Arch Linux / ejabberd

Today I’m going to setup a XMPP (Jabber) server on my Banana Pi.

I’ve had good experiences with ejabberd. Unfortunately the resources on my virtual root server are limited, I couldn’t run ejabberd on that server in a stable way. Therefore I used jabberd2 on my virtual root server previously. However, I wanted to move that server application to my local network, both for security and convenience reasons anyway. Indeed besides the hardware limitations I’m free to do whatever I want on my BPi, therefore I moved the XMPP server to that device.

In this article, I’m going to explain how to install an ejabberd server on your Arch Linux machine.

Setting up and configuring the XMPP server

As ejabberd is provided in the community respositories, we don’t need to compile anything for ourself. So we’re going to simply install that application:

yaourt -S ejabberd

The next step will be the configuration of the XMPP server. I’m going to enforce encryption for Client-to-Server (c2s) and Server-to-Server (s2s) communication. Please make sure, you have a certificate for encryption (/etc/ssl/server.pem in this example) set up.

Edit the /etc/ejabberd/ejabberd.yml file with root privileges.:

hosts:
  - "localhost"
  - "xmpp.example.com"
listen:
  -
    certfile: "/etc/ssl/server.pem"
    starttls_required: true
    protocol_options:
      - "no_sslv3"
    ciphers: "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA"
    zlib: false
    tls_compression: false
s2s_use_starttls: required
s2s_certfile: "/etc/ssl/server.pem"
s2s_ciphers: "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA"
s2s_tls_compression: false
s2s_protocol_options:
   - "no_sslv3"
acl:
  admin:
     user:
       - "admin": "xmpp.example.com"
auth_password_format: scram

If you want to deny any user to register with your server later, you have to set the following:

access:
  register:
    all: deny

Setting up the database

This step is optionally. The ejabberd is able to use an internal database called “Mnesia”. But if you already have a dedicated database server like MySQL, you might want to use it as a database backend for ejabberd. This is what I want to do now. Please note, that if you use a dedicated database, unlike the internal Mnesia method, the the passwords are not hashed using SCRAM (see Store passwords in plaintext in the database for security).

First step is to create a new database and grant access to a new database user:

mysql -u root -p
MariaDB [(none)]> CREATE DATABASE ejabberd;
MariaDB [(none)]> GRANT ALL ON ejabberd.* TO 'ejabberd'@'localhost' IDENTIFIED BY 'password';

Then we need to download and import the database schema:

wget https://raw.githubusercontent.com/processone/ejabberd/master/sql/mysql.sql
mysql -u ejabberd -p ejabberd < mysql.sql

Last step is to configure the MySQL driver in /etc/ejabberd/ejabberd.yml. Comment out auth_method: internal, set auth_method: odbc instead and configure the database settings:

##auth_method: internal
auth_method: odbc
odbc_type: mysql
odbc_server: "localhost"
odbc_database: "ejabberd"
odbc_username: "ejabberd"
odbc_password: "password"

Starting up the server and add an admin user

Now we’re ready to enable and start our server:

sudo systemctl enable ejabberd
sudo systemctl start ejabberd

When the server is started (you may check /var/log/ejabberd/ejabberd.log), we have to add our admin user, who we defined previously. Please note, that we have to do it as ejabberd user who is created when installing ejabberd:

sudo -u ejabberd bash
ejabberdctl register admin localhost adminpassword

You will have to forward the ports 5222 (for c2s) and 5269 (for s2s) to your XMPP server. Optionally you may also forward port 5280 for HTTP binding and HTTP polling.

Pidgin and OTR

Now that you have your XMPP server up and running, you want to connect to it via a XMPP client. For enhanced privacy (i.e. security), I suggest using end-to-end encryption via the Off-the-Record Messaging protocol (OTR). I recommend using Pidgin and the OTR plugin. If you’re using an Arch machine as a client, you may install the packages pidgin and pidgin-otr.

Have fun communicating over XMPP!

By the way: If you want to contact me via XMPP, my JID is ryad (at) xmpp.eldajani.net 🙂

4 comments:

  1. Hi Ryad,
    I am using ejabberd 15.07 and trying to setup mysql db as backend.
    With Tsung scripts, I am able to register users to the sql db.
    However I am unable to use create a pub-sub node qith sql backend. Please help. I get “feature-not-implemented” error.

    2015-09-18 12:17:33.330 [debug] @ejabberd_odbc:sql_query_internal:473 MySQL, Send query
    [<>,<>,<>]
    2015-09-18 12:17:33.331 [debug] @ejabberd_receiver:process_data:349 Received XML on stream = <<" open1000neveropen”>>
    2015-09-18 12:17:33.331 [debug] @shaper:update:120 State: {maxrate,10000000,0.0,1442558853330838}, Size=656
    M=0.0328, I=0.936
    2015-09-18 12:17:33.332 [debug] @ejabberd_odbc:sql_query_internal:473 MySQL, Send query
    [<>,<>,<>]
    2015-09-18 12:17:33.333 [debug] @ejabberd_odbc:sql_query_internal:473 MySQL, Send query
    [<>]
    2015-09-18 12:17:33.333 [debug] @ejabberd_odbc:sql_query_internal:473 MySQL, Send query
    [<>,<>,<>]
    2015-09-18 12:17:33.335 [debug] @ejabberd_router:do_route:323 route
    from {jid,<>,<>,<>,<>,<>,<>}
    to {jid,<>,<>,<>,<>,<>,<>}
    packet {xmlel,<>,[{<>,<>},{<>,<>},{<>,<>}],[{xmlel,<>,[{<>,<>}],[{xmlel,<>,[{<>,<>},{<>,<>}],[]},{xmlel,<>,[],[{xmlcdata,<>},{xmlel,<>,[{<>,<>},{<>,<>}],[{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]}]}]}]}]}
    2015-09-18 12:17:33.336 [debug] @ejabberd_router:do_route:323 route
    from {jid,<>,<>,<>,<>,<>,<>}
    to {jid,<>,<>,<>,<>,<>,<>}
    packet {xmlel,<>,[{<>,<>},{<>,<>},{<>,<>}],[{xmlel,<>,[{<>,<>}],[{xmlel,<>,[{<>,<>},{<>,<>}],[]},{xmlel,<>,[],[{xmlcdata,<>},{xmlel,<>,[{<>,<>},{<>,<>}],[{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]},{xmlel,<>,[{<>,<>}],[{xmlel,<>,[],[{xmlcdata,<>}]}]}]}]}]},{xmlel,<>,[{<>,<>},{<>,<>}],[{xmlel,<>,[{<>,<>}],[]},{xmlel,<>,[{<>,<>},{<>,<>}],[]}]}]}

    1. Hi Janani,
      I had a similar issue when I updated ejabberd a few weeks ago. I also couldn’t resolve the problem when using the MySQL backend. Therefore I switched to the internal db.

      Regards,
      Ryad

  2. Hey
    thx for an article
    can you tell me about “Setting up the database” block for postgresql DB

    best regards

Leave a Reply

Your email address will not be published. Required fields are marked *