Steps
- ejabber install ( try to find an centos 7 and 8 RPM for eJabber) and
install it - instructions and steps to add a domain name in eJabber server
- instructions to add new users/chat account into eJabber for specific
domain - Firewall settings, i.e port
requirements
- apache
- mysql
- wget
ejabber install: (for centos
8 or 7)
- Update our system
sudo yum -y update
- Download and install ejabberd rpm
First you will need to check the latest version of ejabberd before doing
the actual download. (version 21.07 is latest version of ejabberd)EJ_VERSION=23.10
wget https://static.process-one.net/ejabberd/downloads/${EJ_VERSION}/ejabberd-${EJ_VERSION}-0.x86_64.rpm
- Install Downloaded RPM package by running the command:
sudo yum localinstall ejabberd-${EJ_VERSION}-0.x86_64.rpm
Press y for installation.
This will place ejabberd init script under /etc/init.d/ejabberd.
Ejabberd application directory is /opt/ejabberd. This is a home for the
ejabberd user. - Now that we have done the installation, we need to start the
service and enable it to start automatically when the server is
rebooted.sudo yum -y install mlocate
sudo updatedb
sudo cp $(locate ejabberd.service) /etc/systemd/system
Then reload systemd:sudo systemctl daemon-reload
Once the new ejabberd service is detected, start it:sudo systemctl enable --now ejabberd
You can confirm that the service is in running state.systemctl status ejabberd
command for start ejabberd service is:systemctl start ejabberd
commadn for restart ejabberd service is:systemctl restart ejabberd
Create ejabberd XMPP admin
account.
You need an admin XMPP account for accessing the Web Admin
dashboard.
Store our ejabberd xmpp server version to a veriable.$VER=21.07
Change your working directory tocd /opt/ejabberd-${VER}/bin
- Add admin account:
Save username nad password to variables:username="myadmin"
password="myadmin_12345"
- Create admin user.
sudo ./ejabberdctl register ${username} localhost ${password}
You may need to replace localhost with your actual server
hostname.
Edit the ejabberd configuration file to give administration rights to
the XMPP admin account you createdvi /opt/ejabberd/conf/ejabberd.yml
admin: user: - "admin@localhost" - "myadmin@localhost"
After chnages restart ejabberd
systemctl restart ejabberd
For satisfaction check its status, it is activesystemctl status ejabberd
Configure Firewall
Allow Ejabberd UI port on the firewall.sudo firewall-cmd --add-port=5280/tcp --permanent
sudo firewall-cmd --reload
The Web Admin should be accessible on
http://ip-address:5280/admin/.
Allow firewall for video and voice calling
Port: 3478 or 5349. Protocol: udp, tcp
SRV Record for xmpp
Port: 5222, 5269, 5223, 5270. Protocol: tcp
enable bosh
enable bosh, api, upload in ejabberd_http module
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
admin: ejabberd_web_admin
api: mod_http_api
bosh: mod_bosh
captcha: ejabberd_captcha
upload: mod_http_upload
/ws: ejabberd_http_ws
firewall
stop the firewall systemctl stop firewalld
certificates
install ssl on ejabberd sevrer and key files (fullchain.pem and
privkey.pem) have ejabberd ownership. and update ejabberd configuration
certfiles: – /opt/ejabberd/conf/server.pem –
/etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem –
/etc/letsencrypt/live/DOMAIN_NAME/privkey.pem
in it DOMAIN_NAME will we your server doamin name like
punjnad.com.
now use can access/login ejabberd user in converse.js library.
NOTE:
If folder (letsencrypt/live/DOMAIN_NAME) don’t
have ejabberd ownership then Copy certificates to a location accessible
by ejabberd and set ownership.
mkdir /etc/ejabberd/certs
cp /etc/letsencrypt/live/panjnad.com/* /etc/ejabberd/certs/
chown -R ejabberd:ejabberd /etc/ejabberd/certs
chmod 640 /etc/ejabberd/certs/*
ejabberd http
after instaling ssl in server then allow tls (tls: true) on port
5240.
port: 5280
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
/admin: ejabberd_web_admin
/.well-known/acme-challenge: ejabberd_acme
ejabberd bosh
First
make sure bosh is enables in ejabberd_http module (ejabberd
configuration).
bosh: mod_bosh
Apache configuration
vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName panjnad.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =panjnad.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ProxyPass "/http-bind" "https://panjnad.com:5443/http-bind/"
ProxyPassReverse "/http-bind" "https://panjnad.com:5443/http-bind/"
ProxyPass "/bosh" "https://panjnad.com:5443/bosh/"
ProxyPassReverse "/bosh" "https://panjnad.com:5443/bosh/"
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName ravi.com
RewriteEngine on
RewriteCond %{SERVER_NAME} = ravi.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ProxyPass "/http-bind" "https://ravi.com:5443/http-bind/"
ProxyPassReverse "/http-bind" "https://ravi.com:5443/http-bind/"
ProxyPass "/bosh" "https://ravi.com:5443/bosh/"
ProxyPassReverse "/bosh" "https://ravi.com:5443/bosh/"
</VirtualHost>
restart apacher service
systemctl restart httpd
now access bosh url https://panjnad.com:5443/bosh/
instructions
to add new users / chat account into eJabber for specific domain:
Login Web admin dashboard
* Click on Virtual Hosts
. * Select Host
from
table. * Click on Users. * Enter username (without host) and password
and click Add User button. User added successfully for
specific domain.
add a domain name in
eJabber server
When managing several XMPP domains in a single instance, Those
domains are truly independent if not global auth_method define. It means
they can even have different configuration parameters. Options can be
defined separately for every virtual host using the host_config
option.
vi /opt/ejabberd/conf/ejabberd.yml
hosts:
- domain1.net
- domain2.com
Example:
* Domain domain1.net is using the internal authentication method while
domain domain2.com is using the LDAP server running on the domain
localhost to perform authentication:
host_config:
domain1.net:
auth_method: internal
domain2.com:
auth_method: ldap
ldap_servers:
- localhost
ldap_uids:
- uid
ldap_rootdn: "dc=localdomain"
ldap_password: ""
- Domain domain1.net is using SQL to perform authentication while
domain domain2.com is using the LDAP servers running on the domains
localhost and otherhost:host_config: domain1.net: auth_method: sql sql_type: odbc sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd" domain2.com: auth_method: ldap ldap_servers: - localhost - otherhost ldap_uids: - uid ldap_rootdn: "dc=example,dc=com" ldap_password: ""
- ejabberd xmpp configuration for send mediaYou will need to create the PEM cert using the 2 keys above. Do the
following on your console terminal.replace "your-domain-name" with your server domain name
cat /etc/letsencrypt/live/your-domain-name/privkey.pem
/etc/letsencrypt/live/your-domain-name/fullchain.pem >>
/opt/ejabberd/conf/server.pem
Once done go to your config file “ejabberd.yml” and set the relevant SSL
cert at the listening port. Make sure your relevant SSL cert points to
/opt/ejabberd/conf/server.pem.Ejabberd SSL Certificate we follow this link
“https://www.ejabberd.im/forum/28648/ejabberd-letsencrypt-ssl-certificate/index.html”certfiles: …. – “/opt/ejabberd/conf/server.pem” ….
modules: …. mod_http_upload: docroot: “/opt/ejabberd/upload” put_url:
“https://@HOST@:5443/upload/” max_size: infinity access:
local thumbnail: false custom_headers: “Access-Control-Allow-Origin”:
“*” “Access-Control-Allow-Methods”: “GET, POST, PUT, OPTIONS”
“Access-Control-Allow-Headers”: “Content-Type” ….All media who you are send it is in upload folder
(/opt/ejabberd/upload). After configuration restart the ejabberd server
using this command systemctl restart ejabberd
conversejs
we include these two URLs inside the
element of ictbroadcast website via the script and link tags(/usr/ictbroadcast/theme/THEMENAME/view/layout/base.html.twig)**
**
- Initializing converse for login converse.initialize({
bosh_service_url: ‘https://conversejs.org/http-bind/’, auto_login: true,
jid: ‘8314@ejab.ictbroadcast.com’, password: ‘03012345678’, keepalive:
true, message_carbons: true, play_sounds: true, roster_groups: true,
show_controlbox_by_default: true, xhr_user_search: false,
whitelisted_plugins: [‘chatplugin’], authentication: ‘login’, allow_muc:
false, //allow_chat_pending_contacts: true,
//allow_non_roster_messaging: true, //message_archiving: ‘always’
view_mode: ‘fullscreen’ //set it if you want to dispaly in fullscreen
}); - ejabberd xmpp configuration for send mediaYou will need to create the PEM cert using the 2 keys above. Do the
following on your console terminal.replace "your-domain-name" with your server domain name
cat /etc/letsencrypt/live/your-domain-name/privkey.pem
/etc/letsencrypt/live/your-domain-name/fullchain.pem >>
/opt/ejabberd/conf/server.pem
Once done go to your config file “ejabberd.yml” and set the relevant SSL
cert at the listening port. Make sure your relevant SSL cert points to
/opt/ejabberd/conf/server.pem.Ejabberd SSL Certificate we follow this link
“https://www.ejabberd.im/forum/28648/ejabberd-letsencrypt-ssl-certificate/index.html”certfiles: …. – “/opt/ejabberd/conf/server.pem” ….
modules: …. mod_http_upload: docroot: “/opt/ejabberd/upload” put_url:
“https://ejab.ictbroadcast.com:5443/upload/” max_size: infinity access:
local thumbnail: false custom_headers: “Access-Control-Allow-Origin”:
“*” “Access-Control-Allow-Methods”: “GET, POST, PUT, OPTIONS”
“Access-Control-Allow-Headers”: “Content-Type” ….All media who you are send it is in upload folder. After
configuration restart the ejabberd server using this command
systemctl restart ejabberd - If you want to hide converse controlbox then use this in
scriptvar element = document.getElementById("toggle-controlbox"); element.classList.remove("hidden"); var element = document.getElementById("controlbox"); element.classList.add("hidden"); $('.toggle-controlbox').remove();
- For ejabberd API access change the configuration with the
following…- in who: allow user
- in what: what api you want to access
register api for add user and unregister for remove user
api_permissions: "admin commands": who: admin what: - register - unregister