ejabberd

ejabberd — small quick jabber server

install last stable version of ejabberd

edit /etc/jabberd/ejabberd.cfg:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
override_global.
override_local.
override_acls.

{loglevel, 4}.
{hosts, ["jabber.example.ru","localhost"]}.
{listen,
 [
  {5222, ejabberd_c2s, [
                        {certfile, "/etc/ejabberd/ssl.pem"}, starttls,
                        {access, c2s},
                        {shaper, c2s_shaper},
                        {max_stanza_size, 65536}
                       ]},

  {5223, ejabberd_c2s, [
                        {access, c2s},
                        {shaper, c2s_shaper},
                        {certfile, "/etc/ejabberd/ssl.pem"}, tls,
                        {max_stanza_size, 65536}
                       ]},

  {5269, ejabberd_s2s_in, [
                           {max_stanza_size, 131072}
                          ]},

  {5280, ejabberd_http, [
                         http_bind,
                         http_poll,
                         web_admin,
                         {certfile, "/etc/ejabberd/ssl.pem"}, tls
                        ]}

 ]}.

{s2s_use_starttls, true}.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
{s2s_certfile, "/etc/ejabberd/ssl.pem"}.
{s2s_default_policy, allow}.
{outgoing_s2s_port, 5269}.

{auth_method, internal}.

{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.

{max_fsm_queue, 1000}.

{acl, admin, {user, "admin"}}.

{acl, blocked, {user, "root"}}.
{acl, blocked, {user, "r00t"}}.
{acl, blocked, {user, "administrator"}}.
{acl, blocked, {user, "kss"}}.
{acl, blocked, {user, "administrat0r"}}.
{acl, blocked, {user, "adm1n"}}.
{acl, blocked, {user, "r0ot"}}.
{acl, blocked, {user, "ro0t"}}.
{acl, blocked, {user, "adm1n1strat0r"}}.
{acl, blocked, {user, "administrator"}}.
{acl, blocked, {user, "adm1nistrat0r"}}.
{acl, blocked, {user, "adm1nistrator"}}.
{acl, blocked, {user, "admin1strat0r"}}.
{acl, blocked, {user, "admin1strator"}}.
{acl, blocked, {user, "alter"}}.

{acl, local, {user_regexp, ""}}.

%% Maximum number of simultaneous sessions allowed for a single user:
{access, max_user_sessions, [{10, all}]}.

%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.

%% This rule allows access only for local users:
{access, local, [{allow, local}]}.

%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
               {allow, all}]}.

%% For C2S connections, all users except admins use the "normal" shaper
{access, c2s_shaper, [{none, admin},
                      {normal, all}]}.

%% All S2S connections use the "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.

%% Only admins can use the configuration interface:
{access, configure, [{allow, admin}]}.

%% Admins of this server are also admins of the MUC service:
{access, muc_admin, [{allow, admin}]}.

%% Only accounts of the local ejabberd server can create rooms:
{access, muc_create, [{allow, local}]}.

%% All users are allowed to use the MUC service:
{access, muc, [{allow, all}]}.

%% Only accounts on the local ejabberd server can create Pubsub nodes:
{access, pubsub_createnode, [{allow, local}]}.

%% In-band registration allows registration of any possible username.
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{allow, all}]}.

%% By default the frequency of account registrations from the same IP
%% is limited to 1 account every 10 minutes. To disable, specify: infinity
%%{registration_timeout, 600}.

{language, "ru"}.

{modules,
 [
  {mod_adhoc,    []},
  {mod_announce, [{access, announce}]}, % recommends mod_adhoc
  {mod_caps,     []},
  {mod_configure,[]}, % requires mod_adhoc
  {mod_disco,    []},
  %%{mod_echo,   [{host, "echo.localhost"}]},
  %%{mod_irc,      []},
  {mod_http_bind, []},
  %%{mod_http_fileserver, [
  %%                       {docroot, "/var/www"},
  %%                       {accesslog, "/var/log/ejabberd/access.log"}
  %%                      ]},
  {mod_last,     []},
  {mod_muc,      [
                  %%{host, "conference.@HOST@"},
                  {access, muc},
                  {access_create, muc_create},
                  {access_persistent, muc_create},
                  {access_admin, muc_admin}
                 ]},
  %%{mod_muc_log,[]},
  {mod_offline,  [{access_max_user_messages, max_user_offline_messages}]},
  {mod_ping,     []},
  {mod_privacy,  []},
  {mod_private,  []},
  %%{mod_proxy65,[]},
  {mod_pubsub,   [
                  {access_createnode, pubsub_createnode},
                  {ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
                  %%{ignore_pep_from_offline, false},  % XEP compliant, but increases resource comsumption
                  {last_item_cache, false},
                  {plugins, ["flat", "hometree", "pep"]}  % pep requires mod_caps
                 ]},
  {mod_register, [
                  %%
                  %% After successful registration, the user receives
                  %% a message with this subject and body.
                  %%
                  {welcome_message, {"Welcome!",
                                     "Hi.\nWelcome to this XMPP server."}},

                  %%
                  %% When a user registers, send a notification to
                  %% these XMPP accounts.
                  %%
                  %%{registration_watchers, ["admin1@example.org"]},

                  {access, register}
                 ]},
  {mod_roster,   []},
  %%{mod_service_log,[]},
  {mod_shared_roster,[]},
  {mod_stats,    []},
  {mod_time,     []},
  {mod_vcard,    []},
  {mod_version,  []},
  {mod_statsdx,  []}
 ]}.

%%%.
%%%'

%%% $Id$

%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:

edit /etc/ejabberd/inetrc

1
2
3
{file, hosts, "/etc/hosts"}.
{file, resolv, "/etc/resolv.conf"}.
{lookup,["file","dns"]}.

add host name to /etc/hosts

DNS:

1
2
3
_xmpp-server._tcp.jabber.example.ru. 3600 IN SRV 20 0 5269 jabber.example.ru.
_xmpp-client._tcp.jabber.example.ru. 3600 IN SRV 20 0 5222 jabber.example.ru.
_jabber._tcp.jabber.example.ru. 3600 IN SRV 20 1 5222 jabber.example.ru.

create certificate and key at startssl.com (get private.key and cert.crt)

cat private.key > ssl.pem && cat cert.crt >> ssl.pem

iptables

1
2
3
4
iptables -A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5223 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5280 -j ACCEPT