Ejabberd Configuration

From OLPC
Revision as of 19:40, 20 December 2007 by RobertMcQueen (talk | contribs) (→‎Tips: note that ejabberdctl differs on Fedora)
Jump to navigation Jump to search
  This page is monitored by the OLPC team.

The OLPC Jabber server at jabber.laptop.org was trialling ejabberd 2.0 from SVN trunk to see if it aids stability (see #5313). We're aiming to reduce the odd configuration and patches in favour of a self-contained server component which can be connected up (using XEP-0114) to any unmodified Jabber server to carry out OLPC's activity and buddy indexing/searching (see XMPP Extensions). We're not there yet, so in the mean time if you want to run your own server...

We are also working on experimental support of Openfire. See Openfire_Configuration

Packages

If you don't want to mess with patching your server, we are periodically generating snapshot binary packages of our modified Jabber server. If you use one of these packages you can skip the patching step below. Go here to find the latest Fedora 7 packages (the Debian packages are a little outdated, apologies). You can also download a configuration file (ejabberd.cfg) with the changes outlined below already made. You'll just need to change the hostname and the admin account name.

Source

We are currently trialling SVN trunk of ejabberd on jabber.laptop.org, which can be obtained with:

svn co http://svn.process-one.net/ejabberd/trunk

Patches

We have a patch to the shared roster support so that already-connected clients are notified about new accounts which are registered after you connect (this happens a lot in development environments), and also patches to add support for @recent@ and @online@ shared roster groups. You should apply these patches in order:

There's also a mod_ctlextra patch which you may apply to add some extra features to the ejabberdctl command (see Tips below):

Configuration

Enable Modules

As well as normal ejabberd configuration (setting your hostname and configuring an admin user), you must enable the following modules in the configuration file:

  • mod_caps
  • mod_muc
  • mod_pubsub
  • mod_ctlextra

Note that PEP fails in very cryptic ways if mod_caps is not enabled.

MUC

The default MUC configuration is to assume that conference.yourserver is a valid hostname. This isn't actually important for the XOs, but it must exist from the perspective of the server. You could put it into /etc/hosts for example.

Disable S2S

Currently the XOs don't do a very good job with authorisation because they assume that only other XOs eg from the same school will be connected to the server, and "all see all" is an acceptable policy. For Internet-connected servers, it's best to disable "s2s" (server to server) connections to avoid people from outside connecting in and breaking this assumption. Change:

 {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},
                           {max_stanza_size, 131072}]},

To:

% {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},
%                           {max_stanza_size, 131072}]},

You should also explicitly disable outgoing s2s connections like this:

{s2s_default_policy, deny}.

As a trivial optimisation, you can also edit the configuration of mod_disco to stop clients calling out to users.jabber.org, which will always fail because s2s is disabled. Change:

  {mod_disco,      [{extra_domains, ["users.jabber.org"]}]},

To:

  {mod_disco,      []},

Enable Old-Style SSL

In ejabberd 2.0, old-style SSL connections on port 5223 are disabled by default. The XOs have an old version of loudmouth which does not support TLS, but old-style SSL is still used so that we can benefit from in-band DEFLATE compression (see #4936). Make sure that support for port 5223 is enabled by uncommenting (delete the %%s) the following in the {listen} section:

  {5223, ejabberd_c2s, [
                        {access, c2s},
                        {shaper, c2s_shaper},
                        tls, {certfile, "/etc/ejabberd/ejabberd.pem"},
                        {max_stanza_size, 65536}
                       ]},

Raising The Limits

Until a few constants are tweaked (see #5018), the XOs send larger than normal stanzas through the server, which triggers a maximum stanza size limit and can make the jabber server disconnect you eg when inserting an image into a shared document. To fix this, we raise the maximum stanza limit. Change:

{max_stanza_size, 65536},

To:

{max_stanza_size, 524288}

In both the port 5222 and port 5223 ejabberd_c2s listen stanzas.

You can also aid interactivity by allowing the clients to send data at a faster rate by changing:

{access, c2s_shaper, [{none, admin},
                      {normal, all}]}.

To:

{access, c2s_shaper, [{none, admin},
                      {fast, all}]}.

Enable IPv6

IPv6 connectivity should be enabled by adding the 'inet6' keyword to the port configuration in the {listen} section. For example, change:

  {5222, ejabberd_c2s, [
                        {access, c2s},
                        {shaper, c2s_shaper},
                        {max_stanza_size, 524288}
                       ]},

To:

  {5222, ejabberd_c2s, [
                        inet6,
                        {access, c2s},
                        {shaper, c2s_shaper},
                        {max_stanza_size, 524288}
                       ]},

Do this for all of the items in the {listen} section: ejabberd_c2s on port 5222, ejabberd_c2s on port 5223, and ejabberd_http on port 5280.

Setting Up Shared Roster

You must perform this step by logging in to ejabberd's web admin interface, or your XOs will never see any buddies.

We have a patch to allow the creation of a group that contains all Online users with the @online@ keyword. It works similarly to the @all@ keywords. To set up the 'Online' group, log in as your ejabberd's administrative user on the web admin interface at http://yourserver:5280/admin/ and select Virtual Hosts, then your server hostname, then Shared Roster. Add a group called Everybody with the following settings:

  • Name: Online
  • Members: @online@
  • Displayed Groups: Online

See here for more information.

Tips

Every time you flash an XO, it will generate a new key and hence register a new account on the server. This can lead to quite a lot of accounts floating around on the server, so you get more and more irrelevant users which will never be used again. If you applied the mod_ctlextra patch, you may use ejabberdctl delete-older-users 30 to delete users who havn't logged in for a month, for example. Note that this will probably also delete your admin account because you're unlikely to ever log into it using a Jabber client, but you can re-add it with ejabberdctl register yourserver admin password. Note that unfortunately, the behaviour of the ejabberdctl command differs according to which distribution you use... on Fedora it seems to also require a first argument of your node name, which is usually your hostname.