tuto:linux_divers:installer_ejabberd_sur_centos

Ceci est une ancienne révision du document !

Installation d'Ejabberd sur CentOS

Ejabberd est un serveur xmpp (jabber) robuste, écrit en erlang. Ce how-to décrit l'installation sur une CentOS

Installation d'une CentOS de base

Suivre ce how-to pour l'installation de base

Configuration des dépôts tiers

Suivre ce how-to pour configurer les dépôts tiers

Installer Ejabberd

Le dépôt EPEL propose un paquet pour Ejabberd 

yum --enablerepo=epel install ejabberd

On peut aussi installer le serveur mysql pour le stockage des données 

yum install mysql-server

Ainsi que les modules supplémentaires pour Ejabberd (intégrant entre autre le driver mysql natif) 

yum --enablerepo=fws-testing install ejabberd-modules

Préparations

Par soucis de performance, et de facilité d'administration, nous allons utiliser une base MySQL pour stocker les informations relatives au serveur jabber (par défaut, Ejabberd utilise une base Mnesia, fournit par erlang)

Configuration de mysqld

Ejabberd a besoin du moteur InnoDB, il faut donc l'activer. Il faut aussi activer l'écoute sur le réseau (Ejabberd ne sachant pas communiquer avec un socket UNIX)

Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins) 

cp -a /etc/my.cnf /etc/my.cnf.default
echo '' > /etc/my.cnf
vim /etc/my.cnf

Puis y placer les ligne suivantes: 

[mysqld]
pid-file=/var/run/mysqld/mysqld.pid
basedir=/usr
datadir=/var/lib/mysql
innodb_data_home_dir = /var/lib/mysql/
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /var/lib/mysql/
innodb_log_arch_dir = /var/lib/mysql/
innodb_buffer_pool_size = 16M
innodb_additional_mem_pool_size = 2M
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
innodb_file_per_table

socket=/var/lib/mysql/mysql.sock
# networking is enabled
log-error=/var/log/mysqld.log
max_allowed_packet=16M
user=mysql

[mysqld_safe]

Création d'un mot de passe root (mysql)

/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' > ~/.my.pw
chmod 600 ~/.my.pw
/usr/bin/mysqladmin -u root password $(cat ~/.my.pw)
echo '[client]' > ~/.my.cnf
echo "password="$(cat ~/.my.pw) >> ~/.my.cnf

Création d'une base de donnée pour Ejabberd

/usr/bin/openssl rand -base64 50 | tr -c -d '[:alnum:]' > /etc/ejabberd/db.pw
chmod 600 /etc/ejabberd/db.pw
mysql -e 'create database ejabberd'
mysql -e "grant all privileges on ejabberd.* to 'ejabberd'@'localhost' identified by $(cat /etc/ejabberd/db.pw)"
mysql -e 'flush privileges'

Importation du schéma pour Ejabberd

mysql ejabberd < /usr/share/doc/ejabberd-modules-0.1/mysql.sql

Configuration de de base

Le fichier de configuration d'Ejabberd est /etc/ejabberd/ejabberd.cfg La syntaxe est en erlang

Voici un exemple: 

% Users that have admin access.  Add line like one of the following after you
% will be successfully registered on server to get admin access:
{acl, admin, {user, "admin"}}.
% {acl, admin, {user, "user1"}}.
 
% Local users:
{acl, local, {user_regexp, ""}}.
 
% Blocked users:
%{acl, blocked, {user, "test"}}.
 
% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
 
 
% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
 
% Registration is disabled
{access, register, [{deny,all}]}.
 
% Only admins can send announcement messages :
{access, announce, [{allow, admin}]}.
 
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
               {allow, all}]}.
 
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
 
% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.
 
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
                      {normal, all}]}.
 
% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
 
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
 
% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
{access, muc_log, [{allow, admin}, {deny, all}]}.
 
 
% Allow access only for local users:
{access, local, [{allow, local}]}.
 
 
%% Being Acls for MSN users
 
% This example will deny communication with MSN users, except
% The ones listed in good_msn_users
 
% Requires mod_filter
 
{acl, good_msn_users, {user, "user1\\40hotmail.com", "msn.domain.tld"}}.
{acl, good_msn_users, {user, "user2\\40hotmail.fr", "msn.domain.tld"}}.
{acl, good_msn_users, {user, "", "msn.domain.tld"}}.
{acl, msn_users, {server_glob, "msn*"}}.
 
{access, mod_filter, [{allow, all}]}.
{access, mod_filter_presence, [{allow, all}]}.
{access, mod_filter_message, [{allow, all}]}.
{access, mod_filter_iq, [{allow, all}]}.
 
{access, mod_filter, [
  % Filter incoming messages; allow only good messages
  {allow, good_msn_users},
  {deny, msn_users},
  % Filter the rest, including outgoing messages
  {filter_msn, all}
]}.
 
{access, filter_msn, [
  % Users can send messages to good MSN users
  {allow, good_msn_users},
  % but not to other MSN users
  {deny, msn_users},
  % All non-MSN traffic is allowed
  {allow, all}
]}.
 
%% End filter example
 
% Auth MySQL
{auth_method, odbc}.
 
% mysql database access, with native mysql driver
{odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "__SECRET__"}}.
 
% Host name:
{hosts, ["domain.tld"]}.
 
 
%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.
 
% Default language for server messages
{language, "fr"}.
 
% Listened ports:
{listen, [
       % Standard port 5222 with TLS support (and required)
       {5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper}, starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}]},
       % Deprecated SSL port on 5223
       {5223, ejabberd_c2s,     [{access, c2s}, tls, {certfile, "/etc/ejabberd/ejabberd.pem"}]}
 
       % Uncomment this line to allow s2s connections:
       % ,{5269, ejabberd_s2s_in,  [{shaper, s2s_shaper}, {max_stanza_size, 131072}]}
 
       % Example of transport configuration
       % ,{5347, ejabberd_service, [{host, "msn.domain.tld",
       %         [{password, "secret"}]}]}
]}.
 
% If SRV lookup fails, then port 5269 is used to communicate with remote server
% Uncomment this line to allow s2s connections
% {outgoing_s2s_port, 5269}.
 
% Modules
{modules,
 [  
%  {mod_register,   [{access, register}]},
  {mod_roster_odbc,     []},
  {mod_privacy_odbc,    []},
  {mod_adhoc,      []},
  {mod_configure,  []}, % Depends on mod_adhoc
  {mod_configure2, []},
  {mod_disco,      []},
  {mod_stats,      []},
  {mod_vcard_odbc, []},
  %% if you prefer ldap based vcard service, use the following
  %% adapt it to your needs
%  {mod_vcard_ldap,
%   [
%    {ldap_base, "ou=Users,dc=domain,dc=tld"},
%    {ldap_filter, "(objectClass=inetOrgPerson)"},
%    {ldap_vcard_map,
    %% vcard patterns
%     [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname
%      {"GIVEN", "%s", ["givenName"]},
%      {"FAMILY", "%s", ["sn"]},
%      {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John"
%      {"EMAIL", "%s", ["mail"]},
%      {"BDAY", "%s", ["birthDay"]},
%      {"ORGNAME", "%s", ["o"]},
%      {"ORGUNIT", "%s", ["ou"]},
%      {"LOCALITY", "%s", ["l"]},
%      {"STREET", "%s", ["Street"]},
%      {"TEL", "%s", ["Phone"]}
%     ]},
%    %% Search form
%    {ldap_search_fields,
%     [{"User", "%u"},
%      {"Name", "givenName"},
%      {"Family Name", "sn"},
%      {"Email", "mail"}]},
%    %% vCard fields to be reported
%    %% Note that JID is always returned with search results
%    {ldap_search_reported,
%     [{"Full Name", "FN"},
%      {"Nickname", "NICKNAME"}]}
%  ]},
%  {mod_vcard_odbc, []},
  {mod_caps,       []},
  {mod_offline_odbc,    []},
  {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc
  {mod_private_odbc,    []},
  {mod_irc,        []},
% Default options for mod_muc:
%   host: "conference." ++ ?MYNAME
%   access: all
%   access_create: all
%   access_admin: none (only room creator has owner privileges)
  {mod_muc,        [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]},
  {mod_muc_log,    []},
  {mod_shared_roster, []},
  {mod_pubsub,     [
    {access_createnode, pubsub_createnode},
    {plugins, ["flat", "hometree", "pep"]}
  ]},
  {mod_time,       []},
  {mod_last_odbc,       []},
%  {mod_xmlrpc,[{port, 4560},{timeout, 5000}]},
  {mod_version,    []},
  {mod_admin_extra,    []},
%  {mod_archive_odbc, [{database_type, "mysql"},
%                      {default_auto_save, true},
%                      {enforce_default_auto_save, false},
%                      {default_expire, infinity},
%                      {enforce_min_expire, 0},
%                      {enforce_max_expire, infinity},
%                      {replication_expire, 31536000},
%                      {session_duration, 1800},
%                      {wipeout_interval, 86400}]},
% {mod_log_chat,  [{path, "/var/log/ejabberd/chat"}, {format, text}]},
 
 
  {mod_echo,       [{host, "echo.domain.tld"}]}
 ]}.
 
%%% Local Variables:
%%% mode: erlang
%%% End:

On remplace maintenant par le mot de passe mysql pour ejabberd: 

export PASS=$(cat /etc/ejabberd/db.pw)
sed -i -e "s/__SECRET/$PASS/g" /etc/ejabberd/ejabberd.cfg
unset PASS
  • tuto/linux_divers/installer_ejabberd_sur_centos.1295951682.txt.gz
  • Dernière modification: 25/01/2011 11:34
  • de dani