Setting up eJabberD from scratch
eJabberD is an erlang Jabber server written for high performance and
long term stability. It's also pretty easy to set up. eJabberD has a
number of serious advantages over other Jabber servers, important among
which is the ability to cluster servers, so that if one server goes
down, the service itself continues running.
Areas highlighted in red are areas where you're expected to provide your
own values. I provided the values I used in setting up the codeboner
jabber server for comparison, but you can do as you see fit. Please don't
cut and paste several lines at once, even from series of instructions,
as some of the utility calls made (especially the OpenSSL stuff) ask
for user input (what's the company's domain, what's the owner's name, etc,
nothing particularly complex).
Please be careful to use the same number of days for expiration dates (the
365s), and be sure that the domain's A and REV records are character for
character identical to what you use in the SSL certificate, or it will
appear to fail for no apparent reason. If you've followed these instructions
and the thing just won't let you connect, the SSL certificate may be the
cause.
These instructions are written assuming a single Unix server environment
and a requirement for TLS (ssl3) top to bottom, using yum, GCC, the
OpenSSL library and a self-signed certificate. Because of dependencies,
it's important that installation proceed in a specific order. The steps,
in order, are as follows:
- Install standard toolchain
- yum install gcc gcc-g++ automake autoconf screen libtool which coreutils libstdc++ libgcc bind authconfig sudo tar zlib zlib-devel
- Install OpenSSL ecology
- yum install openssl openssl-clients openssl-server openssl-devel
- Install Expat ecology
- yum install expat expat-devel
- Install Erlang r11b5
- mkdir /erl-inst
cd /erl-inst
wget http://erlang.org/download/otp_src_R11B-5.tar.gz
mkdir /usr/local/erlang
mkdir /usr/local/erlang/otp_r11b
cd /usr/local/erlang/otp_r11b
gunzip -c /erl-inst/otp_src_R11B-5.tar.gz | tar xfp -
cd otp_src_R11B-5
./configure
make
make install
rm /erl-inst/otp_src_R11B-5.tar.gz
rmdir /erl-inst/
- Create a self-signed PEM (or buy one)
- openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl rsa -in server.key -out server.key.stripped
chmod 600 server.key.stripped
cat server.crt server.key ca.crt >server.pem
- Add erlang to your path
- Varies per shell; in BASH, this is in .bash_profile or .bashrc; add :FOOPATH (not ;FOOPATH like dos) to the end of what's there.
Erlang is probably in /usr/local/bin/, but you can find it by:
updatedb
locate erlc
- Install eJabberD
- (make and change to some temporary installation directory)
wget http://www.process-one.net/downloads/ejabberd/1.1.4/ejabberd-1.1.4.tar.gz
tar -xvf ejabberd-1.1.4.tar.gz
cd ejabberd-1.1.4/src
./configure
make
sudo make install
- Configure eJabberD
- nano -w /etc/ejabberd/ejabberd.cfg
- In eJabberD.cfg line 89, set hosts to be served
- {hosts, ["codeboner.com"]}.
- In eJabberD.cfg line 116, uncomment the {certfile} directive, and set the path to your self-signed PEM
- {certfile, "codebonerssl/cbjk.pem"}, starttls,
- If you want to forbid non-TLS connections, in eJabberD.cfg line 116, change starttls to starttls_required
- {certfile, "codebonerssl/cbjk.pem"}, starttls_required,
- In eJabberD.cfg line 152, make sure the HTTP administration interface is enabled
- web_admin
- In eJabberD.cfg line 311, annote one user as an administrator (so they can use the HTTP interface)
- {acl, admin, {user, "john", "codeboner.com"}}.
- Start eJabberD
- erl -pa /var/lib/ejabberd/ebin -name ejabberd -s ejabberd -ejabberd config \"/etc/ejabberd/ejabberd.cfg\"
- Add users to eJabberD (REMEMBER TO ADD THE ADMIN USER FROM ABOVE)
- ejabberdctl --node ejabberd@localhost register john codeboner.com 123changeMe
- Set up system preferences such as user groups
- Admin control panel is at http://yourserver.com:5280/admin/
Your username is john@codeboner.com
You should now be able to connect to Jabber on the port at the beginning of the c2s rule (5222 unless you changed it.)