Top-Themen

Aktuelle Themen (A bis Z)

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit

Ejabberd auf ubuntu

Mitglied: horstvogel

horstvogel (Level 2) - Jetzt verbinden

11.07.2018, aktualisiert 10.08.2018, 1331 Aufrufe, 1 Kommentar, 1 Danke

Anliegend erstelle ich eine Anleitung für die Installation eines ejabberd auf einem Ubuntu Server.
Die Anleitung ist derzeit noch im Aufbau.
Für die Installation werde ich meine eigene Anleitung aufbauen, vorab würde ich diese Anleitung empfehlen
https://www.hagen-bauer.de/2018/01/ejabberd.html

Mit dieser Config sollte der Server laufen. Offene Ports in der Firewall 5222, 5280 (hinter Reverse Proxy), 5269
Einfach example.com gehen Euren host austauschen. Wichtig, meine Anleitung funktioniert nur mit einem vorgeschalteten Reverse Proxy

Als Reverse Proxy und als Firewall verwende ich die hier weit verbreitete Pfsense mit Squid als Reverse Proxy.
Die Einstellung im Squid Reverse Proxy der Pfsense.

Unter: Paket / Reverse Proxy Server: General / General

1 - Klicke auf das Bild, um es zu vergrößern

2 - Klicke auf das Bild, um es zu vergrößern

Unter: Paket / Reverse Proxy Server: Peers / Web Servers
4 - Klicke auf das Bild, um es zu vergrößern

Unter: Paket / Reverse Proxy Server: Mappings / Mappings
3 - Klicke auf das Bild, um es zu vergrößern






Grundsätzliches vor der ejabberd Installation
01.
apt-get update && apt-get upgrade 
02.
Automatische Updates für Ubuntu 
03.
sudo apt-get install unattended-upgrades
eventuell müssen die sources list angepasst werden. Wir in der VM Installation anscheinend nicht mit auf dem Weg gebracht.
https://1fire.help/article/ubuntu-18-04-lts-bionic-beaver-mirror-55.html
01.
nano /etc/apt/sources.list

z.B. mit dem diesem Mirror, aus der kleinen Anleitung von oben
01.
deb http://mirror.1fire.de/ubuntu bionic main restricted universe multiverse 
02.
deb http://mirror.1fire.de/ubuntu bionic-updates main restricted universe multiverse 
03.
deb http://mirror.1fire.de/ubuntu bionic-security main restricted universe multiverse 
04.
deb http://mirror.1fire.de/ubuntu bionic-backports main restricted universe multiverse
Ein brauchbarer Datei Explorer ist auch immer hilfreich
01.
sudo apt-get install mc

Installieren von Ejabberd hier die Version 18.06
01.
mkdir install 
02.
 cd install/ 
03.
wget https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/18.06/ejabberd_18.06-0_amd64.deb 
04.
sudo dpkg -i downloads-action.php?file=%2Fejabberd%2F18.06%2Fejabberd_18.06-0_amd64.deb
Braucht man für die Captcha Anmeldung, falls nicht gewünscht, dann nicht installieren. Dauert ca. 10 Minuten
01.
sudo apt-get install imagemagick 
System Start vom ejabberd:
01.
systemctl enable ejabberd.service
Jetzt meine Config von Unten unter (siehe Bild) einfügen:
7 - Klicke auf das Bild, um es zu vergrößern

8 - Klicke auf das Bild, um es zu vergrößern

Ich mache das eigentlich immer mit dem Windows Rechner über den Editor und schiebe dann die Änderungen via WinSCP auf den Ubuntu Rechner



Starten/stoppen vom ejabberd
01.
etc/init.d/ejabberd start 
02.
/etc/init.d/ejabberd restart 
03.
/etc/init.d/ejabberd stop
So können wir den ersten Benutzer anlegen:
./ejabberdctl register benutzer myhome-server.de meinpasswort

Backup, z.B. wenn man auch mit dem gesamten Server umziehen möchte
./ejabberdctl backup /tmp/ejabberd-dbbackup

./ejabberdctl restore /tmp/ejabberd-dbbackup



falls es Probleme mit den OMEMO Keys oder mal mit den Avataren geben sollte, dann verschiebt man einfach den pubsub und dann werden die Keys verschoben und bei der nächsten Verbindung erneuert
mv /opt/ejabberd/database/ejabberd@localhost/pubsub* /tmp


als Sudo im root Verzeichnis ausführen
opt/ejabberd-18.06/bin/ejabberdctl delete_old_mam_messages all 90


gute default config ohne Reverse Proxy und Captcha
Hier meine Config:

01.
### 
02.
###'           ejabberd configuration file 
03.
### 
04.
### 
05.
 
06.
### The parameters used in this configuration file are explained in more detail 
07.
### in the ejabberd Installation and Operation Guide. 
08.
### Please consult the Guide in case of doubts, it is included with 
09.
### your copy of ejabberd, and is also available online at 
10.
### http://www.process-one.net/en/ejabberd/docs/ 
11.
 
12.
### The configuration file is written in YAML. 
13.
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. 
14.
### However, ejabberd treats different literals as different types: 
15.
### 
16.
### - unquoted or single-quoted strings. They are called "atoms". 
17.
###   Example: dog, 'Jupiter', '3.14159', YELLOW 
18.
### 
19.
### - numeric literals. Example: 3, -45.0, .0 
20.
### 
21.
### - quoted or folded strings. 
22.
###   Examples of quoted string: "Lizzard", "orange". 
23.
###   Example of folded string: 
24.
###   > Art thou not Romeo, 
25.
###     and a Montague? 
26.
 
27.
###.  ======= 
28.
###'  LOGGING 
29.
 
30.
## 
31.
## loglevel: Verbosity of log files generated by ejabberd. 
32.
## 0: No ejabberd log at all (not recommended) 
33.
## 1: Critical 
34.
## 2: Error 
35.
## 3: Warning 
36.
## 4: Info 
37.
## 5: Debug 
38.
## 
39.
loglevel: 4 
40.
 
41.
## 
42.
## rotation: Describe how to rotate logs. Either size and/or date can trigger 
43.
## log rotation. Setting count to N keeps N rotated logs. Setting count to 0 
44.
## does not disable rotation, it instead rotates the file and keeps no previous 
45.
## versions around. Setting size to X rotate log when it reaches X bytes. 
46.
## To disable rotation set the size to 0 and the date to "" 
47.
## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf. 
48.
## Some examples: 
49.
##  $D0     rotate every night at midnight 
50.
##  $D23    rotate every day at 23:00 hr 
51.
##  $W0D23  rotate every week on Sunday at 23:00 hr 
52.
##  $W5D16  rotate every week on Friday at 16:00 hr 
53.
##  $M1D0   rotate on the first day of every month at midnight 
54.
##  $M5D6   rotate on every 5th day of the month at 6:00 hr 
55.
## 
56.
log_rotate_size: 10485760 
57.
log_rotate_date: "" 
58.
log_rotate_count: 1 
59.
 
60.
## 
61.
## overload protection: If you want to limit the number of messages per second 
62.
## allowed from error_logger, which is a good idea if you want to avoid a flood 
63.
## of messages when system is overloaded, you can set a limit. 
64.
## 100 is ejabberd's default. 
65.
log_rate_limit: 100 
66.
 
67.
## 
68.
## watchdog_admins: Only useful for developers: if an ejabberd process 
69.
## consumes a lot of memory, send live notifications to these XMPP 
70.
## accounts. 
71.
## 
72.
## watchdog_admins: 
73.
##   - "admin@xmpp" 
74.
 
75.
###.  =============== 
76.
###'  NODE PARAMETERS 
77.
 
78.
## 
79.
## net_ticktime: Specifies net_kernel tick time in seconds. This options must have 
80.
## identical value on all nodes, and in most cases shouldn't be changed at all from 
81.
## default value. 
82.
## 
83.
## net_ticktime: 60 
84.
 
85.
###.  ================ 
86.
###'  SERVED HOSTNAMES 
87.
 
88.
## 
89.
## hosts: Domains served by ejabberd. 
90.
## You can define one or several, for example: 
91.
## hosts: 
92.
##   - "example.net" 
93.
##   - "example.com" 
94.
##   - "example.org" 
95.
## 
96.
hosts: 
97.
  - "example.com" 
98.
 
99.
## 
100.
## route_subdomains: Delegate subdomains to other XMPP servers. 
101.
## For example, if this ejabberd serves example.org and you want 
102.
## to allow communication with an XMPP server called im.example.org. 
103.
## 
104.
## route_subdomains: s2s 
105.
 
106.
###.  ============ 
107.
###'  Certificates 
108.
 
109.
## List all available PEM files containing certificates for your domains, 
110.
## chains of certificates or certificate keys. Full chains will be built 
111.
## automatically by ejabberd. 
112.
## 
113.
certfiles: 
114.
##   - "/opt/ejabberd-18.06/conf/server.pem" 
115.
   - "/opt/ejabberd/conf/server.pem" 
116.
    
117.
##   - "/etc/letsencrypt/live/example.org/*.pem" 
118.
##   - "/etc/letsencrypt/live/example.com/*.pem" 
119.
 
120.
ca_file: "/opt/ejabberd-18.06/conf/cacert.pem" 
121.
 
122.
###.  ================= 
123.
###'  TLS configuration 
124.
 
125.
## Note that the following configuration is the default 
126.
## configuration of the TLS driver, so you don't need to 
127.
## uncomment it. 
128.
## 
129.
define_macro: 
130.
  'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" 
131.
  'TLS_OPTIONS': 
132.
    - "no_sslv3" 
133.
    - "cipher_server_preference" 
134.
    - "no_compression" 
135.
  'DH_FILE': "/opt/ejabberd-18.06/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 
136.
## 
137.
c2s_dhfile: 'DH_FILE' 
138.
s2s_dhfile: 'DH_FILE' 
139.
c2s_ciphers: 'TLS_CIPHERS' 
140.
s2s_ciphers: 'TLS_CIPHERS' 
141.
c2s_protocol_options: 'TLS_OPTIONS' 
142.
s2s_protocol_options: 'TLS_OPTIONS' 
143.
 
144.
###.  =============== 
145.
###'  LISTENING PORTS 
146.
 
147.
## 
148.
## listen: The ports ejabberd will listen on, which service each is handled 
149.
## by and what options to start it with. 
150.
## 
151.
listen: 
152.
153.
    port: 5222 
154.
    ip: "::" 
155.
    module: ejabberd_c2s 
156.
    ## starttls: true 
157.
    ## 
158.
    ## To enforce TLS encryption for client connections, 
159.
    ## use this instead of the "starttls" option: 
160.
    ## 
161.
    starttls_required: true 
162.
    ## 
163.
    ## Stream compression 
164.
    ## 
165.
    ## zlib: true 
166.
    ## 
167.
    max_stanza_size: 65536 
168.
    shaper: c2s_shaper 
169.
    access: c2s 
170.
171.
    port: 5269 
172.
    ip: "::" 
173.
    module: ejabberd_s2s_in 
174.
    max_stanza_size: 131072 
175.
    shaper: s2s_shaper 
176.
177.
    port: 5280 
178.
    ip: "::" 
179.
    module: ejabberd_http 
180.
    request_handlers: 
181.
      "/ws": ejabberd_http_ws 
182.
      "/bosh": mod_bosh 
183.
      "/oauth": ejabberd_oauth 
184.
      "/api": mod_http_api 
185.
      "/upload": mod_http_upload 
186.
    ##  "/pub/archive": mod_http_fileserver 
187.
    web_admin: true 
188.
    register: true 
189.
    tls: true 
190.
    http_bind: true 
191.
    protocol_options: 'TLS_OPTIONS' 
192.
    dhfile: 'DH_FILE' 
193.
    ciphers: 'TLS_CIPHERS' 
194.
    captcha: true 
195.
  ## 
196.
  ## Direct-TLS for C2S (XEP-0368). A good practice is to forward 
197.
  ## traffic from port 443 to this port, possibly multiplexing it 
198.
  ## with HTTP using e.g. sslh [https://wiki.xmpp.org/web/Tech_pages/XEP-0368], 
199.
  ## so modern clients can bypass restrictive firewalls (in airports, hotels, etc.). 
200.
  ## 
201.
  ## - 
202.
  ##   port: 5223 
203.
  ##   ip: "::" 
204.
  ##   module: ejabberd_c2s 
205.
  ##   tls: true 
206.
  ##   max_stanza_size: 65536 
207.
  ##   shaper: c2s_shaper 
208.
  ##   access: c2s 
209.
 
210.
  ## 
211.
  ## ejabberd_service: Interact with external components (transports, ...) 
212.
  ## 
213.
  ## - 
214.
  ##   port: 8888 
215.
  ##   ip: "::" 
216.
  ##   module: ejabberd_service 
217.
  ##   access: all 
218.
  ##   shaper_rule: fast 
219.
  ##   ip: "127.0.0.1" 
220.
  ##   privilege_access: 
221.
  ##      roster: "both" 
222.
  ##      message: "outgoing" 
223.
  ##      presence: "roster" 
224.
  ##   delegations: 
225.
  ##      "urn:xmpp:mam:1": 
226.
  ##        filtering: ["node"] 
227.
  ##      "http://jabber.org/protocol/pubsub": 
228.
  ##        filtering: [] 
229.
  ##   hosts: 
230.
  ##     "icq.example.org": 
231.
  ##       password: "secret" 
232.
  ##     "sms.example.org": 
233.
  ##       password: "secret" 
234.
 
235.
  ## 
236.
  ## ejabberd_stun: Handles STUN Binding requests 
237.
  ## 
238.
  ## - 
239.
  ##   port: 3478 
240.
  ##   transport: udp 
241.
  ##   module: ejabberd_stun 
242.
 
243.
  ## 
244.
  ## To handle XML-RPC requests that provide admin credentials: 
245.
  ## 
246.
  ## - 
247.
  ##   port: 4560 
248.
  ##   ip: "::" 
249.
  ##   module: ejabberd_xmlrpc 
250.
  ##   maxsessions: 10 
251.
  ##   timeout: 5000 
252.
  ##   access_commands: 
253.
  ##     admin: 
254.
  ##       commands: all 
255.
  ##       options: [] 
256.
 
257.
  ## 
258.
  ## To enable secure http upload 
259.
  ## 
260.
 ## - 
261.
 ##   port: 5444 
262.
 ##   ip: "::" 
263.
 ##   module: ejabberd_http 
264.
 ##   request_handlers: 
265.
 ##     "/upload": mod_http_upload 
266.
 ##   tls: true 
267.
 ##   protocol_options: 'TLS_OPTIONS' 
268.
 ##   dhfile: 'DH_FILE' 
269.
 ##   ciphers: 'TLS_CIPHERS' 
270.
 
271.
## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text 
272.
## password storage (see auth_password_format option). 
273.
## disable_sasl_mechanisms: "digest-md5" 
274.
 
275.
###.  ================== 
276.
###'  S2S GLOBAL OPTIONS 
277.
 
278.
## 
279.
## s2s_use_starttls: Enable STARTTLS for S2S connections. 
280.
## Allowed values are: false, optional or required 
281.
## You must specify 'certfiles' option 
282.
## 
283.
s2s_use_starttls: required 
284.
## 
285.
## S2S whitelist or blacklist 
286.
## 
287.
## Default s2s policy for undefined hosts. 
288.
## 
289.
## s2s_access: s2s 
290.
 
291.
## 
292.
## Outgoing S2S options 
293.
## 
294.
## Preferred address families (which to try first) and connect timeout 
295.
## in seconds. 
296.
## 
297.
## outgoing_s2s_families: 
298.
##   - ipv4 
299.
##   - ipv6 
300.
## outgoing_s2s_timeout: 190 
301.
 
302.
###.  ============== 
303.
###'  AUTHENTICATION 
304.
 
305.
## 
306.
## auth_method: Method used to authenticate the users. 
307.
## The default method is the internal. 
308.
## If you want to use a different method, 
309.
## comment this line and enable the correct ones. 
310.
## 
311.
auth_method: internal 
312.
 
313.
## 
314.
## Store the plain passwords or hashed for SCRAM: 
315.
## auth_password_format: plain 
316.
auth_password_format: scram 
317.
## 
318.
## Define the FQDN if ejabberd doesn't detect it: 
319.
## fqdn: "server3.example.com" 
320.
 
321.
## 
322.
## Authentication using external script 
323.
## Make sure the script is executable by ejabberd. 
324.
## 
325.
## auth_method: external 
326.
## extauth_program: "/path/to/authentication/script" 
327.
 
328.
## 
329.
## Authentication using SQL 
330.
## Remember to setup a database in the next section. 
331.
## 
332.
## auth_method: sql 
333.
 
334.
## 
335.
## Authentication using PAM 
336.
## 
337.
## auth_method: pam 
338.
## pam_service: "pamservicename" 
339.
 
340.
## 
341.
## Authentication using LDAP 
342.
## 
343.
## auth_method: ldap 
344.
## 
345.
## List of LDAP servers: 
346.
## ldap_servers: 
347.
##   - "localhost" 
348.
## 
349.
## Encryption of connection to LDAP servers: 
350.
## ldap_encrypt: none 
351.
## ldap_encrypt: tls 
352.
## 
353.
## Port to connect to on LDAP servers: 
354.
## ldap_port: 389 
355.
## ldap_port: 636 
356.
## 
357.
## LDAP manager: 
358.
## ldap_rootdn: "dc=example,dc=com" 
359.
## 
360.
## Password of LDAP manager: 
361.
## ldap_password: "fdfgdfg******" 
362.
## 
363.
## Search base of LDAP directory: 
364.
## ldap_base: "dc=example,dc=com" 
365.
## 
366.
## LDAP attribute that holds user ID: 
367.
## ldap_uids: 
368.
##   - "mail": "%u@mail.example.org" 
369.
## 
370.
## LDAP filter: 
371.
## ldap_filter: "(objectClass=shadowAccount)" 
372.
 
373.
## 
374.
## Anonymous login support: 
375.
##   auth_method: anonymous 
376.
##   anonymous_protocol: sasl_anon | login_anon | both 
377.
##   allow_multiple_connections: true | false 
378.
## 
379.
## host_config: 
380.
##   "public.example.org": 
381.
##     auth_method: anonymous 
382.
##     allow_multiple_connections: false 
383.
##     anonymous_protocol: sasl_anon 
384.
## 
385.
## To use both anonymous and internal authentication: 
386.
## 
387.
## host_config: 
388.
##   "public.example.org": 
389.
##     auth_method: 
390.
##       - internal 
391.
##       - anonymous 
392.
 
393.
###.  ============== 
394.
###'  DATABASE SETUP 
395.
 
396.
## ejabberd by default uses the internal Mnesia database, 
397.
## so you do not necessarily need this section. 
398.
## This section provides configuration examples in case 
399.
## you want to use other database backends. 
400.
## Please consult the ejabberd Guide for details on database creation. 
401.
 
402.
## 
403.
## MySQL server: 
404.
## 
405.
## sql_type: mysql 
406.
## sql_server: "server" 
407.
## sql_database: "database" 
408.
## sql_username: "username" 
409.
## sql_password: "password" 
410.
## 
411.
## If you want to specify the port: 
412.
## sql_port: 1234 
413.
 
414.
## 
415.
## PostgreSQL server: 
416.
## 
417.
## sql_type: pgsql 
418.
## sql_server: "server" 
419.
## sql_database: "database" 
420.
## sql_username: "username" 
421.
## sql_password: "password" 
422.
## 
423.
## If you want to specify the port: 
424.
## sql_port: 1234 
425.
## 
426.
## If you use PostgreSQL, have a large database, and need a 
427.
## faster but inexact replacement for "select count(*) from users" 
428.
## 
429.
## pgsql_users_number_estimate: true 
430.
 
431.
## 
432.
## SQLite: 
433.
## 
434.
## sql_type: sqlite 
435.
## sql_database: "/opt/ejabberd-18.06/database/ejabberd.db" 
436.
 
437.
## 
438.
## ODBC compatible or MSSQL server: 
439.
## 
440.
## sql_type: odbc 
441.
## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd" 
442.
 
443.
## 
444.
## Number of connections to open to the database for each virtual host 
445.
## 
446.
## sql_pool_size: 10 
447.
 
448.
## 
449.
## Interval to make a dummy SQL request to keep the connections to the 
450.
## database alive. Specify in seconds: for example 28800 means 8 hours 
451.
## 
452.
## sql_keepalive_interval: undefined 
453.
 
454.
## 
455.
## Use the new SQL schema 
456.
## 
457.
## new_sql_schema: true 
458.
 
459.
###.  =============== 
460.
###'  TRAFFIC SHAPERS 
461.
 
462.
shaper: 
463.
  ## 
464.
  ## The "normal" shaper limits traffic speed to 1000 B/s 
465.
  ## 
466.
  normal: 1000 
467.
 
468.
  ## 
469.
  ## The "fast" shaper limits traffic speed to 50000 B/s 
470.
  ## 
471.
  fast: 50000 
472.
 
473.
## 
474.
## This option specifies the maximum number of elements in the queue 
475.
## of the FSM. Refer to the documentation for details. 
476.
## 
477.
max_fsm_queue: 10000 
478.
 
479.
###.   ==================== 
480.
###'   ACCESS CONTROL LISTS 
481.
acl: 
482.
  ## 
483.
  ## The 'admin' ACL grants administrative privileges to XMPP accounts. 
484.
  ## You can put here as many accounts as you want. 
485.
  ## 
486.
  admin: 
487.
    user: 
488.
      - "tester@example.com" 
489.
 
490.
  ## 
491.
  ## Blocked users 
492.
  ## 
493.
  ## blocked: 
494.
  ##   user: 
495.
  ##     - "baduser@example.org" 
496.
  ##     - "test" 
497.
 
498.
  ## Local users: don't modify this. 
499.
  ## 
500.
  local: 
501.
    user_regexp: "" 
502.
 
503.
  ## 
504.
  ## More examples of ACLs 
505.
  ## 
506.
  ## jabberorg: 
507.
  ##   server: 
508.
  ##     - "jabber.org" 
509.
  ## aleksey: 
510.
  ##   user: 
511.
  ##     - "aleksey@jabber.ru" 
512.
  ## test: 
513.
  ##   user_regexp: "^test" 
514.
  ##   user_glob: "test*" 
515.
 
516.
  ## 
517.
  ## Loopback network 
518.
  ## 
519.
  loopback: 
520.
    ip: 
521.
      - "127.0.0.0/8" 
522.
      - "::1/128" 
523.
      - "::FFFF:127.0.0.1/128" 
524.
 
525.
  ## 
526.
  ## Bad XMPP servers 
527.
  ## 
528.
  ## bad_servers: 
529.
  ##   server: 
530.
  ##     - "xmpp.zombie.org" 
531.
  ##     - "xmpp.spam.com" 
532.
 
533.
## 
534.
## Define specific ACLs in a virtual host. 
535.
## 
536.
## host_config: 
537.
##   "localhost": 
538.
##     acl: 
539.
##       admin: 
540.
##         user: 
541.
##           - "bob-local@localhost" 
542.
 
543.
###.  ============ 
544.
###'  SHAPER RULES 
545.
 
546.
shaper_rules: 
547.
  ## Maximum number of simultaneous sessions allowed for a single user: 
548.
  max_user_sessions: 10 
549.
  ## Maximum number of offline messages that users can have: 
550.
  max_user_offline_messages: 
551.
    - 5000: admin 
552.
    - 100 
553.
  ## For C2S connections, all users except admins use the "normal" shaper 
554.
  c2s_shaper: 
555.
    - none: admin 
556.
    - normal 
557.
  ## All S2S connections use the "fast" shaper 
558.
  s2s_shaper: fast 
559.
 
560.
###.  ============ 
561.
###'  ACCESS RULES 
562.
access_rules: 
563.
  ## This rule allows access only for local users: 
564.
  local: 
565.
    - allow: local 
566.
  ## Only non-blocked users can use c2s connections: 
567.
  c2s: 
568.
    - deny: blocked 
569.
    - allow 
570.
  ## Only admins can send announcement messages: 
571.
  announce: 
572.
    - allow: admin 
573.
  ## Only admins can use the configuration interface: 
574.
  configure: 
575.
    - allow: admin 
576.
  ## Only accounts of the local ejabberd server can create rooms: 
577.
  muc_create: 
578.
    - allow: local 
579.
  ## Only accounts on the local ejabberd server can create Pubsub nodes: 
580.
  pubsub_createnode: 
581.
    - allow: local 
582.
  ## In-band registration allows registration of any possible username. 
583.
  ## To disable in-band registration, replace 'allow' with 'deny'. 
584.
  register: 
585.
    - allow: all 
586.
  ## Only allow to register from localhost 
587.
  ## trusted_network: 
588.
  ##   - allow: loopback 
589.
  ## Do not establish S2S connections with bad servers 
590.
  ## If you enable this you also have to uncomment "s2s_access: s2s" 
591.
  ## s2s: 
592.
  ##   - deny: 
593.
  ##     - ip: "XXX.XXX.XXX.XXX/32" 
594.
  ##   - deny: 
595.
  ##     - ip: "XXX.XXX.XXX.XXX/32" 
596.
  ##   - allow 
597.
 
598.
## =============== 
599.
## API PERMISSIONS 
600.
## =============== 
601.
## 
602.
## This section allows you to define who and using what method 
603.
## can execute commands offered by ejabberd. 
604.
## 
605.
## By default "console commands" section allow executing all commands 
606.
## issued using ejabberdctl command, and "admin access" section allows 
607.
## users in admin acl that connect from 127.0.0.1 to  execute all 
608.
## commands except start and stop with any available access method 
609.
## (ejabberdctl, http-api, xmlrpc depending what is enabled on server). 
610.
## 
611.
## If you remove "console commands" there will be one added by 
612.
## default allowing executing all commands, but if you just change 
613.
## permissions in it, version from config file will be used instead 
614.
## of default one. 
615.
## 
616.
api_permissions: 
617.
  "console commands": 
618.
    from: 
619.
      - ejabberd_ctl 
620.
    who: all 
621.
    what: "*" 
622.
  "admin access": 
623.
    who: 
624.
      - access: 
625.
          - allow: 
626.
            - acl: loopback 
627.
            - acl: admin 
628.
      - oauth: 
629.
        - scope: "ejabberd:admin" 
630.
        - access: 
631.
          - allow: 
632.
            - acl: loopback 
633.
            - acl: admin 
634.
    what: 
635.
      - "*" 
636.
      - "!stop" 
637.
      - "!start" 
638.
  "public commands": 
639.
    who: 
640.
      - ip: "127.0.0.1/8" 
641.
    what: 
642.
      - "status" 
643.
      - "connected_users_number" 
644.
 
645.
## By default the frequency of account registrations from the same IP 
646.
## is limited to 1 account every 10 minutes. To disable, specify: infinity 
647.
## registration_timeout: 600 
648.
   
649.
## 
650.
## Define specific Access Rules in a virtual host. 
651.
## 
652.
## host_config: 
653.
##   "localhost": 
654.
##     access: 
655.
##       c2s: 
656.
##         - allow: admin 
657.
##         - deny 
658.
##       register: 
659.
##         - deny 
660.
 
661.
###.  ================ 
662.
###'  DEFAULT LANGUAGE 
663.
 
664.
## 
665.
## language: Default language used for server messages. 
666.
## 
667.
language: "de" 
668.
 
669.
## 
670.
## Set a different default language in a virtual host. 
671.
## 
672.
## host_config: 
673.
##   "localhost": 
674.
##     language: "ru" 
675.
 
676.
###.  ======= 
677.
###'  CAPTCHA 
678.
 
679.
## 
680.
## Full path to a script that generates the image. 
681.
## 
682.
captcha_cmd: "/opt/ejabberd-18.06/lib/ejabberd-18.06/priv/bin/captcha.sh" 
683.
 
684.
## 
685.
## Host for the URL and port where ejabberd listens for CAPTCHA requests. 
686.
## 
687.
## captcha_host: "xmpp:5280" 
688.
## captcha_host: "example.com:5280" 
689.
captcha_host: "https://example.com" 
690.
 
691.
## 
692.
## Limit CAPTCHA calls per minute for JID/IP to avoid DoS. 
693.
## 
694.
captcha_limit: 5 
695.
 
696.
###.  ==== 
697.
###'  ACME 
698.
## 
699.
## In order to use the acme certificate acquiring through "Let's Encrypt" 
700.
## an http listener has to be configured to listen to port 80 so that 
701.
## the authorization challenges posed by "Let's Encrypt" can be solved. 
702.
##  
703.
## A simple way of doing this would be to add the following in the listening 
704.
## section and to configure port forwarding from 80 to 5280 either via NAT 
705.
## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc. 
706.
##   -  
707.
##    port: 5280 
708.
##    ip: "::" 
709.
##    module: ejabberd_http 
710.
 
711.
acme: 
712.
 
713.
   ## A contact mail that the ACME Certificate Authority can contact in case of 
714.
   ## an authorization issue, such as a server-initiated certificate revocation. 
715.
   ## It is not mandatory to provide an email address but it is highly suggested. 
716.
   contact: "mailto:admin@xmpp" 
717.
 
718.
 
719.
   ## The ACME Certificate Authority URL. 
720.
   ## This could either be: 
721.
   ##   - https://acme-v01.api.letsencrypt.org - (Default) for the production CA 
722.
   ##   - https://acme-staging.api.letsencrypt.org - for the staging CA 
723.
   ##   - http://localhost:4000 - for a local version of the CA 
724.
   ca_url: "https://acme-v01.api.letsencrypt.org" 
725.
 
726.
###.  ======= 
727.
###'  MODULES 
728.
 
729.
## 
730.
## Modules enabled in all ejabberd virtual hosts. 
731.
## 
732.
modules: 
733.
  mod_adhoc: {} 
734.
  mod_admin_extra: {} 
735.
  mod_announce: # recommends mod_adhoc 
736.
    access: announce 
737.
  mod_blocking: {} # requires mod_privacy 
738.
  mod_caps: {} 
739.
  mod_carboncopy: {} 
740.
  mod_client_state: {} 
741.
  mod_configure: {} # requires mod_adhoc 
742.
  ## mod_delegation: {} # for xep0356 
743.
  mod_disco: {} 
744.
  ## mod_echo: {} 
745.
  ## mod_irc: {} 
746.
  mod_bosh: {} 
747.
  ## mod_http_fileserver: 
748.
  ##   docroot: "/var/www" 
749.
  ##   accesslog: "/opt/ejabberd-18.06/logs/access.log" 
750.
  mod_http_upload: 
751.
    ##  host: "@HOST@" 
752.
     docroot: "@HOME@/upload" 
753.
     put_url: "https://@HOST@/upload" 
754.
  ##   thumbnail: false # otherwise needs ejabberd to be compiled with libgd support 
755.
  mod_http_upload_quota: 
756.
    max_days: 30 
757.
  mod_last: {} 
758.
  ## XEP-0313: Message Archive Management 
759.
  ## You might want to setup a SQL backend for MAM because the mnesia database is 
760.
  ## limited to 2GB which might be exceeded on large servers 
761.
  mod_mam: # for xep0313, mnesia is limited to 2GB, better use an SQL backend 
762.
   default: roster 
763.
  mod_muc: 
764.
    host: "conference.@HOST@" 
765.
    access: 
766.
      - allow 
767.
    access_admin: 
768.
      - allow: admin 
769.
    access_create: muc_create 
770.
    access_persistent: muc_create 
771.
    default_room_options: 
772.
      allow_subscription: true 
773.
  mod_muc_admin: {} 
774.
  mod_muc_log: {} 
775.
  mod_multicast: {} 
776.
  mod_offline: 
777.
    access_max_user_messages: max_user_offline_messages 
778.
  mod_ping: {} 
779.
  mod_pres_counter: 
780.
    count: 5 
781.
    interval: 60 
782.
  mod_privacy: {} 
783.
  mod_private: {} 
784.
  ## mod_proxy65: {} 
785.
  mod_pubsub: 
786.
    access_createnode: pubsub_createnode 
787.
    ## reduces resource comsumption, but XEP incompliant 
788.
    ignore_pep_from_offline: true 
789.
    ## XEP compliant, but increases resource comsumption 
790.
    ## ignore_pep_from_offline: false 
791.
    last_item_cache: false 
792.
    max_items_node: 10 
793.
    plugins: 
794.
      - "flat" 
795.
      - "pep" # pep requires mod_caps 
796.
    force_node_config: 
797.
      ## Avoid using OMEMO by default because it 
798.
      ## introduces a lot of hard-to-track problems 
799.
      ## "eu.siacs.conversations.axolotl.*": 
800.
      ##  access_model: whitelist 
801.
      ## Avoid buggy clients to make their bookmarks public 
802.
      "storage:bookmarks": 
803.
        access_model: whitelist 
804.
  mod_push: 
805.
    include_body: "New message" 
806.
 
807.
  ##  mod_push: {} 
808.
  mod_push_keepalive: {} 
809.
  mod_register: 
810.
    ## 
811.
    ## Protect In-Band account registrations with CAPTCHA. 
812.
    ## 
813.
    captcha_protected: true 
814.
    ## 
815.
    ## Set the minimum informational entropy for passwords. 
816.
    ## 
817.
    password_strength: 32 
818.
    ## 
819.
    ## After successful registration, the user receives 
820.
    ## a message with this subject and body. 
821.
    ## 
822.
    welcome_message: 
823.
      subject: "Moin!" 
824.
      body: |- 
825.
        Tach. 
826.
        Willkommen auf meinem  XMPP server. 
827.
    ## 
828.
    ## When a user registers, send a notification to 
829.
    ## these XMPP accounts. 
830.
    ## 
831.
    ##   registration_watchers: 
832.
    ##     - "admin1@example.org" 
833.
    ## 
834.
    ## Only clients in the server machine can register accounts 
835.
    ## 
836.
    ip_access: all  
837.
    ## ip_access: trusted_network 
838.
    ## 
839.
    ## Local c2s or remote s2s users cannot register accounts 
840.
    ## 
841.
    ##   access_from: deny 
842.
    access: register 
843.
  mod_register_web: {} 
844.
  mod_roster: {} 
845.
  mod_shared_roster: {} 
846.
  ## mod_stats: {} 
847.
  ## mod_time: {} 
848.
  mod_vcard: 
849.
    search: false 
850.
  mod_vcard_xupdate: {} 
851.
  mod_avatar: {} 
852.
  mod_version: {} 
853.
  mod_stream_mgmt: {} 
854.
  ##   Non-SASL Authentication (XEP-0078) is now disabled by default 
855.
  ##   because it's obsoleted and is used mostly by abandoned 
856.
  ##   client software 
857.
  ## mod_legacy_auth: {} 
858.
  ##   The module for S2S dialback (XEP-0220). Please note that you cannot 
859.
  ##   rely solely on dialback if you want to federate with other servers, 
860.
  ##   because a lot of servers have dialback disabled and instead rely on 
861.
  ##   PKIX authentication. Make sure you have proper certificates installed 
862.
  ##   and check your accessibility at https://check.messaging.one/ 
863.
  mod_s2s_dialback: {} 
864.
  mod_http_api: {} 
865.
  mod_fail2ban: {} 
866.
 
867.
## 
868.
## Enable modules with custom options in a specific virtual host 
869.
## 
870.
## host_config: 
871.
##   "localhost": 
872.
##     modules: 
873.
##       mod_echo: 
874.
##         host: "mirror.localhost" 
875.
 
876.
## 
877.
## Enable modules management via ejabberdctl for installation and 
878.
## uninstallation of public/private contributed modules 
879.
## (enabled by default) 
880.
## 
881.
 
882.
allow_contrib_modules: true 
883.
 
884.
###. 
885.
###' 
886.
### Local Variables: 
887.
### mode: yaml 
888.
### End: 
889.
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
Mitglied: holli.zimmi
06.09.2018 um 10:35 Uhr
Hi,

könntest Du bitte "Ubuntu" und "Linux" mit der Anleitung verbinden! Damit es als Thema besser gefunden werden kann!

Danke!

Gruß

Holli
Bitte warten ..
Ähnliche Inhalte
Instant Messaging
XMPP Server Ejabberd 18.04 auf Windows
Anleitung von horstvogelInstant Messaging

Noch im Entwurf!!!!! Gerne darf mir noch geholfen werden. der Ejabberd läuft soweit, kann aber nicht mit anderen Server ...

Ubuntu
Server Virtualisierung Ubuntu 16.04
Anleitung von Looser27Ubuntu

Lange Zeit habe ich für jeden Dienst (RADIUS, INTRANET, OPSI, NAGIOS) jeweils einen betagten PC zum Ubuntu Server aufgewertet ...

Ubuntu
Ubuntu 17.10 steht zum Download bereit
Information von FrankUbuntu3 Kommentare

Ubuntu 17.10 Artful Aardvark wurde veröffentlicht und kann ab sofort heruntergeladen werden. Die Version 17.10 erscheint mit GNOME 3.26.1 ...

Ubuntu

Ubuntu 14.04: Bug 1572608 mit Update auf Samba 4.3.8

Erfahrungsbericht von freekerUbuntu

Hallo, Ich wollte euch an dieser Stelle vor dem Update auf Samba 2:4.3.8+dfsg-0ubuntu0.14.04.2 warnen. Nach dem Update ist, je ...

Neue Wissensbeiträge
E-Mail
Email-Apps und Verhalten bei Pop3
Erfahrungsbericht von kfranzk vor 19 StundenE-Mail3 Kommentare

Hallo Freunde, da mir mein diesbezüglicher Faden als gelöst markiert wurde, muss ich hier neu aufsetzen. Ich arbeite bewusst ...

Hyper-V

Optimiertes Ubuntu per Microsoft Hyper-V-Schnellerstellung verfügbar

Anleitung von Frank vor 20 StundenHyper-V

Für Microsofts Virtualisierungssoftware Hyper-V ist ab sofort auch ein optimiertes Ubuntu 18.04.1 LTS verfügbar. In der "Hyper-V-Schnellerstellung" App, die ...

Sicherheits-Tools

Trend Micro WorryFree Business Security (WFBS) 10 - neuer Patch 1470 verfügbar

Tipp von VGem-e vor 1 TagSicherheits-Tools1 Kommentar

Servus, mal sehen, ob mit Patch 1470, zu finden unter dann die angeblich fehlerhafte Funktion, die unter W10 im ...

Server-Hardware

Lösung für Ersatz eines defekter Raid-Controllers

Anleitung von wellknown vor 1 TagServer-Hardware3 Kommentare

Hallo, da ich nichts gefunden habe und selbst eine Lösung brauchte, hier eine kleine Anleitung für alle die vor ...

Heiß diskutierte Inhalte
Windows Server
Mit der alten Domäneprofil anmelden ohne Server
gelöst Frage von SyosseWindows Server37 Kommentare

Hallo Jungs Folgendes Szenario: Ich habe bei einem sehr kleinen Unternehmen (2Personen) den Server migriert, soweit hat alles geklappt. ...

Sicherheits-Tools
Virenprogramm lässt Programme nicht starten
Frage von SurferGirlSicherheits-Tools23 Kommentare

Hallo, ich bin neu hier, ich hoffe ich habe die richtige Rubrik gewählt. Falls nicht, tut es mir leid. ...

Windows Server
SQL Server Instanz (Eplan) auf WIN 2008 RC2 Server frisst RAM ohne Limit
Frage von derinderinderinWindows Server17 Kommentare

Hallo Zusammen, Wir haben hier einen Windows 2008 RC2 Server. Darauf läuft ein SQL Server Express 2014 Version 12.0.4232.0. ...

Windows 10
Best Practice für Schulungsräume
Frage von Sn0wFoxWindows 1015 Kommentare

Hallo, leider bin ich auch nach langer Suche nicht auf eine zufriedenstellende Nicht-Cloud-Lösung gestoßen und wollte mal Fragen ob ...