Installation d`Ejabberd sur CentOS - WikiT - Firewall
Transcription
Installation d`Ejabberd sur CentOS - WikiT - Firewall
13/12/2016 11:45 1/11 Installation d'Ejabberd sur CentOS Installation d'Ejabberd sur CentOS Ejabberd est un serveur xmpp (jabber) robuste, écrit en erlang. Ce how-to décrit l'installation sur une CentOS Installation d'une CentOS de base Suivre ce how-to pour l'installation de base Configuration des dépôts tiers Suivre ce how-to pour configurer les dépôts tiers Installer Ejabberd Le dépôt EPEL propose un paquet pour Ejabberd yum --enablerepo=epel install ejabberd On peut aussi installer le serveur mysql pour le stockage des données yum install mysql-server Ainsi que les modules supplémentaires pour Ejabberd (intégrant entre autre le driver mysql natif) yum --enablerepo=fws-testing install ejabberd-modules Préparations Par soucis de performance, et de facilité d'administration, nous allons utiliser une base MySQL pour stocker les informations relatives au serveur jabber (par défaut, Ejabberd utilise une base Mnesia, fournit par erlang) Configuration de mysqld Ejabberd a besoin du moteur InnoDB, il faut donc l'activer. Il faut aussi activer l'écoute sur le réseau (Ejabberd ne sachant pas communiquer avec un socket UNIX) Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins) WikiT - https://wikit.firewall-services.com/ Last update: tuto:linux_divers:installer_ejabberd_sur_centos https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos 05/09/2013 17:19 cp -a /etc/my.cnf /etc/my.cnf.default echo '' > /etc/my.cnf vim /etc/my.cnf Puis y placer les ligne suivantes: [mysqld] pid-file=/var/run/mysqld/mysqld.pid basedir=/usr datadir=/var/lib/mysql innodb_data_home_dir = /var/lib/mysql/ innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /var/lib/mysql/ innodb_log_arch_dir = /var/lib/mysql/ innodb_buffer_pool_size = 16M innodb_additional_mem_pool_size = 2M innodb_log_file_size = 5M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 innodb_file_per_table socket=/var/lib/mysql/mysql.sock # networking is enabled log-error=/var/log/mysqld.log max_allowed_packet=16M user=mysql [mysqld_safe] Création d'un mot de passe root (mysql) /usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' > ~/.my.pw chmod 600 ~/.my.pw /usr/bin/mysqladmin -u root password $(cat ~/.my.pw) echo '[client]' > ~/.my.cnf echo "password="$(cat ~/.my.pw) >> ~/.my.cnf Création d'une base de donnée pour Ejabberd /usr/bin/openssl rand -base64 50 | tr -c -d '[:alnum:]' > /etc/ejabberd/db.pw chmod 600 /etc/ejabberd/db.pw mysql -e 'create database ejabberd' mysql -e "grant all privileges on ejabberd.* to 'ejabberd'@'localhost' https://wikit.firewall-services.com/ Printed on 13/12/2016 11:45 13/12/2016 11:45 3/11 Installation d'Ejabberd sur CentOS identified by $(cat /etc/ejabberd/db.pw)" mysql -e 'flush privileges' Importation du schéma pour Ejabberd mysql ejabberd < /usr/share/doc/ejabberd-modules-0.1/mysql.sql Configuration de de base Le fichier de configuration d'Ejabberd est /etc/ejabberd/ejabberd.cfg La syntaxe est en erlang Voici un exemple: % Users that have admin access. Add line like one of the following after you % will be successfully registered on server to get admin access: {acl, admin, {user, "admin"}}. % {acl, admin, {user, "user1"}}. % Local users: {acl, local, {user_regexp, ""}}. % Blocked users: %{acl, blocked, {user, "test"}}. % Everybody can create pubsub nodes {access, pubsub_createnode, [{allow, all}]}. % Only admins can use configuration interface: {access, configure, [{allow, admin}]}. % Registration is disabled {access, register, [{deny,all}]}. % Only admins can send announcement messages : {access, announce, [{allow, admin}]}. % Only non-blocked users can use c2s connections: {access, c2s, [{deny, blocked}, {allow, all}]}. % Set shaper with name "normal" to limit traffic speed to 1000B/s {shaper, normal, {maxrate, 1000}}. % Set shaper with name "fast" to limit traffic speed to 50000B/s {shaper, fast, {maxrate, 50000}}. WikiT - https://wikit.firewall-services.com/ Last update: tuto:linux_divers:installer_ejabberd_sur_centos https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos 05/09/2013 17:19 % For all users except admins used "normal" shaper {access, c2s_shaper, [{none, admin}, {normal, all}]}. % For all S2S connections used "fast" shaper {access, s2s_shaper, [{fast, all}]}. % Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. % All users are allowed to use MUC service: {access, muc, [{allow, all}]}. {access, muc_log, [{allow, admin}, {deny, all}]}. % Allow access only for local users: {access, local, [{allow, local}]}. %% Being Acls for MSN users % This example will deny communication with MSN users, except % The ones listed in good_msn_users % Requires mod_filter {acl, {acl, {acl, {acl, good_msn_users, {user, "user1\\40hotmail.com", "msn.domain.tld"}}. good_msn_users, {user, "user2\\40hotmail.fr", "msn.domain.tld"}}. good_msn_users, {user, "", "msn.domain.tld"}}. msn_users, {server_glob, "msn*"}}. {access, {access, {access, {access, mod_filter, [{allow, all}]}. mod_filter_presence, [{allow, all}]}. mod_filter_message, [{allow, all}]}. mod_filter_iq, [{allow, all}]}. {access, mod_filter, [ % Filter incoming messages; allow only good messages {allow, good_msn_users}, {deny, msn_users}, % Filter the rest, including outgoing messages {filter_msn, all} ]}. {access, filter_msn, [ % Users can send messages to good MSN users {allow, good_msn_users}, % but not to other MSN users {deny, msn_users}, https://wikit.firewall-services.com/ Printed on 13/12/2016 11:45 13/12/2016 11:45 5/11 Installation d'Ejabberd sur CentOS % All non-MSN traffic is allowed {allow, all} ]}. %% End filter example % Auth MySQL {auth_method, odbc}. % mysql database access, with native mysql driver {odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "__SECRET__"}}. % Host name: {hosts, ["domain.tld"]}. %% Define the maximum number of time a single user is allowed to connect: {max_user_sessions, 10}. % Default language for server messages {language, "fr"}. % Listened ports: {listen, [ % Standard port 5222 with TLS support (and required) {5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}, starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}]}, % Deprecated SSL port on 5223 {5223, ejabberd_c2s, [{access, c2s}, tls, {certfile, "/etc/ejabberd/ejabberd.pem"}]} % Uncomment this line to allow s2s connections: % ,{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}, {max_stanza_size, 131072}]} % Example of transport configuration % ,{5347, ejabberd_service, [{host, "msn.domain.tld", % [{password, "secret"}]}]} ]}. % If SRV lookup fails, then port 5269 is used to communicate with remote server % Uncomment this line to allow s2s connections % {outgoing_s2s_port, 5269}. % Modules {modules, [ % {mod_register, [{access, register}]}, {mod_roster_odbc, []}, {mod_privacy_odbc, []}, WikiT - https://wikit.firewall-services.com/ Last update: tuto:linux_divers:installer_ejabberd_sur_centos https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos 05/09/2013 17:19 % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % % {mod_adhoc, []}, {mod_configure, []}, % Depends on mod_adhoc {mod_configure2, []}, {mod_disco, []}, {mod_stats, []}, {mod_vcard_odbc, []}, %% if you prefer ldap based vcard service, use the following %% adapt it to your needs {mod_vcard_ldap, [ {ldap_base, "ou=Users,dc=domain,dc=tld"}, {ldap_filter, "(objectClass=inetOrgPerson)"}, {ldap_vcard_map, %% vcard patterns [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname {"GIVEN", "%s", ["givenName"]}, {"FAMILY", "%s", ["sn"]}, {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John" {"EMAIL", "%s", ["mail"]}, {"BDAY", "%s", ["birthDay"]}, {"ORGNAME", "%s", ["o"]}, {"ORGUNIT", "%s", ["ou"]}, {"LOCALITY", "%s", ["l"]}, {"STREET", "%s", ["Street"]}, {"TEL", "%s", ["Phone"]} ]}, %% Search form {ldap_search_fields, [{"User", "%u"}, {"Name", "givenName"}, {"Family Name", "sn"}, {"Email", "mail"}]}, %% vCard fields to be reported %% Note that JID is always returned with search results {ldap_search_reported, [{"Full Name", "FN"}, {"Nickname", "NICKNAME"}]} ]}, {mod_vcard_odbc, []}, {mod_caps, []}, {mod_offline_odbc, []}, {mod_announce, [{access, announce}]}, % Depends on mod_adhoc {mod_private_odbc, []}, {mod_irc, []}, Default options for mod_muc: host: "conference." ++ ?MYNAME access: all access_create: all access_admin: none (only room creator has owner privileges) https://wikit.firewall-services.com/ Printed on 13/12/2016 11:45 13/12/2016 11:45 7/11 Installation d'Ejabberd sur CentOS {mod_muc, [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]}, {mod_muc_log, []}, {mod_shared_roster, []}, {mod_pubsub, [ {access_createnode, pubsub_createnode}, {plugins, ["flat", "hometree", "pep"]} ]}, {mod_time, []}, {mod_last_odbc, []}, % {mod_xmlrpc,[{port, 4560},{timeout, 5000}]}, {mod_version, []}, {mod_admin_extra, []}, % {mod_archive_odbc, [{database_type, "mysql"}, % {default_auto_save, true}, % {enforce_default_auto_save, false}, % {default_expire, infinity}, % {enforce_min_expire, 0}, % {enforce_max_expire, infinity}, % {replication_expire, 31536000}, % {session_duration, 1800}, % {wipeout_interval, 86400}]}, % {mod_log_chat, [{path, "/var/log/ejabberd/chat"}, {format, text}]}, {mod_echo, ]}. [{host, "echo.domain.tld"}]} %%% Local Variables: %%% mode: erlang %%% End: On remplace maintenant par le mot de passe mysql pour ejabberd: export PASS=$(cat /etc/ejabberd/db.pw) sed -i -e "s/__SECRET/$PASS/g" /etc/ejabberd/ejabberd.cfg unset PASS Installer spectrum Spectrum permet de fournir des passerelles (transports) entre xmpp et d'autres protocoles. Il supportes de nombreux protocoles, dont MSN. Il est disponible dans le dépôt EPEL également yum --enablerepo=epel install spectrum Configurer la passerelle MSN Il faut d'abord créer le fichier de configuration /etc/spectrum/msn.cfg WikiT - https://wikit.firewall-services.com/ Last update: tuto:linux_divers:installer_ejabberd_sur_centos https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos 05/09/2013 17:19 [service] # enable this spectrum instance enable=1 # one of: aim, facebook, gg, icq, irc, msn, myspace, qq, simple, xmpp, yahoo protocol=msn # component ip server=127.0.0.1 # if use_proxy is 1, the http_proxy env var will be used as the proxy server # for example export http_proxy="http://user:[email protected]:port/" use_proxy=0 # component JID jid=$protocol.domain.tld # component secret password=secret # component port port=5347 config_interface = /var/run/spectrum/$jid.sock # IP:port where filetransfer proxy binds to. This has to be public IP. #filetransfer_bind_address=192.0.2.1:12345 # IP:port which will be sent in filetransfer request as stream host. #filetransfer_public_address=192.0.2.1:12345 # admin JIDs - Jabber IDs of transport administrators who have access to admin adhoc commands # separated by semicolons #[email protected];[email protected] # directory where downloaded files will be saved filetransfer_cache=/var/lib/spectrum/filetransfer_cache # URL used to acces filestransfer_cache directory from the web. filetransfer_web=http://example.com/files/ # name of transport (this will appear in service discovery) name=MSN Transport # default language language=fr # transport features separated by semicolons https://wikit.firewall-services.com/ Printed on 13/12/2016 11:45 13/12/2016 11:45 9/11 Installation d'Ejabberd sur CentOS # combination of: avatars, chatstate, filetransfer # if commented, all features will be used # This variable is DEPRECATED and will be removed in future versions. Use [features] instead. #transport_features = avatars;chatstate;filetransfer # if vip_mode is 1, users are divided to 2 groups according to 'vip' database field vip_mode=0 # if vip_mode is 1, you can set transport to be availabe only for VIP users by setting only_for_vip to 1. only_for_vip=0 # if vip_mode is 1 and only_for_vip is 1, users can connect from these servers even they are not VIP. # This feature is useful, if you want to enable transport only for users from your server, but also want # to give access to VIP users from other servers (for example from GTalk) # seperated by semicolons allowed_servers=localhost;domain.tld # transport features separated by semicolons which will be used for VIP users. # combination of: avatars, chatstate, filetransfer # if commented, all features will be used # This variable is DEPRECATED and will be removed in future versions. Use [vip-features] instead. #vip_features = avatars;chatstate;filetransfer # pid file pid_file=/var/run/spectrum/$jid.pid # require_tls to connect legacy network #require_tls=false # Eventloop used by Spectrum. Allows to change default use of poll to epoll, # which should be faster and handles more connections better. # WARNING: some 3rd party libpurple protocol plugins are not prepared to be # used with different eventloop, but protocols included in libpurple by default # works OK. #eventloop=glib [registration] # Set to 0 to disable transport registration to everyone except # people from host from allowed_servers list. enable_public_registration=0 # You can override username registered by transport user. This is useful # for example if you want to let users to register only their Facebook name WikiT - https://wikit.firewall-services.com/ Last update: tuto:linux_divers:installer_ejabberd_sur_centos https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos 05/09/2013 17:19 # and internally connect them to [email protected]. # $username variable is replaced by username which has been registered # by particular user. #username_mask = [email protected] # This option allows you to white-list newly created accounts according # to regexp. for example allowed_usernames=*.\.gmail\.com$ will allow only # GTalk users to register. If you use username_mask, then username_mask is # applied before this option. allowed_usernames=*.\.firewall-services\.com$ # Label used to described username field in registration form #username_label = Facebook username # This variable overrides default instructions text in registration form. #instructions = Type your Facebook name here: # Transport features, all features are enabled by default. [features] #filetransfer=1 #avatars=1 #chatstates=1 #statistics=1 # Transport features for VIP users, all features are enabled by default. [vip-features] #filetransfer=1 #avatars=1 #chatstates=1 [logging] # log file, needs to be unique for each spectrum instance log_file=/var/log/spectrum/$jid.log # log areas # combination of: xml, purple log_areas=xml;purple [database] # mysql or sqlite type=sqlite # hostname (not needed for sqlite) #host=localhost # username (not needed for sqlite) #user=user # password (not needed for sqlite) https://wikit.firewall-services.com/ Printed on 13/12/2016 11:45 13/12/2016 11:45 11/11 Installation d'Ejabberd sur CentOS #password=password # sqlite: set path to database file here # mysql: set to name of database database=/var/lib/spectrum/$jid/database.sqlite # table prefix for multiple transport instances sharing the same database #prefix=icq_ [purple] # avatar, vcard, roster storage # needs to be unique for each spectrum instance userdir=/var/lib/spectrum/$jid/userdir Puis, il faut démarrer spectrum: /etc/init.d/spectrum start Les logs d'Ejabberd devraient indiquer qu'un nouveau composant s'est enregistré Activer les services Une fois que tout est fonctionnel, il ne reste qu'à configurer les différents services pour qu'ils démarrent automatiquement: chkconfig ejabberd on chkconfig mysqld on chkconfig spectrum on From: https://wikit.firewall-services.com/ - WikiT Permanent link: https://wikit.firewall-services.com/doku.php/tuto/linux_divers/installer_ejabberd_sur_centos Last update: 05/09/2013 17:19 WikiT - https://wikit.firewall-services.com/