpriviledged user that will run the ejabberd ejabberd-xxx]$. ![]() Install the required dependencies, compile and ~]$ tar -xvf ~]$ yum install gcc gcc-c++ expat-devel openssl-devel automake git libyaml ~]$ cd ejabberd-xxx Root) so the only viable option here is to compile from source. Should feel confortable with having an internet exposed service running as Installed this way I was not able to make it run as unpriviledged user (no one Installation and initial configurationĭownload and install erlang (release numbers here may not be up to ~]$ cd tmp]$ wget tmp]$ yum localinstall esl-erlang_17.1-1~centos~6_amd64.rpmĪlternatively add erlang-solutions repo ~]$ cd tmp]$ wget tmp]$ rpm -Uvh tmp]$ yum install esl-erlangĪs for ejabberd, ProcessOne also provides a few precompiled installers but when My blog also contains a bunch of other posts regarding ejabberd that are worth I strongly adviseĪny reader to read carefully what is written here and not just copy-and-paste Mantain an ejabberd server working efficiently and secure. I will be keeping this post up to date to keep track on how to configure and
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |