#EJABBERD SSL CERTIFICATE INSTALL#
To install ejabberd and its required dependencies, issue the following command: apt-get install ejabberd “SRV” DNS records to support the resolution of domains to the servers which provide DNS records. For instance, to federate with Google’s “GTalk” XMPP network, server administrators need to have server-to-server (s2s) SSL/TLS encryption enabled, while other servers don’t always require this. In the XMPP system there is no single point of failure however, each server administrator can decide how his server is going to participate in the federated network. Without a centralized server, each XMPP server maintains the accounts and serves as the communication gateway for its own users. Users with accounts on one server - if the server administrators allow it - can communicate with users on other servers. resources), the resource adds a useful amount of specificity. the resource is optional although XMPP allows a single JID to be connected to the server from multiple machines (i.e. In the following example, “username” is the username, “” is the hostname, and “/office” is the resource. The resource is optional and is often safely omitted or ignored by most users. It often looks like an email and contains the username that identifies a specific user on a server, the hostname that identifies the server, and a resource that identifies from where a given user is logged in. The JID (or “Jabber ID”), is the unique identifier for a user in the XMPP network. XMPP/Jabber BasicsĪlthough you can successfully run an XMPP server with only a passing familiarity of the way the XMPP network and system works, understanding the following basic concepts will be helpful: Once you’ve completed these requirements, we can begin with the installation process. We also assume you are connected to your Linode via SSH as root. Setting Up and Securing a Compute Instance guide, and now have an up-to-date instance of the Ubuntu Precise Pangolin operating system. This installation process assumes that you have a working installation of Ubuntu 12.04 (Precise Pangolin), have followed the steps in the Ejabberd servers are believed to be the backbone for some of the largest Jabber servers running now. However, it is incredibly robust and can scale to support incredibly heavy loads. Ejabberd can be considered “heavyweight” by critics because of the requirements of the Erlang run-times. XMPP standards, ejabberd is a great choice for a multi-purpose XMPP server. With a web-based interface and broad support for It is extensible, flexible and very high performance. It should look similar to mine.Ejabberd is a Jabber daemon written in the Erlang programming language. Now, you too should get an A ranking on. If you want at least some privacy for s2s communication, your users have to use OTR. For most uses, s2s communication thus cannot be forced to use TLS. An unscientific study shows about 1/3 of the other servers cannot use STARTTLS, among them Google. įor server-to-server communication, STARTTLS currently needs to remain optional. In /etc/ejabberd/ejabberd.cfg, you should also have the following settings in the listen section: Of course, you first need a key and certificate file. The following parameters might already be set, but let’s double-check. Also changed the library name to fit the new name the Makefile on github creates.
This should not change functionality but might slow down the system startup by a few milliseconds.
#EJABBERD SSL CERTIFICATE UPDATE#
Update : You can also put the lines at the beginning (line 2) of /usr/sbin/ejabberdctl (e.g. Update : You can also put these lines into /etc/default/ejabberd (on Ubuntu and other Debian-based systems, will make updates easier) or /usr/sbin/ejabberdctl (for CentOS).
The first line activates TLS Interposer the second line adds support for RC4 (it is the default cipher set without the trailing „:!RC4“), which is needed for Jitsi. The tail end of /usr/sbin/ejabberd should look as follows:ĭirectly before the exec line, add the following two lines (each starts with export, if your browser wraps them, just undo the additional wrapping):Įxport LD_PRELOAD=/usr/local/lib/libtlsinterposer.soĮxport TLS_INTERPOSER_CIPHERS='EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS' The following description is for ejabberd 2.1.10 on Ubuntu 12.04 LTS other Linux-based versions and installations should be easy to adapt.
If you have not installed TLS Interposer yet, please do so now using the TLS Interposer installation instructions.
0 kommentar(er)
