Personal tools
You are here: Home Linux Instant Messaging Install ejabberd v14.07 on CentOS v7.x

Install ejabberd v14.07 on CentOS v7.x

As of writing this eJabberd was not available as a binary RPM for EL7. This document describes building a binary RPM. Alternatively a vendor supplied binary blob can be used for installation.

Create a VM with:

  • 512MB ram
  • 2 cores
  • 8GB root

This installation is a fresh upgrade style installation. The following environment, as per this installation document, is in place:

  • DNS SRV records
  • an https web reverse proxy for the management web ui
  • signed server-to-server and client-to-client certificates

The jabber server is:

  • small with very low traffic
  • uses local authentication
  • preregistered users
  • uses the built in Mnesia database (no mysql, no postgresql)
  • non-clustered
  • ipv4 and ipv6

 

Install

Install the EPEL repository and the ejabberd RPM:

# rpm -Uvh http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
# yum install http://files.lucidsolutions.co.nz/linux/centos/ejabberd-el7/ejabberd-14.07-6.el7.centos.x86_64.rpm

Configure

Edit '/etc/ejaberd/ejabberd.yml' as required.

Start

Enable and start the systemd based service:

# systemctl enable ejabberd
# systemctl start ejabberd 

Firewall

Add the following ipv4 firewall rules:

# xmpp (client and server)
-A tcpIn -p tcp -m tcp --dport 5222 -m conntrack --ctstate NEW -j ACCEPT
-A tcpIn -p tcp -m tcp --dport 5269 -m conntrack --ctstate NEW -j ACCEPT
-A tcpOut -p tcp -m tcp --dport 5269 -m conntrack --ctstate NEW -j ACCEPT

# ejabberd web interface
-A tcpIn  -p tcp -m tcp --dport 5280 --source 10.20.0.0/16 -m state --state NEW -j ACCEPT

Add the following ipv6 firewall rules:

# xmpp (client and server)
-A tcpIn -p tcp -m tcp --dport 5222 -m conntrack --ctstate NEW -j ACCEPT
-A tcpIn -p tcp -m tcp --dport 5269 -m conntrack --ctstate NEW -j ACCEPT
-A tcpOut -p tcp -m tcp --dport 5269 -m conntrack --ctstate NEW -j ACCEPT

# ejabberd web interface
-A tcpIn  -p tcp -m tcp --dport 5280 --source fd0c:898b:471c/48 -m state --state NEW -j ACCEPT

Ports

Port Usage Description
5222 c2s
Client to server communications. Must be publically accessable.
5269 s2s
Server to server comminucation. This needs to be publically accessable to allow incoming federated connections.
5280
http
ejabberd http web interface
4560
xmlrpc
ejabberd xml rpc port.
4369 epmd
Erlang endpoint mapper. Required by erlang. If a cluster environment is setup then this must be accessable by cluster nodes.
xxxxx
 ejabberd A high port number used for ejabberd for communication between nodes in a cluster environment. This can be found in the epm with 'epmd -names'. It can be constrained to a port range with the FIREWALL_WINDOW setting in '/etc/ejabbers/ejabberdctl.cfg'.

Configure accounts

Create a master administrator account from the command line. It is important to note that the erlang cookie file must be the same as the one used by the ejabberd process (which runs as 'ejabberd'):

# cp /var/lib/ejabberd/.erlang.cookie ~/.erlang.cookie
# ejabberdctl register admin lucidsolutions.co.nz PmBdEmu7krraQGVocLvniee3qa8oD7

Verify TLS support

Use the IM Observatory page to verify the status of the server:

  1. https://xmpp.net/result.php?domain=lucidsolutions.co.nz&type=server
  2. https://xmpp.net/result.php?domain=lucidsolutions.co.nz&type=client

They even provide a badge:

xmpp.net score

Links

Documenation

Verification

Source

TLS

Misc

 

Appendices

TLS verification

$ openssl s_client -connect [::1]:5269     -starttls xmpp
$ openssl s_client -connect 127.0.0.1:5269 -starttls xmpp
$ openssl s_client -connect [::1]:5222     -starttls xmpp
$ openssl s_client -connect 127.0.0.1:5222 -starttls xmpp

ejabberd configuration

ejabberd v14 uses a yaml configuration file: (Note: the cipher lists are wrapped for readability)

###   =======
###   LOGGING
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

###   ================
###   SERVED HOSTNAMES
hosts:
  - "lucidsolutions.co.nz"

###   ===============
###   LISTENING PORTS
listen:
  -
    ip: "::"
    port: 5222
    module: ejabberd_c2s
    certfile: "/etc/ejabberd/ejabberd-c2s.pem"
    ciphers: "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256
        EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA 
        !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
    starttls: true
    protocol_options:
       - "no_sslv3"
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
  -
    ip: "::"
    port: 5269
    module: ejabberd_s2s_in
  -
     ip: "127.0.0.1"
     port: 4560
     module: ejabberd_xmlrpc
  -
     ip: "::1"
     port: 4560
     module: ejabberd_xmlrpc
  -
    port: 5280
    module: ejabberd_http
    ## request_handlers:
    ##   "/pub/archive": mod_http_fileserver
    web_admin: true
    http_poll: true
    http_bind: true
    ## register: true
    captcha: true

#s2s_use_starttls: required
s2s_use_starttls: optional
s2s_certfile: "/etc/ejabberd/ejabberd-s2s.pem"
s2s_ciphers: "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 
    EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA 
    !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
s2s_protocol_options:
   - "no_sslv3"
host_config:
   "lucidsolutions.co.nz":
     domain_certfile: "/etc/ejabberd/ejabberd-s2s.pem"

outgoing_s2s_families:
   - ipv4
   - ipv6

###   ==============
###   AUTHENTICATION

auth_method: internal


###   ===============
###   TRAFFIC SHAPERS
shaper:
  normal: 1000
  fast: 50000

##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
##
max_fsm_queue: 1000

###.   ====================
###'   ACCESS CONTROL LISTS
acl:
  admin:
     user:
       - "admin": "lucidsolutions.co.nz"

  ## Local users: don't modify this.
  local:
    user_regexp: ""

  ##
  ## Loopback network
  ##
  loopback:
    ip:
      - "127.0.0.0/8"
      - "::1"


###   ============
###   ACCESS RULES
access:
  ## Maximum number of simultaneous sessions allowed for a single user:
  max_user_sessions:
    all: 10
  ## Maximum number of offline messages that users can have:
  max_user_offline_messages:
    admin: 5000
    all: 100
  ## This rule allows access only for local users:
  local:
    local: allow
  ## Only non-blocked users can use c2s connections:
  c2s:
    blocked: deny
    all: allow
  ## For C2S connections, all users except admins use the "normal" shaper
  c2s_shaper:
    admin: none
    all: normal
  ## All S2S connections use the "fast" shaper
  s2s_shaper:
    all: fast
  ## Only admins can send announcement messages:
  announce:
    admin: allow
  ## Only admins can use the configuration interface:
  configure:
    admin: allow
  ## Admins of this server are also admins of the MUC service:
  muc_admin:
    admin: allow
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create:
    local: allow
  ## All users are allowed to use the MUC service:
  muc:
    all: allow
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode:
    local: allow
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register:
    all: deny
  ## Only allow to register from localhost
  trusted_network:
    loopback: allow
  ## Do not establish S2S connections with bad servers
  ## s2s:
  ##   bad_servers: deny
  ##   all: allow


###   ================
###   DEFAULT LANGUAGE
language: "en"

###   =======
###   MODULES
modules:
  mod_adhoc: {}
  mod_announce: # recommends mod_adhoc
    access: announce
  mod_blocking: {} # requires mod_privacy
  mod_caps: {}
  mod_carboncopy: {}
  mod_configure: {} # requires mod_adhoc
  mod_disco: {}
  ## mod_echo: {}
  mod_irc: {}
  mod_http_bind: {}
  ## mod_http_fileserver:
  ##   docroot: "/var/www"
  ##   accesslog: "/var/log/ejabberd/access.log"
  mod_last: {}
  mod_muc:
    ## host: "conference.@HOST@"
    access: muc
    access_create: muc_create
    access_persistent: muc_create
    access_admin: muc_admin
  ## mod_muc_log: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  ## mod_pres_counter:
  ##   count: 5
  ##   interval: 60
  mod_privacy: {}
  mod_private: {}
  ## mod_proxy65: {}
  mod_pubsub:
    access_createnode: pubsub_createnode
    ## reduces resource comsumption, but XEP incompliant
    ignore_pep_from_offline: true
    ## XEP compliant, but increases resource comsumption
    ## ignore_pep_from_offline: false
    last_item_cache: false
    plugins:
      - "flat"
      - "hometree"
      - "pep" # pep requires mod_caps
  mod_register:
    welcome_message:
      subject: "Welcome!"
      body: |-
        Hi.
        Welcome to this XMPP server.
    ## registration_watchers:
    ##   - "admin1@example.org"
    ip_access: trusted_network
    access: register
  mod_roster: {}
  mod_shared_roster: {}
  mod_stats: {}
  mod_time: {}
  mod_vcard: {}
  mod_version: {}

Installation

yum install

Dependencies Resolved

==========================================================================================
 Package                 Arch   Version                Repository                    Size
==========================================================================================
Installing:
 ejabberd                x86_64 14.07-6.el7.centos     /ejabberd-14.07-6.el7.centos.x86_64
                                                                                    6.1 M
Installing for dependencies:
 SDL                     x86_64 1.2.15-11.el7          base                         204 k
 atk                     x86_64 2.8.0-4.el7            base                         233 k
 cairo                   x86_64 1.12.14-6.el7          base                         697 k
 cups-libs               x86_64 1:1.6.3-14.el7         base                         352 k
 erlang                  x86_64 R16B-03.7.el7          epel                          30 k
 erlang-appmon           x86_64 R16B-03.7.el7          epel                         138 k
 erlang-asn1             x86_64 R16B-03.7.el7          epel                         757 k
 erlang-common_test      x86_64 R16B-03.7.el7          epel                         719 k
 erlang-compiler         x86_64 R16B-03.7.el7          epel                         1.0 M
 erlang-cosEvent         x86_64 R16B-03.7.el7          epel                         154 k
 erlang-cosEventDomain   x86_64 R16B-03.7.el7          epel                         119 k
 erlang-cosFileTransfer  x86_64 R16B-03.7.el7          epel                         173 k
 erlang-cosNotification  x86_64 R16B-03.7.el7          epel                         738 k
 erlang-cosProperty      x86_64 R16B-03.7.el7          epel                         166 k
 erlang-cosTime          x86_64 R16B-03.7.el7          epel                         111 k
 erlang-cosTransactions  x86_64 R16B-03.7.el7          epel                         171 k
 erlang-crypto           x86_64 R16B-03.7.el7          epel                          84 k
 erlang-debugger         x86_64 R16B-03.7.el7          epel                         544 k
 erlang-dialyzer         x86_64 R16B-03.7.el7          epel                         655 k
 erlang-diameter         x86_64 R16B-03.7.el7          epel                         655 k
 erlang-edoc             x86_64 R16B-03.7.el7          epel                         319 k
 erlang-eldap            x86_64 R16B-03.7.el7          epel                         101 k
 erlang-erl_docgen       x86_64 R16B-03.7.el7          epel                         152 k
 erlang-erl_interface    x86_64 R16B-03.7.el7          epel                         184 k
 erlang-erts             x86_64 R16B-03.7.el7          epel                         2.5 M
 erlang-et               x86_64 R16B-03.7.el7          epel                         224 k
 erlang-eunit            x86_64 R16B-03.7.el7          epel                         151 k
 erlang-examples         x86_64 R16B-03.7.el7          epel                         1.1 M
 erlang-gs               x86_64 R16B-03.7.el7          epel                         627 k
 erlang-hipe             x86_64 R16B-03.7.el7          epel                         2.4 M
 erlang-ic               x86_64 R16B-03.7.el7          epel                         884 k
 erlang-inets            x86_64 R16B-03.7.el7          epel                         797 k
 erlang-jinterface       x86_64 R16B-03.7.el7          epel                          99 k
 erlang-kernel           x86_64 R16B-03.7.el7          epel                         1.1 M
 erlang-megaco           x86_64 R16B-03.7.el7          epel                         5.5 M
 erlang-mnesia           x86_64 R16B-03.7.el7          epel                         699 k
 erlang-observer         x86_64 R16B-03.7.el7          epel                         556 k
 erlang-odbc             x86_64 R16B-03.7.el7          epel                          68 k
 erlang-orber            x86_64 R16B-03.7.el7          epel                         945 k
 erlang-os_mon           x86_64 R16B-03.7.el7          epel                         113 k
 erlang-otp_mibs         x86_64 R16B-03.7.el7          epel                          31 k
 erlang-parsetools       x86_64 R16B-03.7.el7          epel                         177 k
 erlang-percept          x86_64 R16B-03.7.el7          epel                         149 k
 erlang-pman             x86_64 R16B-03.7.el7          epel                         112 k
 erlang-public_key       x86_64 R16B-03.7.el7          epel                         536 k
 erlang-reltool          x86_64 R16B-03.7.el7          epel                         358 k
 erlang-runtime_tools    x86_64 R16B-03.7.el7          epel                         178 k
 erlang-sasl             x86_64 R16B-03.7.el7          epel                         292 k
 erlang-snmp             x86_64 R16B-03.7.el7          epel                         1.5 M
 erlang-ssh              x86_64 R16B-03.7.el7          epel                         393 k
 erlang-ssl              x86_64 R16B-03.7.el7          epel                         585 k
 erlang-stdlib           x86_64 R16B-03.7.el7          epel                         2.2 M
 erlang-syntax_tools     x86_64 R16B-03.7.el7          epel                         335 k
 erlang-test_server      x86_64 R16B-03.7.el7          epel                         280 k
 erlang-toolbar          x86_64 R16B-03.7.el7          epel                          54 k
 erlang-tools            x86_64 R16B-03.7.el7          epel                         564 k
 erlang-tv               x86_64 R16B-03.7.el7          epel                         395 k
 erlang-typer            x86_64 R16B-03.7.el7          epel                          65 k
 erlang-webtool          x86_64 R16B-03.7.el7          epel                          49 k
 erlang-wx               x86_64 R16B-03.7.el7          epel                         2.9 M
 erlang-xmerl            x86_64 R16B-03.7.el7          epel                         996 k
 fontconfig              x86_64 2.10.95-7.el7          base                         228 k
 fontpackages-filesystem noarch 1.44-8.el7             base                         9.9 k
 gd                      x86_64 2.0.35-26.el7          base                         146 k
 gdk-pixbuf2             x86_64 2.28.2-4.el7           base                         533 k
 ghostscript             x86_64 9.07-16.el7            base                         4.3 M
 ghostscript-fonts       noarch 5.50-32.el7            base                         324 k
 graphite2               x86_64 1.2.2-5.el7            base                          81 k
 graphviz                x86_64 2.30.1-18.el7          base                         1.3 M
 gtk2                    x86_64 2.24.22-5.el7_0.1      updates                      3.4 M
 harfbuzz                x86_64 0.9.20-3.el7           base                         144 k
 hicolor-icon-theme      noarch 0.12-7.el7             base                          42 k
 jasper-libs             x86_64 1.900.1-26.el7         base                         147 k
 jbigkit-libs            x86_64 2.0-11.el7             base                          46 k
 lcms2                   x86_64 2.5-4.el7              base                         133 k
 libICE                  x86_64 1.0.8-7.el7            base                          63 k
 libSM                   x86_64 1.2.1-7.el7            base                          38 k
 libX11                  x86_64 1.6.0-2.1.el7          base                         605 k
 libX11-common           noarch 1.6.0-2.1.el7          base                         181 k
 libXau                  x86_64 1.0.8-2.1.el7          base                          29 k
 libXaw                  x86_64 1.0.11-6.1.el7         base                         189 k
 libXcomposite           x86_64 0.4.4-4.1.el7          base                          22 k
 libXcursor              x86_64 1.1.14-2.1.el7         base                          30 k
 libXdamage              x86_64 1.1.4-4.1.el7          base                          20 k
 libXext                 x86_64 1.3.2-2.1.el7          base                          38 k
 libXfixes               x86_64 5.0.1-2.1.el7          base                          18 k
 libXfont                x86_64 1.4.7-2.el7_0          updates                      144 k
 libXft                  x86_64 2.3.1-5.1.el7          base                          57 k
 libXi                   x86_64 1.7.2-2.1.el7          base                          39 k
 libXinerama             x86_64 1.1.3-2.1.el7          base                          14 k
 libXmu                  x86_64 1.1.1-5.1.el7          base                          70 k
 libXpm                  x86_64 3.5.10-5.1.el7         base                          52 k
 libXrandr               x86_64 1.4.1-2.1.el7          base                          25 k
 libXrender              x86_64 0.9.8-2.1.el7          base                          25 k
 libXt                   x86_64 1.1.4-6.1.el7          base                         173 k
 libXxf86vm              x86_64 1.1.3-2.1.el7          base                          17 k
 libfontenc              x86_64 1.1.1-5.el7            base                          29 k
 libjpeg-turbo           x86_64 1.2.90-5.el7           base                         134 k
 libpng                  x86_64 2:1.5.13-5.el7         base                         212 k
 librsvg2                x86_64 2.39.0-1.el7           base                         123 k
 libthai                 x86_64 0.1.14-9.el7           base                         187 k
 libtiff                 x86_64 4.0.3-14.el7           base                         167 k
 libtool-ltdl            x86_64 2.4.2-20.el7           base                          49 k
 libxcb                  x86_64 1.9-5.el7              base                         169 k
 libyaml                 x86_64 0.1.4-10.el7           base                          55 k
 lksctp-tools            x86_64 1.0.13-3.el7           base                          87 k
 mesa-libEGL             x86_64 9.2.5-6.20131218.el7_0 updates                       69 k
 mesa-libGL              x86_64 9.2.5-6.20131218.el7_0 updates                      142 k
 mesa-libGLU             x86_64 9.0.0-4.el7            base                         196 k
 mesa-libgbm             x86_64 9.2.5-6.20131218.el7_0 updates                       30 k
 mesa-libglapi           x86_64 9.2.5-6.20131218.el7_0 updates                       34 k
 pango                   x86_64 1.34.1-5.el7           base                         283 k
 pixman                  x86_64 0.32.4-3.el7           base                         254 k
 poppler-data            noarch 0.4.6-3.el7            base                         2.2 M
 tcl                     x86_64 1:8.5.13-4.el7         base                         1.9 M
 tk                      x86_64 1:8.5.13-4.el7         base                         1.4 M
 unixODBC                x86_64 2.3.1-10.el7           base                         413 k
 urw-fonts               noarch 2.4-16.el7             base                         3.0 M
 wxBase                  x86_64 2.8.12-8.el7           epel                         576 k
 wxGTK                   x86_64 2.8.12-8.el7           epel                         2.9 M
 wxGTK-gl                x86_64 2.8.12-8.el7           epel                          33 k
 xorg-x11-font-utils     x86_64 1:7.5-18.1.el7         base                          87 k

Transaction Summary
==========================================================================================
Install  1 Package (+122 Dependent packages)

Total size: 71 M
Total download size: 65 M
Installed size: 166 M

 

 

Document Actions