Différences

Ci-dessous, les différences entre deux révisions de la page.

--- tuto:linux_divers:installer_ejabberd_sur_centos [25/01/2011 11:57]
dani
+++ tuto:linux_divers:installer_ejabberd_sur_centos [05/09/2013 17:19]
@@ Ligne 1: / Ligne 1: @@
-====== Installation d'Ejabberd sur CentOS ======
-Ejabberd est un serveur xmpp (jabber) robuste, écrit en erlang. Ce how-to décrit l'installation sur une CentOS
-===== Installation d'une CentOS de base =====
-Suivre ce [[base_install_cos5|how-to]] pour l'installation de base
-===== Configuration des dépôts tiers =====
-Suivre ce [[extras_repo|how-to]] pour configurer les dépôts tiers
-===== Installer Ejabberd =====
-Le dépôt EPEL propose un paquet pour Ejabberd
-<code bash>
-yum --enablerepo=epel install ejabberd
-</code>
-On peut aussi installer le serveur mysql pour le stockage des données
-<code bash>
-yum install mysql-server
-</code>
-Ainsi que les modules supplémentaires pour Ejabberd (intégrant entre autre le driver mysql natif)
-<code bash>
-yum --enablerepo=fws-testing install ejabberd-modules
-</code>
-===== Préparations =====
-Par soucis de performance, et de facilité d'administration, nous allons utiliser une base MySQL pour stocker les informations relatives au serveur jabber (par défaut, Ejabberd utilise une base Mnesia, fournit par erlang)
-==== Configuration de mysqld ====
-Ejabberd a besoin du moteur InnoDB, il faut donc l'activer. Il faut aussi activer l'écoute sur le réseau (Ejabberd ne sachant pas communiquer avec un socket UNIX)
-Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins)
-<code bash>
-cp -a /etc/my.cnf /etc/my.cnf.default
-echo '' > /etc/my.cnf
-vim /etc/my.cnf
-</code>
-Puis y placer les ligne suivantes:
-<code>
-[mysqld]
-pid-file=/var/run/mysqld/mysqld.pid
-basedir=/usr
-datadir=/var/lib/mysql
-innodb_data_home_dir = /var/lib/mysql/
-innodb_data_file_path = ibdata1:10M:autoextend
-innodb_log_group_home_dir = /var/lib/mysql/
-innodb_log_arch_dir = /var/lib/mysql/
-innodb_buffer_pool_size = 16M
-innodb_additional_mem_pool_size = 2M
-innodb_log_file_size = 5M
-innodb_log_buffer_size = 8M
-innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-innodb_file_per_table
-socket=/var/lib/mysql/mysql.sock
-# networking is enabled
-log-error=/var/log/mysqld.log
-max_allowed_packet=16M
-user=mysql
-[mysqld_safe]
-</code>
-==== Création d'un mot de passe root (mysql) ====
-<code bash>
-/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' > ~/.my.pw
-chmod 600 ~/.my.pw
-/usr/bin/mysqladmin -u root password $(cat ~/.my.pw)
-echo '[client]' > ~/.my.cnf
-echo "password="$(cat ~/.my.pw) >> ~/.my.cnf
-</code>
-==== Création d'une base de donnée pour Ejabberd ====
-<code bash>
-/usr/bin/openssl rand -base64 50 | tr -c -d '[:alnum:]' > /etc/ejabberd/db.pw
-chmod 600 /etc/ejabberd/db.pw
-mysql -e 'create database ejabberd'
-mysql -e "grant all privileges on ejabberd.* to 'ejabberd'@'localhost' identified by $(cat /etc/ejabberd/db.pw)"
-mysql -e 'flush privileges'
-</code>
-==== Importation du schéma pour Ejabberd ====
-<code bash>
-mysql ejabberd < /usr/share/doc/ejabberd-modules-0.1/mysql.sql
-</code>
-===== Configuration de de base =====
-Le fichier de configuration d'Ejabberd est **/etc/ejabberd/ejabberd.cfg**
-La syntaxe est en erlang
-Voici un exemple:
-<code erlang>
-% Users that have admin access.  Add line like one of the following after you
-% will be successfully registered on server to get admin access:
-{acl, admin, {user, "admin"}}.
-% {acl, admin, {user, "user1"}}.
-% Local users:
-{acl, local, {user_regexp, ""}}.
-% Blocked users:
-%{acl, blocked, {user, "test"}}.
-% Everybody can create pubsub nodes
-{access, pubsub_createnode, [{allow, all}]}.
-% Only admins can use configuration interface:
-{access, configure, [{allow, admin}]}.
-% Registration is disabled
-{access, register, [{deny,all}]}.
-% Only admins can send announcement messages :
-{access, announce, [{allow, admin}]}.
-% Only non-blocked users can use c2s connections:
-{access, c2s, [{deny, blocked},
-               {allow, all}]}.
-% Set shaper with name "normal" to limit traffic speed to 1000B/s
-{shaper, normal, {maxrate, 1000}}.
-% Set shaper with name "fast" to limit traffic speed to 50000B/s
-{shaper, fast, {maxrate, 50000}}.
-% For all users except admins used "normal" shaper
-{access, c2s_shaper, [{none, admin},
-                      {normal, all}]}.
-% For all S2S connections used "fast" shaper
-{access, s2s_shaper, [{fast, all}]}.
-% Admins of this server are also admins of MUC service:
-{access, muc_admin, [{allow, admin}]}.
-% All users are allowed to use MUC service:
-{access, muc, [{allow, all}]}.
-{access, muc_log, [{allow, admin}, {deny, all}]}.
-% Allow access only for local users:
-{access, local, [{allow, local}]}.
-%% Being Acls for MSN users
-% This example will deny communication with MSN users, except
-% The ones listed in good_msn_users
-% Requires mod_filter
-{acl, good_msn_users, {user, "user1\\40hotmail.com", "msn.domain.tld"}}.
-{acl, good_msn_users, {user, "user2\\40hotmail.fr", "msn.domain.tld"}}.
-{acl, good_msn_users, {user, "", "msn.domain.tld"}}.
-{acl, msn_users, {server_glob, "msn*"}}.
-{access, mod_filter, [{allow, all}]}.
-{access, mod_filter_presence, [{allow, all}]}.
-{access, mod_filter_message, [{allow, all}]}.
-{access, mod_filter_iq, [{allow, all}]}.
-{access, mod_filter, [
-  % Filter incoming messages; allow only good messages
-  {allow, good_msn_users},
-  {deny, msn_users},
-  % Filter the rest, including outgoing messages
-  {filter_msn, all}
-]}.
-{access, filter_msn, [
-  % Users can send messages to good MSN users
-  {allow, good_msn_users},
-  % but not to other MSN users
-  {deny, msn_users},
-  % All non-MSN traffic is allowed
-  {allow, all}
-]}.
-%% End filter example
-% Auth MySQL
-{auth_method, odbc}.
-% mysql database access, with native mysql driver
-{odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "__SECRET__"}}.
-% Host name:
-{hosts, ["domain.tld"]}.
-%% Define the maximum number of time a single user is allowed to connect:
-{max_user_sessions, 10}.
-% Default language for server messages
-{language, "fr"}.
-% Listened ports:
-{listen, [
-       % Standard port 5222 with TLS support (and required)
-       {5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper}, starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}]},
-       % Deprecated SSL port on 5223
-       {5223, ejabberd_c2s,     [{access, c2s}, tls, {certfile, "/etc/ejabberd/ejabberd.pem"}]}
-       % Uncomment this line to allow s2s connections:
-       % ,{5269, ejabberd_s2s_in,  [{shaper, s2s_shaper}, {max_stanza_size, 131072}]}
-       % Example of transport configuration
-       % ,{5347, ejabberd_service, [{host, "msn.domain.tld",
-       %         [{password, "secret"}]}]}
-]}.
-% If SRV lookup fails, then port 5269 is used to communicate with remote server
-% Uncomment this line to allow s2s connections
-% {outgoing_s2s_port, 5269}.
-% Modules
-{modules,
- [
-%  {mod_register,   [{access, register}]},
-  {mod_roster_odbc,     []},
-  {mod_privacy_odbc,    []},
-  {mod_adhoc,      []},
-  {mod_configure,  []}, % Depends on mod_adhoc
-  {mod_configure2, []},
-  {mod_disco,      []},
-  {mod_stats,      []},
-  {mod_vcard_odbc, []},
-  %% if you prefer ldap based vcard service, use the following
-  %% adapt it to your needs
-%  {mod_vcard_ldap,
-%   [
-%    {ldap_base, "ou=Users,dc=domain,dc=tld"},
-%    {ldap_filter, "(objectClass=inetOrgPerson)"},
-%    {ldap_vcard_map,
-    %% vcard patterns
-%     [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname
-%      {"GIVEN", "%s", ["givenName"]},
-%      {"FAMILY", "%s", ["sn"]},
-%      {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John"
-%      {"EMAIL", "%s", ["mail"]},
-%      {"BDAY", "%s", ["birthDay"]},
-%      {"ORGNAME", "%s", ["o"]},
-%      {"ORGUNIT", "%s", ["ou"]},
-%      {"LOCALITY", "%s", ["l"]},
-%      {"STREET", "%s", ["Street"]},
-%      {"TEL", "%s", ["Phone"]}
-%     ]},
-%    %% Search form
-%    {ldap_search_fields,
-%     [{"User", "%u"},
-%      {"Name", "givenName"},
-%      {"Family Name", "sn"},
-%      {"Email", "mail"}]},
-%    %% vCard fields to be reported
-%    %% Note that JID is always returned with search results
-%    {ldap_search_reported,
-%     [{"Full Name", "FN"},
-%      {"Nickname", "NICKNAME"}]}
-%  ]},
-%  {mod_vcard_odbc, []},
-  {mod_caps,       []},
-  {mod_offline_odbc,    []},
-  {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc
-  {mod_private_odbc,    []},
-  {mod_irc,        []},
-% Default options for mod_muc:
-%   host: "conference." ++ ?MYNAME
-%   access: all
-%   access_create: all
-%   access_admin: none (only room creator has owner privileges)
-  {mod_muc,        [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]},
-  {mod_muc_log,    []},
-  {mod_shared_roster, []},
-  {mod_pubsub,     [
-    {access_createnode, pubsub_createnode},
-    {plugins, ["flat", "hometree", "pep"]}
-  ]},
-  {mod_time,       []},
-  {mod_last_odbc,       []},
-%  {mod_xmlrpc,[{port, 4560},{timeout, 5000}]},
-  {mod_version,    []},
-  {mod_admin_extra,    []},
-%  {mod_archive_odbc, [{database_type, "mysql"},
-%                      {default_auto_save, true},
-%                      {enforce_default_auto_save, false},
-%                      {default_expire, infinity},
-%                      {enforce_min_expire, 0},
-%                      {enforce_max_expire, infinity},
-%                      {replication_expire, 31536000},
-%                      {session_duration, 1800},
-%                      {wipeout_interval, 86400}]},
-% {mod_log_chat,  [{path, "/var/log/ejabberd/chat"}, {format, text}]},
-  {mod_echo,       [{host, "echo.domain.tld"}]}
- ]}.
-%%% Local Variables:
-%%% mode: erlang
-%%% End:
-</code>
-On remplace maintenant par le mot de passe mysql pour ejabberd:
-<code bash>
-export PASS=$(cat /etc/ejabberd/db.pw)
-sed -i -e "s/__SECRET/$PASS/g" /etc/ejabberd/ejabberd.cfg
-unset PASS
-</code>
-===== Installer spectrum =====
-[[http://spectrum.im/projects/spectrum/wiki|Spectrum]] permet de fournir des passerelles (transports) entre xmpp et d'autres protocoles. Il supportes de nombreux protocoles, dont MSN. Il est disponible dans le dépôt EPEL également
-<code bash>
-yum --enablerepo=epel install spectrum
-</code>
-==== Configurer la passerelle MSN ====
-Il faut d'abord créer le fichier de configuration **/etc/spectrum/msn.cfg**
-<code>
-</code>