Skip to content

Instantly share code, notes, and snippets.

@holtbp

holtbp/.README.md

Last active September 7, 2017 19:24
Show Gist options
  • Save holtbp/10b676bf4ed0ea392dafeff65ded4013 to your computer and use it in GitHub Desktop.
Save holtbp/10b676bf4ed0ea392dafeff65ded4013 to your computer and use it in GitHub Desktop.
Download ZIP
Setup Ejabberd on Amazon EC2, CentOS 7
Raw
.README.md
Raw
ejabberd.yml
###
###' ejabberd configuration file
###
###
### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/
###. =======
###' LOGGING
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
###. ================
###' SERVED HOSTNAMES
##
## hosts: Domains served by ejabberd.
##
hosts:
- "localhost"
- "example.com"
###. ===============
###' LISTENING PORTS
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
-
port: 5222
module: ejabberd_c2s
certfile: "/opt/ejabberd-16.04/conf/server.pem"
starttls: true
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
## starttls_required: true
##
## Custom OpenSSL options
##
protocol_options:
- "no_sslv3"
## - "no_tlsv1"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 5280
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: false
###. ==============
###' AUTHENTICATION
auth_method: internal
###. ==============
###' DATABASE SETUP
riak_server: "localhost"
riak_port: 8087
## Redis
redis_server: "127.0.0.1"
redis_port: 6379
redis_db: 0
## Databse server
## Types: ['mysql', 'sqlite', 'pgsql', 'odbc']
odbc_type: mysql
odbc_server: "localhost"
odbc_database: "ejabberd"
odbc_username: "username"
odbc_password: "password"
odbc_port: 3306
###. ===============
###' TRAFFIC SHAPERS
shaper:
## Values in B/s
normal: 1000
fast: 50000
max_fsm_queue: 1000
sm_db_type: redis
###. ====================
###' ACCESS CONTROL LISTS
acl:
admin:
user:
- "admin": "ip-xx-x-x-xx.us-east-x.compute.internal"
## Local users: don't modify this.
##
local:
user_regexp: ""
## Loopback network
loopback:
ip:
- "127.0.0.0/8"
###. ============
###' ACCESS RULES
access:
## Maximum number of simultaneous sessions allowed for a single user:
max_user_sessions:
all: 10
## Maximum number of offline messages that users can have:
max_user_offline_messages:
admin: 5000
all: 100
## This rule allows access only for local users:
local:
local: allow
## Only non-blocked users can use c2s connections:
c2s:
blocked: deny
all: allow
## For C2S connections, all users except admins use the "normal" shaper
c2s_shaper:
admin: none
all: normal
## All S2S connections use the "fast" shaper
s2s_shaper:
all: fast
## Only admins can send announcement messages:
announce:
admin: allow
## Only admins can use the configuration interface:
configure:
admin: allow
## Admins of this server are also admins of the MUC service:
muc_admin:
admin: allow
## Only accounts of the local ejabberd server can create rooms:
muc_create:
local: allow
## All users are allowed to use the MUC service:
muc:
all: allow
## Only accounts on the local ejabberd server can create Pubsub nodes:
pubsub_createnode:
local: allow
## In-band registration allows registration of any possible username.
## To disable in-band registration, replace 'allow' with 'deny'.
register:
all: allow
## Only allow to register from localhost
trusted_network:
loopback: allow
###. ================
###' DEFAULT LANGUAGE
## language: Default language used for server messages.
language: "en"
###. =======
###' MODULES
## Modules enabled in all ejabberd virtual hosts.
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
db_type: riak
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps:
db_type: riak
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco: {}
mod_http_bind: {}
mod_last:
db_type: riak
mod_mam:
default: always
db_type: odbc
mod_muc:
## host: "conference.@HOST@"
db_type: riak
access: muc
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin
mod_muc_admin: {}
## mod_muc_log: {}
## mod_multicast: {}
mod_offline:
db_type: riak
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy:
db_type: riak
mod_private:
db_type: riak
mod_pubsub:
access_createnode: pubsub_createnode
## reduces resource comsumption, but XEP incompliant
ignore_pep_from_offline: true
## XEP compliant, but increases resource comsumption
## ignore_pep_from_offline: false
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
mod_register:
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
ip_access: trusted_network
access: register
mod_roster:
db_type: riak
mod_shared_roster:
db_type: riak
mod_vcard:
db_type: riak
mod_version: {}
allow_contrib_modules: true
###.
###'
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
Raw
Step1-InstallationCentOS.md

Step 1 / 2

This step of the guide walks through installing ejabberd on CentOS 7. At the end, you will have Erlang, ejabberd, Riak KV, Redis, and MySQL installed (Elixir install optional).

Install development tools

# Install Extra Packages for Enterprise Linux
$ sudo yum install epel-release

# Make sure the packages installed are update-to-date
$ sudo yum -y update && sudo yum -y upgrade

# Install development tools
$ sudo yum install gcc gcc-c++ glibc-devel make ncurses-devel openssl-devel autoconf java-1.8.0-openjdk-devel git wxBase.x86_64

Install Erlang

# Install erlang solutions repo
$ wget http://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm
$ rpm -Uvh erlang-solutions-1.0-1.noarch.rpm

# Install Erlang
$ sudo yum instal erlang

Install Ejabberd

$ sudo wget -O ejabberd-16.04-0.x86_64.rpm https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/16.04/ejabberd-16.04-0.x86_64.rpm
$ sudo rpm -ivh ejabberd-16.04-0.x86_64.rpm

Start Ejabberd:

# Copy the .service file into /etc/systemd/system
$ sudo cp /opt/ejabberd-16.04/bin/ejabberd.service /etc/systemd/system/

# Start ejabberd service
$ sudo systemctl start ejabberd

Install Riak KV

# Add Riak repo from packagecloud
$ curl -s https://packagecloud.io/install/repositories/basho/riak/script.rpm.sh | sudo bash

# Install Riak
$ sudo yum install riak

# Start Riak
$ sudo riak start

# Verify it is up
$ sudo riak ping
pong

# Test writing to Riak
$ sudo riak-admin test
Successfully completed 1 read/write cycle to '[email protected]'

Install Redis

To install and start a Redis server:

# Install redis
$ sudo yum install redis

# Start redis
$ sudo systemctl start redis

Install MySQL

To install MySQL:

# Install MySQL server
$ sudo yum install mysql-server

# Start MySQL
$ sudo systemctl start mysqld

If you want to "secure" your MySQL installation from known vulnerabilities, start the interactive guide:

$ sudo mysql_secure_installation

Next steps

Optional: Elixir

Install Elixir

# Install Elixir
$ cd /opt
$ sudo git clone https://github.com/elixir-lang/elixir.git
$ cd elixir/
$ sudo make clean test

# Create symlinks
$ sudo ln -s /opt/elixir/bin/iex /usr/local/bin/iex
$ sudo ln -s /opt/elixir/bin/mix /usr/local/bin/mix
$ sudo ln -s /opt/elixir/bin/elixir /usr/local/bin/elixir
$ sudo ln -s /opt/elixir/bin/elixirc /usr/local/bin/elixirc

External resources

Full install instructions:

Raw
Step2-ConfigureEjabberd.md

Step 2 / 2

This step of the guide walks through configuring ejabberd to use Riak KV for persistence and MySQL for message archiving. You can either follow each step in this file, or you can just use the finished ejabberd.yml as an example.

Configure to use Riak KV

Update ejabberd.yml with Riak connection details:

riak_server: "localhost"
riak_port: 8087

Then, you will need to configure the ejabberd modules to use Riak as their data store. See modules section of ejabberd.yml

Configure MAM to use MySQL

Update ejabberd.yml with MySQL connection info:

odbc_type: mysql
odbc_server: "localhost"
odbc_database: "ejabberd"
odbc_username: "username"
odbc_password: "password"

Then, you will want to enable mod_mam in ejabberd.yml and set the storage for mod_mam to be MySQL:

  mod_mam:
    default: always
    db_type: odbc

Finally, you will have to create the MySQL database ejabberd:

# Get the DB schema file from ejabberd's GitHub
$ sudo wget https://raw.githubusercontent.com/processone/ejabberd/master/sql/mysql.sql

# Log into MySQL
$ mysql -u root 

# Create ejabberd database
mysql> CREATE DATABASE ejabberd;

# Create ejabberd user
mysql> CREATE USER 'ejabberd'@'localhost' IDENTIFIED BY 'password';

# Grant ejabberd user privileges to ejabberd database
mysql> GRANT ALL on ejabberd.* to 'ejabberd'@'localhost';

# Reload privileges
mysql> FLUSH PRIVILEGES;

# Create tables in ejabberd DB from schema file
$ mysql ejabberd -u ejabberd -p < mysql.sql

Configure to use Redis for Session Management

Update ejabberd.yml with Redis connection info:

redis_server: "127.0.0.1"
redis_port: 6379
redis_db: 0

Find this line:

sm_db_type: mnesia

And change it to use Redis:

sm_db_type: redis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment