Today I’m going to setup a XMPP (Jabber) server on my Banana Pi.
I’ve had good experiences with ejabberd. Unfortunately the resources on my virtual root server are limited, I couldn’t run ejabberd on that server in a stable way. Therefore I used jabberd2 on my virtual root server previously. However, I wanted to move that server application to my local network, both for security and convenience reasons anyway. Indeed besides the hardware limitations I’m free to do whatever I want on my BPi, therefore I moved the XMPP server to that device.
In this article, I’m going to explain how to install an ejabberd server on your Arch Linux machine.
Setting up and configuring the XMPP server
As ejabberd is provided in the community respositories, we don’t need to compile anything for ourself. So we’re going to simply install that application:
yaourt -S ejabberd
The next step will be the configuration of the XMPP server. I’m going to enforce encryption for Client-to-Server (c2s) and Server-to-Server (s2s) communication. Please make sure, you have a certificate for encryption (
/etc/ssl/server.pem in this example) set up.
/etc/ejabberd/ejabberd.yml file with root privileges.:
hosts: - "localhost" - "xmpp.example.com" listen: - certfile: "/etc/ssl/server.pem" starttls_required: true protocol_options: - "no_sslv3" ciphers: "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA" zlib: false tls_compression: false s2s_use_starttls: required s2s_certfile: "/etc/ssl/server.pem" s2s_ciphers: "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA" s2s_tls_compression: false s2s_protocol_options: - "no_sslv3" acl: admin: user: - "admin": "xmpp.example.com" auth_password_format: scram
If you want to deny any user to register with your server later, you have to set the following:
access: register: all: deny
Setting up the database
This step is optionally. The ejabberd is able to use an internal database called “Mnesia”. But if you already have a dedicated database server like MySQL, you might want to use it as a database backend for ejabberd. This is what I want to do now. Please note, that if you use a dedicated database, unlike the internal Mnesia method, the the passwords are not hashed using SCRAM (see Store passwords in plaintext in the database for security).
First step is to create a new database and grant access to a new database user:
mysql -u root -p MariaDB [(none)]> CREATE DATABASE ejabberd; MariaDB [(none)]> GRANT ALL ON ejabberd.* TO 'ejabberd'@'localhost' IDENTIFIED BY 'password';
Then we need to download and import the database schema:
wget https://raw.githubusercontent.com/processone/ejabberd/master/sql/mysql.sql mysql -u ejabberd -p ejabberd < mysql.sql
Last step is to configure the MySQL driver in
/etc/ejabberd/ejabberd.yml. Comment out
auth_method: internal, set
auth_method: odbc instead and configure the database settings:
##auth_method: internal auth_method: odbc odbc_type: mysql odbc_server: "localhost" odbc_database: "ejabberd" odbc_username: "ejabberd" odbc_password: "password"
Starting up the server and add an admin user
Now we’re ready to enable and start our server:
sudo systemctl enable ejabberd sudo systemctl start ejabberd
When the server is started (you may check
/var/log/ejabberd/ejabberd.log), we have to add our admin user, who we defined previously. Please note, that we have to do it as ejabberd user who is created when installing ejabberd:
sudo -u ejabberd bash ejabberdctl register admin localhost adminpassword
Pidgin and OTR
Now that you have your XMPP server up and running, you want to connect to it via a XMPP client. For enhanced privacy (i.e. security), I suggest using end-to-end encryption via the Off-the-Record Messaging protocol (OTR). I recommend using Pidgin and the OTR plugin. If you’re using an Arch machine as a client, you may install the packages
Have fun communicating over XMPP!
By the way: If you want to contact me via XMPP, my JID is ryad (at) xmpp.eldajani.net 🙂