Installation d`Ejabberd sur CentOS - WikiT - Firewall

Transcription

13/12/2016 11:45
1/11
Installation d'Ejabberd sur CentOS
Ejabberd est un serveur xmpp (jabber) robuste, écrit en erlang. Ce how-to décrit l'installation sur une
CentOS
Installation d'une CentOS de base
Suivre ce how-to pour l'installation de base
Configuration des dépôts tiers
Suivre ce how-to pour configurer les dépôts tiers
Installer Ejabberd
Le dépôt EPEL propose un paquet pour Ejabberd
yum --enablerepo=epel install ejabberd
On peut aussi installer le serveur mysql pour le stockage des données
yum install mysql-server
Ainsi que les modules supplémentaires pour Ejabberd (intégrant entre autre le driver mysql natif)
yum --enablerepo=fws-testing install ejabberd-modules
Préparations
Par soucis de performance, et de facilité d'administration, nous allons utiliser une base MySQL pour
stocker les informations relatives au serveur jabber (par défaut, Ejabberd utilise une base Mnesia,
fournit par erlang)
Configuration de mysqld
Ejabberd a besoin du moteur InnoDB, il faut donc l'activer. Il faut aussi activer l'écoute sur le réseau
(Ejabberd ne sachant pas communiquer avec un socket UNIX)
Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins)
WikiT - https://wikit.firewall-services.com/
Last
update:
tuto:linux_divers:installer_ejabberd_sur_centos https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos
05/09/2013
17:19
cp -a /etc/my.cnf /etc/my.cnf.default
echo '' > /etc/my.cnf
vim /etc/my.cnf
Puis y placer les ligne suivantes:
[mysqld]
pid-file=/var/run/mysqld/mysqld.pid
basedir=/usr
datadir=/var/lib/mysql
innodb_data_home_dir = /var/lib/mysql/
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /var/lib/mysql/
innodb_log_arch_dir = /var/lib/mysql/
innodb_buffer_pool_size = 16M
innodb_additional_mem_pool_size = 2M
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
innodb_file_per_table
socket=/var/lib/mysql/mysql.sock
# networking is enabled
log-error=/var/log/mysqld.log
max_allowed_packet=16M
user=mysql
[mysqld_safe]
Création d'un mot de passe root (mysql)
/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' > ~/.my.pw
chmod 600 ~/.my.pw
/usr/bin/mysqladmin -u root password $(cat ~/.my.pw)
echo '[client]' > ~/.my.cnf
echo "password="$(cat ~/.my.pw) >> ~/.my.cnf
Création d'une base de donnée pour Ejabberd
/usr/bin/openssl rand -base64 50 | tr -c -d '[:alnum:]' >
/etc/ejabberd/db.pw
chmod 600 /etc/ejabberd/db.pw
mysql -e 'create database ejabberd'
mysql -e "grant all privileges on ejabberd.* to 'ejabberd'@'localhost'
https://wikit.firewall-services.com/
Printed on 13/12/2016 11:45
13/12/2016 11:45
3/11
identified by $(cat /etc/ejabberd/db.pw)"
mysql -e 'flush privileges'
Importation du schéma pour Ejabberd
mysql ejabberd < /usr/share/doc/ejabberd-modules-0.1/mysql.sql
Configuration de de base
Le fichier de configuration d'Ejabberd est /etc/ejabberd/ejabberd.cfg La syntaxe est en erlang
Voici un exemple:
% Users that have admin access. Add line like one of the following after
you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "admin"}}.
% {acl, admin, {user, "user1"}}.
% Local users:
{acl, local, {user_regexp, ""}}.
% Blocked users:
%{acl, blocked, {user, "test"}}.
% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
% Registration is disabled
{access, register, [{deny,all}]}.
% Only admins can send announcement messages :
{access, announce, [{allow, admin}]}.
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.
Last
update:
05/09/2013
17:19
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
{access, muc_log, [{allow, admin}, {deny, all}]}.
% Allow access only for local users:
{access, local, [{allow, local}]}.
%% Being Acls for MSN users
% This example will deny communication with MSN users, except
% The ones listed in good_msn_users
% Requires mod_filter
{acl,
{acl,
{acl,
{acl,
good_msn_users, {user, "user1\\40hotmail.com", "msn.domain.tld"}}.
good_msn_users, {user, "user2\\40hotmail.fr", "msn.domain.tld"}}.
good_msn_users, {user, "", "msn.domain.tld"}}.
msn_users, {server_glob, "msn*"}}.
{access,
{access,
{access,
{access,
mod_filter, [{allow, all}]}.
mod_filter_presence, [{allow, all}]}.
mod_filter_message, [{allow, all}]}.
mod_filter_iq, [{allow, all}]}.
{access, mod_filter, [
% Filter incoming messages; allow only good messages
{allow, good_msn_users},
{deny, msn_users},
% Filter the rest, including outgoing messages
{filter_msn, all}
]}.
{access, filter_msn, [
% Users can send messages to good MSN users
{allow, good_msn_users},
% but not to other MSN users
{deny, msn_users},
Printed on 13/12/2016 11:45
13/12/2016 11:45
5/11
% All non-MSN traffic is allowed
{allow, all}
]}.
%% End filter example
% Auth MySQL
{auth_method, odbc}.
% mysql database access, with native mysql driver
{odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "__SECRET__"}}.
% Host name:
{hosts, ["domain.tld"]}.
%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.
% Default language for server messages
{language, "fr"}.
% Listened ports:
{listen, [
% Standard port 5222 with TLS support (and required)
{5222, ejabberd_c2s,
[{access, c2s}, {shaper, c2s_shaper},
starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}]},
% Deprecated SSL port on 5223
{5223, ejabberd_c2s,
[{access, c2s}, tls, {certfile,
"/etc/ejabberd/ejabberd.pem"}]}
% Uncomment this line to allow s2s connections:
% ,{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}, {max_stanza_size,
131072}]}
% Example of transport configuration
% ,{5347, ejabberd_service, [{host, "msn.domain.tld",
%
[{password, "secret"}]}]}
]}.
% If SRV lookup fails, then port 5269 is used to communicate with remote
server
% Uncomment this line to allow s2s connections
% {outgoing_s2s_port, 5269}.
% Modules
{modules,
[
% {mod_register,
[{access, register}]},
{mod_roster_odbc,
[]},
{mod_privacy_odbc,
[]},
Last
update:
05/09/2013
17:19
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
%
{mod_adhoc,
[]},
{mod_configure, []}, % Depends on mod_adhoc
{mod_configure2, []},
{mod_disco,
[]},
{mod_stats,
[]},
{mod_vcard_odbc, []},
%% if you prefer ldap based vcard service, use the following
%% adapt it to your needs
{mod_vcard_ldap,
[
{ldap_base, "ou=Users,dc=domain,dc=tld"},
{ldap_filter, "(objectClass=inetOrgPerson)"},
{ldap_vcard_map,
%% vcard patterns
[{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname
{"GIVEN", "%s", ["givenName"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John"
{"EMAIL", "%s", ["mail"]},
{"BDAY", "%s", ["birthDay"]},
{"ORGNAME", "%s", ["o"]},
{"ORGUNIT", "%s", ["ou"]},
{"LOCALITY", "%s", ["l"]},
{"STREET", "%s", ["Street"]},
{"TEL", "%s", ["Phone"]}
]},
%% Search form
{ldap_search_fields,
[{"User", "%u"},
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"}]},
%% vCard fields to be reported
%% Note that JID is always returned with search results
{ldap_search_reported,
[{"Full Name", "FN"},
{"Nickname", "NICKNAME"}]}
]},
{mod_vcard_odbc, []},
{mod_caps,
[]},
{mod_offline_odbc,
[]},
{mod_announce,
[{access, announce}]}, % Depends on mod_adhoc
{mod_private_odbc,
[]},
{mod_irc,
[]},
Default options for mod_muc:
host: "conference." ++ ?MYNAME
access: all
access_create: all
access_admin: none (only room creator has owner privileges)
Printed on 13/12/2016 11:45
13/12/2016 11:45
7/11
{mod_muc,
[{access, muc}, {access_create, muc}, {access_admin,
muc_admin}]},
{mod_muc_log,
[]},
{mod_shared_roster, []},
{mod_pubsub,
[
{access_createnode, pubsub_createnode},
{plugins, ["flat", "hometree", "pep"]}
]},
{mod_time,
[]},
{mod_last_odbc,
[]},
% {mod_xmlrpc,[{port, 4560},{timeout, 5000}]},
{mod_version,
[]},
{mod_admin_extra,
[]},
% {mod_archive_odbc, [{database_type, "mysql"},
%
{default_auto_save, true},
%
{enforce_default_auto_save, false},
%
{default_expire, infinity},
%
{enforce_min_expire, 0},
%
{enforce_max_expire, infinity},
%
{replication_expire, 31536000},
%
{session_duration, 1800},
%
{wipeout_interval, 86400}]},
% {mod_log_chat, [{path, "/var/log/ejabberd/chat"}, {format, text}]},
{mod_echo,
]}.
[{host, "echo.domain.tld"}]}
%%% Local Variables:
%%% mode: erlang
%%% End:
On remplace maintenant par le mot de passe mysql pour ejabberd:
export PASS=$(cat /etc/ejabberd/db.pw)
sed -i -e "s/__SECRET/$PASS/g" /etc/ejabberd/ejabberd.cfg
unset PASS
Installer spectrum
Spectrum permet de fournir des passerelles (transports) entre xmpp et d'autres protocoles. Il
supportes de nombreux protocoles, dont MSN. Il est disponible dans le dépôt EPEL également
yum --enablerepo=epel install spectrum
Configurer la passerelle MSN
Il faut d'abord créer le fichier de configuration /etc/spectrum/msn.cfg
Last
update:
05/09/2013
17:19
[service]
# enable this spectrum instance
enable=1
# one of: aim, facebook, gg, icq, irc, msn, myspace, qq, simple, xmpp, yahoo
protocol=msn
# component ip
server=127.0.0.1
# if use_proxy is 1, the http_proxy env var will be used as the proxy server
# for example export http_proxy="http://user:[email protected]:port/"
use_proxy=0
# component JID
jid=$protocol.domain.tld
# component secret
password=secret
# component port
port=5347
config_interface = /var/run/spectrum/$jid.sock
# IP:port where filetransfer proxy binds to. This has to be public IP.
#filetransfer_bind_address=192.0.2.1:12345
# IP:port which will be sent in filetransfer request as stream host.
#filetransfer_public_address=192.0.2.1:12345
# admin JIDs - Jabber IDs of transport administrators who have access to
admin adhoc commands
# separated by semicolons
#[email protected];[email protected]
# directory where downloaded files will be saved
filetransfer_cache=/var/lib/spectrum/filetransfer_cache
# URL used to acces filestransfer_cache directory from the web.
filetransfer_web=http://example.com/files/
# name of transport (this will appear in service discovery)
name=MSN Transport
# default language
language=fr
# transport features separated by semicolons
Printed on 13/12/2016 11:45
13/12/2016 11:45
9/11
# combination of: avatars, chatstate, filetransfer
# if commented, all features will be used
# This variable is DEPRECATED and will be removed in future versions. Use
[features] instead.
#transport_features = avatars;chatstate;filetransfer
# if vip_mode is 1, users are divided to 2 groups according to 'vip'
database field
vip_mode=0
# if vip_mode is 1, you can set transport to be availabe only for VIP users
by setting only_for_vip to 1.
only_for_vip=0
# if vip_mode is 1 and only_for_vip is 1, users can connect from these
servers even they are not VIP.
# This feature is useful, if you want to enable transport only for users
from your server, but also want
# to give access to VIP users from other servers (for example from GTalk)
# seperated by semicolons
allowed_servers=localhost;domain.tld
# transport features separated by semicolons which will be used for VIP
users.
# combination of: avatars, chatstate, filetransfer
# if commented, all features will be used
# This variable is DEPRECATED and will be removed in future versions. Use
[vip-features] instead.
#vip_features = avatars;chatstate;filetransfer
# pid file
pid_file=/var/run/spectrum/$jid.pid
# require_tls to connect legacy network
#require_tls=false
# Eventloop used by Spectrum. Allows to change default use of poll to epoll,
# which should be faster and handles more connections better.
# WARNING: some 3rd party libpurple protocol plugins are not prepared to be
# used with different eventloop, but protocols included in libpurple by
default
# works OK.
#eventloop=glib
[registration]
# Set to 0 to disable transport registration to everyone except
# people from host from allowed_servers list.
enable_public_registration=0
# You can override username registered by transport user. This is useful
# for example if you want to let users to register only their Facebook name
Last
update:
05/09/2013
17:19
# and internally connect them to [email protected].
# $username variable is replaced by username which has been registered
# by particular user.
#username_mask = [email protected]
# This option allows you to white-list newly created accounts according
# to regexp. for example allowed_usernames=*.\.gmail\.com$ will allow only
# GTalk users to register. If you use username_mask, then username_mask is
# applied before this option.
allowed_usernames=*.\.firewall-services\.com$
# Label used to described username field in registration form
#username_label = Facebook username
# This variable overrides default instructions text in registration form.
#instructions = Type your Facebook name here:
# Transport features, all features are enabled by default.
[features]
#filetransfer=1
#avatars=1
#chatstates=1
#statistics=1
# Transport features for VIP users, all features are enabled by default.
[vip-features]
#filetransfer=1
#avatars=1
#chatstates=1
[logging]
# log file, needs to be unique for each spectrum instance
log_file=/var/log/spectrum/$jid.log
# log areas
# combination of: xml, purple
log_areas=xml;purple
[database]
# mysql or sqlite
type=sqlite
# hostname (not needed for sqlite)
#host=localhost
# username (not needed for sqlite)
#user=user
# password (not needed for sqlite)
Printed on 13/12/2016 11:45
13/12/2016 11:45
11/11
#password=password
# sqlite: set path to database file here
# mysql: set to name of database
database=/var/lib/spectrum/$jid/database.sqlite
# table prefix for multiple transport instances sharing the same database
#prefix=icq_
[purple]
# avatar, vcard, roster storage
# needs to be unique for each spectrum instance
userdir=/var/lib/spectrum/$jid/userdir
Puis, il faut démarrer spectrum:
/etc/init.d/spectrum start
Les logs d'Ejabberd devraient indiquer qu'un nouveau composant s'est enregistré
Activer les services
Une fois que tout est fonctionnel, il ne reste qu'à configurer les différents services pour qu'ils
démarrent automatiquement:
chkconfig ejabberd on
chkconfig mysqld on
chkconfig spectrum on
From:
https://wikit.firewall-services.com/ - WikiT
Permanent link:
https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos
Last update: 05/09/2013 17:19

Installation d`Ejabberd sur CentOS - WikiT - Firewall

Transcription

Documents pareils

company of heroes world war 2 mod

Score savings through the ServicePlus program on Ottawa Senators

REGISTRATION MIDSOMMAR 2011 Saturday, June 18, 2011

banque / fondation win-win situation

Hoping to get out of all the arrangements and puri

IMPÔTS / TAX TABLES

Em B7 Em E7 Am G B7 Em B7 Em E7 Am G B7 G Bm Am D7 G Bm

Voyages Chris` Tours

Algebra Test 2

Fatayat msn