Install ejabberd with multiple domains on Ubuntu

Veröffentlicht am von Gerald

ejabberd is an open source XMPP server for Microsoft Windows, Linux, Mac and more. It is written in Erlang.

Update the system and install the package

apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get install ejabberd

ejabberd is now installed.

netstat -putan|grep beam
tcp6       0      0 :::5222       :::*         LISTEN      21487/beam
tcp6       0      0 :::5269       :::*         LISTEN      21487/beam
tcp6       0      0 :::5280       :::*         LISTEN      21487/beam

Add ports to services

vi /etc/services
xmpp-client    5222/tcp    jabber-client   # Jabber Client Connection
xmpp-client    5222/udp    jabber-client
xmpp-server    5269/tcp    jabber-server   # Jabber Server Connection
xmpp-server    5269/udp    jabber-server
xmpp-bosh      5280/tcp    http-bind       # ejabberd mod_http_bind

Open ports on firewall

iptables -A -p tcp -m tcp --dport 5222 -j ACCEPT
iptables -A -p tcp -m tcp --dport 5269 -j ACCEPT

Create self signed certificate

for 10 years

cd /etc/ejabberd
openssl genrsa -out key.pem 4096
openssl req -new -sha256 -key key.pem -out csr.csr
openssl req -x509 -sha256 -days 3650 -key key.pem -in csr.csr -out mycert.pem
cat key.pem >> mycert.pem
chgrp ejabberd mycert.pem
chmod 640 mycert.pem

Generate Diffie-Hellman key

openssl dhparam -out /etc/ejabberd/dh2048.pem 2048
chmod 640 dg2048.pem
chgrp ejabberd dh2048.pem

Configure ejabberd.yml

The config file is /etc/ejabberd/ejabber.yml. Note the indents in the YAML file!

vi /etc/ejabberd/ejabberd.yml

Add your domains

## hosts: Domains served by ejabberd.
## You can define one or several, for example:
## hosts: 
##   - "example.net"
##   - "example.com"
##   - "example.org"
##
hosts:
  - "localhost"
  - "mydomain.xx"                             # add your domains here
  - "myotherdomain.xx"

Configure forced encryption for clients

listen:
 -
  port: 5222
  ip: "::"
  module: ejabberd_c2s
  ##certfile: "/etc/ejabberd/ejabberd.pem"
  certfile: "/etc/ejabberd/mycert.pem"
  starttls: true
  starttls_required: true
  protocol_options:
    - "no_sslv3"
    - "no_tlsv1"
    - "no_tlsv1_1"
  ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
  max_stanza_size: 65536
  shaper: c2s_shaper
  access: c2s
  resend_on_timeout: if_offline
  tls_compression: false
  dhfile: "/etc/ejabberd/dh2048.pem

Add admin users

acl:
  ##
  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  ## You can put here as many accounts as you want.
  ##
  admin:
     user:
         - "admin": "localhost"
         - "admin": "mydomain.xx"
         - "admin": "myotherdomain.xx"

Disable self registration for users

## In-band registration allows registration of any possible username.
## To disable in-band registration, replace 'allow' with 'deny'.
register:
  #all: allow
  all: deny

Save ejabberd.yml and

Restart ejabberd

service ejabberd restart

ejabberd is now configured and running.

Register admin users

ejabberdctl register admin localhost secretpassword
ejabberdctl register admin mydomain.xx secretpassword
ejabberdctl register admin myotherdomain.xx secretpassword

Add users

ejabberdctl register user1 mydomain.xx secretpassword
ejabberdctl register user2 mydomain.xx secretpassword
ejabberdctl register user3 mydomain.xx secretpassword

Delete user

ejabberdctl unregister username mydomain.xx

Additional commands

ejabberdctl connected-users-number
ejabberdctl connected-users
ejabberdctl registered-users mydomain.xx

Disable shell for ejabberd

usermod -s /usr/sbin/nologin ejabberd
grep ejabberd /etc/passwd | grep nologin
ejabberd:x:125:134::/var/lib/ejabberd:/usr/sbin/nologin

ejabberd Admin Interface

http://mydomain.xx:5280/admin

login as [email protected]

ejabberd BOSH URL

Bidirectional-streams Over Synchronous HTTP (BOSH)

http://mydomain.xx:5280/http-bind

ejabberd logfile

/var/log/ejabberd/ejabberd.log

How to capture the chat messages

vi /etc/ejabberd/ejabberd.yml
loglevel: 5
service ejabberd restart
tail -f /var/log/ejabberd/ejabberd.log | grep -E "<body>.*</body>"

So always be sure that your communication is encrypted! Use the lock at the bottom right of the chat window. This will start an OTR encrypted chat.

Open Source Jabber/XMPP Clients

for Microsoft Windows, Linux, Mac OS X: Pidgin or Gajim

for iPhone & iPad: ChatSecure

for Android: Conversations

See also