Différences
Ci-dessous, les différences entre deux révisions de la page.
tuto:linux_divers:installer_ejabberd_sur_centos [02/09/2013 15:59] 127.0.0.1 modification externe |
tuto:linux_divers:installer_ejabberd_sur_centos [05/09/2013 17:19] |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | ====== Installation d' | ||
- | Ejabberd est un serveur xmpp (jabber) robuste, écrit en erlang. Ce how-to décrit l' | ||
- | |||
- | ===== Installation d'une CentOS de base ===== | ||
- | |||
- | Suivre ce [[base_install_cos5|how-to]] pour l' | ||
- | |||
- | ===== Configuration des dépôts tiers ===== | ||
- | |||
- | Suivre ce [[tuto: | ||
- | |||
- | ===== Installer Ejabberd ===== | ||
- | |||
- | Le dépôt EPEL propose un paquet pour Ejabberd | ||
- | |||
- | <code bash> | ||
- | yum --enablerepo=epel install ejabberd | ||
- | </ | ||
- | |||
- | On peut aussi installer le serveur mysql pour le stockage des données | ||
- | <code bash> | ||
- | yum install mysql-server | ||
- | </ | ||
- | |||
- | Ainsi que les modules supplémentaires pour Ejabberd (intégrant entre autre le driver mysql natif) | ||
- | <code bash> | ||
- | yum --enablerepo=fws-testing install ejabberd-modules | ||
- | </ | ||
- | |||
- | ===== Préparations ===== | ||
- | Par soucis de performance, | ||
- | |||
- | ==== Configuration de mysqld ==== | ||
- | |||
- | Ejabberd a besoin du moteur InnoDB, il faut donc l' | ||
- | |||
- | Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins) | ||
- | <code bash> | ||
- | cp -a /etc/my.cnf / | ||
- | echo '' | ||
- | vim /etc/my.cnf | ||
- | </ | ||
- | |||
- | Puis y placer les ligne suivantes: | ||
- | < | ||
- | [mysqld] | ||
- | pid-file=/ | ||
- | basedir=/ | ||
- | datadir=/ | ||
- | innodb_data_home_dir = / | ||
- | innodb_data_file_path = ibdata1: | ||
- | innodb_log_group_home_dir = / | ||
- | innodb_log_arch_dir = / | ||
- | innodb_buffer_pool_size = 16M | ||
- | innodb_additional_mem_pool_size = 2M | ||
- | innodb_log_file_size = 5M | ||
- | innodb_log_buffer_size = 8M | ||
- | innodb_flush_log_at_trx_commit = 1 | ||
- | innodb_lock_wait_timeout = 50 | ||
- | innodb_file_per_table | ||
- | |||
- | socket=/ | ||
- | # networking is enabled | ||
- | log-error=/ | ||
- | max_allowed_packet=16M | ||
- | user=mysql | ||
- | |||
- | [mysqld_safe] | ||
- | |||
- | |||
- | </ | ||
- | |||
- | ==== Création d'un mot de passe root (mysql) ==== | ||
- | |||
- | <code bash> | ||
- | / | ||
- | chmod 600 ~/.my.pw | ||
- | / | ||
- | echo ' | ||
- | echo " | ||
- | </ | ||
- | |||
- | ==== Création d'une base de donnée pour Ejabberd ==== | ||
- | |||
- | <code bash> | ||
- | / | ||
- | chmod 600 / | ||
- | mysql -e ' | ||
- | mysql -e "grant all privileges on ejabberd.* to ' | ||
- | mysql -e 'flush privileges' | ||
- | </ | ||
- | |||
- | ==== Importation du schéma pour Ejabberd ==== | ||
- | |||
- | <code bash> | ||
- | mysql ejabberd < / | ||
- | </ | ||
- | |||
- | ===== Configuration de de base ===== | ||
- | Le fichier de configuration d' | ||
- | La syntaxe est en erlang | ||
- | |||
- | Voici un exemple: | ||
- | |||
- | <code erlang> | ||
- | |||
- | % Users that have admin access. | ||
- | % will be successfully registered on server to get admin access: | ||
- | {acl, admin, {user, " | ||
- | % {acl, admin, {user, " | ||
- | |||
- | % Local users: | ||
- | {acl, local, {user_regexp, | ||
- | |||
- | % Blocked users: | ||
- | %{acl, blocked, {user, " | ||
- | |||
- | % Everybody can create pubsub nodes | ||
- | {access, pubsub_createnode, | ||
- | |||
- | |||
- | % Only admins can use configuration interface: | ||
- | {access, configure, [{allow, admin}]}. | ||
- | |||
- | % Registration is disabled | ||
- | {access, register, [{deny, | ||
- | |||
- | % Only admins can send announcement messages : | ||
- | {access, announce, [{allow, admin}]}. | ||
- | |||
- | % Only non-blocked users can use c2s connections: | ||
- | {access, c2s, [{deny, blocked}, | ||
- | | ||
- | |||
- | % Set shaper with name " | ||
- | {shaper, normal, {maxrate, 1000}}. | ||
- | |||
- | % Set shaper with name " | ||
- | {shaper, fast, {maxrate, 50000}}. | ||
- | |||
- | % For all users except admins used " | ||
- | {access, c2s_shaper, [{none, admin}, | ||
- | {normal, all}]}. | ||
- | |||
- | % For all S2S connections used " | ||
- | {access, s2s_shaper, [{fast, all}]}. | ||
- | |||
- | % Admins of this server are also admins of MUC service: | ||
- | {access, muc_admin, [{allow, admin}]}. | ||
- | |||
- | % All users are allowed to use MUC service: | ||
- | {access, muc, [{allow, all}]}. | ||
- | {access, muc_log, [{allow, admin}, {deny, all}]}. | ||
- | |||
- | |||
- | % Allow access only for local users: | ||
- | {access, local, [{allow, local}]}. | ||
- | |||
- | |||
- | %% Being Acls for MSN users | ||
- | |||
- | % This example will deny communication with MSN users, except | ||
- | % The ones listed in good_msn_users | ||
- | |||
- | % Requires mod_filter | ||
- | |||
- | {acl, good_msn_users, | ||
- | {acl, good_msn_users, | ||
- | {acl, good_msn_users, | ||
- | {acl, msn_users, {server_glob, | ||
- | |||
- | {access, mod_filter, [{allow, all}]}. | ||
- | {access, mod_filter_presence, | ||
- | {access, mod_filter_message, | ||
- | {access, mod_filter_iq, | ||
- | |||
- | {access, mod_filter, [ | ||
- | % Filter incoming messages; allow only good messages | ||
- | {allow, good_msn_users}, | ||
- | {deny, msn_users}, | ||
- | % Filter the rest, including outgoing messages | ||
- | {filter_msn, | ||
- | ]}. | ||
- | |||
- | {access, filter_msn, [ | ||
- | % Users can send messages to good MSN users | ||
- | {allow, good_msn_users}, | ||
- | % but not to other MSN users | ||
- | {deny, msn_users}, | ||
- | % All non-MSN traffic is allowed | ||
- | {allow, all} | ||
- | ]}. | ||
- | |||
- | %% End filter example | ||
- | |||
- | % Auth MySQL | ||
- | {auth_method, | ||
- | |||
- | % mysql database access, with native mysql driver | ||
- | {odbc_server, | ||
- | |||
- | % Host name: | ||
- | {hosts, [" | ||
- | |||
- | |||
- | %% Define the maximum number of time a single user is allowed to connect: | ||
- | {max_user_sessions, | ||
- | |||
- | % Default language for server messages | ||
- | {language, " | ||
- | |||
- | % Listened ports: | ||
- | {listen, [ | ||
- | % Standard port 5222 with TLS support (and required) | ||
- | | ||
- | % Deprecated SSL port on 5223 | ||
- | | ||
- | |||
- | % Uncomment this line to allow s2s connections: | ||
- | % ,{5269, ejabberd_s2s_in, | ||
- | |||
- | % Example of transport configuration | ||
- | % ,{5347, ejabberd_service, | ||
- | | ||
- | ]}. | ||
- | |||
- | % If SRV lookup fails, then port 5269 is used to communicate with remote server | ||
- | % Uncomment this line to allow s2s connections | ||
- | % {outgoing_s2s_port, | ||
- | |||
- | % Modules | ||
- | {modules, | ||
- | | ||
- | % {mod_register, | ||
- | {mod_roster_odbc, | ||
- | {mod_privacy_odbc, | ||
- | {mod_adhoc, | ||
- | {mod_configure, | ||
- | {mod_configure2, | ||
- | {mod_disco, | ||
- | {mod_stats, | ||
- | {mod_vcard_odbc, | ||
- | %% if you prefer ldap based vcard service, use the following | ||
- | %% adapt it to your needs | ||
- | % {mod_vcard_ldap, | ||
- | % [ | ||
- | % {ldap_base, " | ||
- | % {ldap_filter, | ||
- | % {ldap_vcard_map, | ||
- | %% vcard patterns | ||
- | % | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % ]}, | ||
- | % %% Search form | ||
- | % {ldap_search_fields, | ||
- | % | ||
- | % {" | ||
- | % {" | ||
- | % {" | ||
- | % %% vCard fields to be reported | ||
- | % %% Note that JID is always returned with search results | ||
- | % {ldap_search_reported, | ||
- | % | ||
- | % {" | ||
- | % ]}, | ||
- | % {mod_vcard_odbc, | ||
- | {mod_caps, | ||
- | {mod_offline_odbc, | ||
- | {mod_announce, | ||
- | {mod_private_odbc, | ||
- | {mod_irc, | ||
- | % Default options for mod_muc: | ||
- | % host: " | ||
- | % | ||
- | % | ||
- | % | ||
- | {mod_muc, | ||
- | {mod_muc_log, | ||
- | {mod_shared_roster, | ||
- | {mod_pubsub, | ||
- | {access_createnode, | ||
- | {plugins, [" | ||
- | ]}, | ||
- | {mod_time, | ||
- | {mod_last_odbc, | ||
- | % {mod_xmlrpc, | ||
- | {mod_version, | ||
- | {mod_admin_extra, | ||
- | % {mod_archive_odbc, | ||
- | % {default_auto_save, | ||
- | % {enforce_default_auto_save, | ||
- | % {default_expire, | ||
- | % {enforce_min_expire, | ||
- | % {enforce_max_expire, | ||
- | % {replication_expire, | ||
- | % {session_duration, | ||
- | % {wipeout_interval, | ||
- | % {mod_log_chat, | ||
- | |||
- | |||
- | {mod_echo, | ||
- | ]}. | ||
- | |||
- | %%% Local Variables: | ||
- | %%% mode: erlang | ||
- | %%% End: | ||
- | |||
- | </ | ||
- | |||
- | On remplace maintenant par le mot de passe mysql pour ejabberd: | ||
- | <code bash> | ||
- | export PASS=$(cat / | ||
- | sed -i -e " | ||
- | unset PASS | ||
- | </ | ||
- | |||
- | ===== Installer spectrum ===== | ||
- | [[http:// | ||
- | |||
- | <code bash> | ||
- | yum --enablerepo=epel install spectrum | ||
- | </ | ||
- | |||
- | ==== Configurer la passerelle MSN ==== | ||
- | |||
- | Il faut d' | ||
- | < | ||
- | [service] | ||
- | # enable this spectrum instance | ||
- | enable=1 | ||
- | |||
- | # one of: aim, facebook, gg, icq, irc, msn, myspace, qq, simple, xmpp, yahoo | ||
- | protocol=msn | ||
- | |||
- | # component ip | ||
- | server=127.0.0.1 | ||
- | |||
- | # if use_proxy is 1, the http_proxy env var will be used as the proxy server | ||
- | # for example export http_proxy=" | ||
- | use_proxy=0 | ||
- | |||
- | # component JID | ||
- | jid=$protocol.domain.tld | ||
- | |||
- | # component secret | ||
- | password=secret | ||
- | |||
- | # component port | ||
- | port=5347 | ||
- | |||
- | config_interface = / | ||
- | |||
- | # IP:port where filetransfer proxy binds to. This has to be public IP. | ||
- | # | ||
- | |||
- | # IP:port which will be sent in filetransfer request as stream host. | ||
- | # | ||
- | |||
- | # admin JIDs - Jabber IDs of transport administrators who have access to admin adhoc commands | ||
- | # separated by semicolons | ||
- | # | ||
- | |||
- | # directory where downloaded files will be saved | ||
- | filetransfer_cache=/ | ||
- | |||
- | # URL used to acces filestransfer_cache directory from the web. | ||
- | filetransfer_web=http:// | ||
- | |||
- | # name of transport (this will appear in service discovery) | ||
- | name=MSN Transport | ||
- | |||
- | # default language | ||
- | language=fr | ||
- | |||
- | # transport features separated by semicolons | ||
- | # combination of: avatars, chatstate, filetransfer | ||
- | # if commented, all features will be used | ||
- | # This variable is DEPRECATED and will be removed in future versions. Use [features] instead. | ||
- | # | ||
- | |||
- | # if vip_mode is 1, users are divided to 2 groups according to ' | ||
- | vip_mode=0 | ||
- | |||
- | # if vip_mode is 1, you can set transport to be availabe only for VIP users by setting only_for_vip to 1. | ||
- | only_for_vip=0 | ||
- | |||
- | # if vip_mode is 1 and only_for_vip is 1, users can connect from these servers even they are not VIP. | ||
- | # This feature is useful, if you want to enable transport only for users from your server, but also want | ||
- | # to give access to VIP users from other servers (for example from GTalk) | ||
- | # seperated by semicolons | ||
- | allowed_servers=localhost; | ||
- | |||
- | # transport features separated by semicolons which will be used for VIP users. | ||
- | # combination of: avatars, chatstate, filetransfer | ||
- | # if commented, all features will be used | ||
- | # This variable is DEPRECATED and will be removed in future versions. | ||
- | # | ||
- | |||
- | # pid file | ||
- | pid_file=/ | ||
- | |||
- | # require_tls to connect legacy network | ||
- | # | ||
- | |||
- | # Eventloop used by Spectrum. Allows to change default use of poll to epoll, | ||
- | # which should be faster and handles more connections better. | ||
- | # WARNING: some 3rd party libpurple protocol plugins are not prepared to be | ||
- | # used with different eventloop, but protocols included in libpurple by default | ||
- | # works OK. | ||
- | # | ||
- | |||
- | [registration] | ||
- | # Set to 0 to disable transport registration to everyone except | ||
- | # people from host from allowed_servers list. | ||
- | enable_public_registration=0 | ||
- | |||
- | # You can override username registered by transport user. This is useful | ||
- | # for example if you want to let users to register only their Facebook name | ||
- | # and internally connect them to facebook_name@chat.facebook.com. | ||
- | # $username variable is replaced by username which has been registered | ||
- | # by particular user. | ||
- | # | ||
- | |||
- | # This option allows you to white-list newly created accounts according | ||
- | # to regexp. for example allowed_usernames=*.\.gmail\.com$ will allow only | ||
- | # GTalk users to register. If you use username_mask, | ||
- | # applied before this option. | ||
- | allowed_usernames=*.\.firewall-services\.com$ | ||
- | |||
- | # Label used to described username field in registration form | ||
- | # | ||
- | |||
- | # This variable overrides default instructions text in registration form. | ||
- | # | ||
- | |||
- | # Transport features, all features are enabled by default. | ||
- | [features] | ||
- | # | ||
- | #avatars=1 | ||
- | # | ||
- | # | ||
- | |||
- | # Transport features for VIP users, all features are enabled by default. | ||
- | [vip-features] | ||
- | # | ||
- | #avatars=1 | ||
- | # | ||
- | |||
- | [logging] | ||
- | # log file, needs to be unique for each spectrum instance | ||
- | log_file=/ | ||
- | |||
- | # log areas | ||
- | # combination of: xml, purple | ||
- | log_areas=xml; | ||
- | |||
- | [database] | ||
- | # mysql or sqlite | ||
- | type=sqlite | ||
- | |||
- | # hostname (not needed for sqlite) | ||
- | # | ||
- | |||
- | # username (not needed for sqlite) | ||
- | #user=user | ||
- | |||
- | # password (not needed for sqlite) | ||
- | # | ||
- | # sqlite: set path to database file here | ||
- | # mysql: set to name of database | ||
- | database=/ | ||
- | # table prefix for multiple transport instances sharing the same database | ||
- | # | ||
- | |||
- | [purple] | ||
- | # avatar, vcard, roster storage | ||
- | # needs to be unique for each spectrum instance | ||
- | userdir=/ | ||
- | |||
- | </ | ||
- | |||
- | Puis, il faut démarrer spectrum: | ||
- | <code bash> | ||
- | / | ||
- | </ | ||
- | |||
- | Les logs d' | ||
- | ===== Activer les services ===== | ||
- | Une fois que tout est fonctionnel, | ||
- | |||
- | <code bash> | ||
- | chkconfig ejabberd on | ||
- | chkconfig mysqld on | ||
- | chkconfig spectrum on | ||
- | </ |