Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
tuto:linux_divers:installer_ejabberd_sur_centos [25/01/2011 10:50] dani créée |
tuto:linux_divers:installer_ejabberd_sur_centos [05/09/2013 17:19] (Version actuelle) |
||
---|---|---|---|
Ligne 9: | Ligne 9: | ||
===== Configuration des dépôts tiers ===== | ===== Configuration des dépôts tiers ===== | ||
- | Suivre ce [[extras_repo|how-to]] pour configurer les dépôts tiers | + | Suivre ce [[tuto: |
===== Installer Ejabberd ===== | ===== Installer Ejabberd ===== | ||
Ligne 27: | Ligne 27: | ||
<code bash> | <code bash> | ||
yum --enablerepo=fws-testing install ejabberd-modules | yum --enablerepo=fws-testing install ejabberd-modules | ||
+ | </ | ||
+ | |||
+ | ===== Préparations ===== | ||
+ | Par soucis de performance, | ||
+ | |||
+ | ==== Configuration de mysqld ==== | ||
+ | |||
+ | Ejabberd a besoin du moteur InnoDB, il faut donc l' | ||
+ | |||
+ | Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins) | ||
+ | <code bash> | ||
+ | cp -a /etc/my.cnf / | ||
+ | echo '' | ||
+ | vim /etc/my.cnf | ||
+ | </ | ||
+ | |||
+ | Puis y placer les ligne suivantes: | ||
+ | < | ||
+ | [mysqld] | ||
+ | pid-file=/ | ||
+ | basedir=/ | ||
+ | datadir=/ | ||
+ | innodb_data_home_dir = / | ||
+ | innodb_data_file_path = ibdata1: | ||
+ | innodb_log_group_home_dir = / | ||
+ | innodb_log_arch_dir = / | ||
+ | innodb_buffer_pool_size = 16M | ||
+ | innodb_additional_mem_pool_size = 2M | ||
+ | innodb_log_file_size = 5M | ||
+ | innodb_log_buffer_size = 8M | ||
+ | innodb_flush_log_at_trx_commit = 1 | ||
+ | innodb_lock_wait_timeout = 50 | ||
+ | innodb_file_per_table | ||
+ | |||
+ | socket=/ | ||
+ | # networking is enabled | ||
+ | log-error=/ | ||
+ | max_allowed_packet=16M | ||
+ | user=mysql | ||
+ | |||
+ | [mysqld_safe] | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Création d'un mot de passe root (mysql) ==== | ||
+ | |||
+ | <code bash> | ||
+ | / | ||
+ | chmod 600 ~/.my.pw | ||
+ | / | ||
+ | echo ' | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | ==== Création d'une base de donnée pour Ejabberd ==== | ||
+ | |||
+ | <code bash> | ||
+ | / | ||
+ | chmod 600 / | ||
+ | mysql -e ' | ||
+ | mysql -e "grant all privileges on ejabberd.* to ' | ||
+ | mysql -e 'flush privileges' | ||
+ | </ | ||
+ | |||
+ | ==== Importation du schéma pour Ejabberd ==== | ||
+ | |||
+ | <code bash> | ||
+ | mysql ejabberd < / | ||
</ | </ | ||
===== Configuration de de base ===== | ===== Configuration de de base ===== | ||
- | Le fichier de configuration | + | Le fichier de configuration d' |
La syntaxe est en erlang | La syntaxe est en erlang | ||
Ligne 41: | Ligne 110: | ||
{acl, admin, {user, " | {acl, admin, {user, " | ||
% {acl, admin, {user, " | % {acl, admin, {user, " | ||
+ | |||
+ | % Local users: | ||
+ | {acl, local, {user_regexp, | ||
+ | |||
+ | % Blocked users: | ||
+ | %{acl, blocked, {user, " | ||
% Everybody can create pubsub nodes | % Everybody can create pubsub nodes | ||
Ligne 49: | Ligne 124: | ||
{access, configure, [{allow, admin}]}. | {access, configure, [{allow, admin}]}. | ||
- | % Every username can be registered via in-band registration: | + | % Registration is disabled |
- | % You could replace {allow, all} with {deny, all} to prevent user from using | + | |
- | % in-band registration | + | |
{access, register, [{deny, | {access, register, [{deny, | ||
- | |||
% Only admins can send announcement messages : | % Only admins can send announcement messages : | ||
{access, announce, [{allow, admin}]}. | {access, announce, [{allow, admin}]}. | ||
+ | |||
% Only non-blocked users can use c2s connections: | % Only non-blocked users can use c2s connections: | ||
{access, c2s, [{deny, blocked}, | {access, c2s, [{deny, blocked}, | ||
Ligne 84: | Ligne 157: | ||
% Allow access only for local users: | % Allow access only for local users: | ||
{access, local, [{allow, local}]}. | {access, local, [{allow, local}]}. | ||
+ | |||
+ | |||
+ | %% Being Acls for MSN users | ||
+ | |||
+ | % This example will deny communication with MSN users, except | ||
+ | % The ones listed in good_msn_users | ||
+ | |||
+ | % Requires mod_filter | ||
+ | |||
+ | {acl, good_msn_users, | ||
+ | {acl, good_msn_users, | ||
+ | {acl, good_msn_users, | ||
+ | {acl, msn_users, {server_glob, | ||
+ | |||
+ | {access, mod_filter, [{allow, all}]}. | ||
+ | {access, mod_filter_presence, | ||
+ | {access, mod_filter_message, | ||
+ | {access, mod_filter_iq, | ||
+ | |||
+ | {access, mod_filter, [ | ||
+ | % Filter incoming messages; allow only good messages | ||
+ | {allow, good_msn_users}, | ||
+ | {deny, msn_users}, | ||
+ | % Filter the rest, including outgoing messages | ||
+ | {filter_msn, | ||
+ | ]}. | ||
+ | |||
+ | {access, filter_msn, [ | ||
+ | % Users can send messages to good MSN users | ||
+ | {allow, good_msn_users}, | ||
+ | % but not to other MSN users | ||
+ | {deny, msn_users}, | ||
+ | % All non-MSN traffic is allowed | ||
+ | {allow, all} | ||
+ | ]}. | ||
+ | |||
+ | %% End filter example | ||
% Auth MySQL | % Auth MySQL | ||
Ligne 89: | Ligne 199: | ||
% mysql database access, with native mysql driver | % mysql database access, with native mysql driver | ||
- | {odbc_server, | + | {odbc_server, |
% Host name: | % Host name: | ||
Ligne 131: | Ligne 241: | ||
{mod_disco, | {mod_disco, | ||
{mod_stats, | {mod_stats, | ||
- | {mod_vcard_ldap, | + | |
- | [ | + | %% if you prefer ldap based vcard service, use the following |
- | {ldap_base, " | + | %% adapt it to your needs |
- | {ldap_filter, | + | % |
- | {ldap_vcard_map, | + | % [ |
+ | % | ||
+ | % | ||
+ | % | ||
%% vcard patterns | %% vcard patterns | ||
- | [{" | + | % [{" |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | ]}, | + | % ]}, |
- | %% Search form | + | % %% Search form |
- | {ldap_search_fields, | + | % |
- | | + | % [{" |
- | {" | + | % |
- | {" | + | % |
- | {" | + | % |
- | %% vCard fields to be reported | + | % %% vCard fields to be reported |
- | %% Note that JID is always returned with search results | + | % %% Note that JID is always returned with search results |
- | {ldap_search_reported, | + | % |
- | | + | % [{" |
- | {" | + | % |
- | ]}, | + | % ]}, |
% {mod_vcard_odbc, | % {mod_vcard_odbc, | ||
{mod_caps, | {mod_caps, | ||
Ligne 184: | Ligne 297: | ||
{mod_version, | {mod_version, | ||
{mod_admin_extra, | {mod_admin_extra, | ||
- | | + | % {mod_archive_odbc, |
+ | % {default_auto_save, | ||
+ | % {enforce_default_auto_save, | ||
+ | % {default_expire, | ||
+ | % {enforce_min_expire, | ||
+ | % {enforce_max_expire, | ||
+ | % {replication_expire, | ||
+ | % {session_duration, | ||
+ | % {wipeout_interval, | ||
+ | % {mod_log_chat, | ||
+ | |||
+ | |||
+ | | ||
]}. | ]}. | ||
Ligne 193: | Ligne 318: | ||
</ | </ | ||
+ | On remplace maintenant par le mot de passe mysql pour ejabberd: | ||
+ | <code bash> | ||
+ | export PASS=$(cat / | ||
+ | sed -i -e " | ||
+ | unset PASS | ||
+ | </ | ||
+ | |||
+ | ===== Installer spectrum ===== | ||
+ | [[http:// | ||
+ | |||
+ | <code bash> | ||
+ | yum --enablerepo=epel install spectrum | ||
+ | </ | ||
+ | |||
+ | ==== Configurer la passerelle MSN ==== | ||
+ | |||
+ | Il faut d' | ||
+ | < | ||
+ | [service] | ||
+ | # enable this spectrum instance | ||
+ | enable=1 | ||
+ | |||
+ | # one of: aim, facebook, gg, icq, irc, msn, myspace, qq, simple, xmpp, yahoo | ||
+ | protocol=msn | ||
+ | |||
+ | # component ip | ||
+ | server=127.0.0.1 | ||
+ | |||
+ | # if use_proxy is 1, the http_proxy env var will be used as the proxy server | ||
+ | # for example export http_proxy=" | ||
+ | use_proxy=0 | ||
+ | |||
+ | # component JID | ||
+ | jid=$protocol.domain.tld | ||
+ | |||
+ | # component secret | ||
+ | password=secret | ||
+ | |||
+ | # component port | ||
+ | port=5347 | ||
+ | |||
+ | config_interface = / | ||
+ | |||
+ | # IP:port where filetransfer proxy binds to. This has to be public IP. | ||
+ | # | ||
+ | |||
+ | # IP:port which will be sent in filetransfer request as stream host. | ||
+ | # | ||
+ | |||
+ | # admin JIDs - Jabber IDs of transport administrators who have access to admin adhoc commands | ||
+ | # separated by semicolons | ||
+ | # | ||
+ | |||
+ | # directory where downloaded files will be saved | ||
+ | filetransfer_cache=/ | ||
+ | |||
+ | # URL used to acces filestransfer_cache directory from the web. | ||
+ | filetransfer_web=http:// | ||
+ | |||
+ | # name of transport (this will appear in service discovery) | ||
+ | name=MSN Transport | ||
+ | |||
+ | # default language | ||
+ | language=fr | ||
+ | |||
+ | # transport features separated by semicolons | ||
+ | # combination of: avatars, chatstate, filetransfer | ||
+ | # if commented, all features will be used | ||
+ | # This variable is DEPRECATED and will be removed in future versions. Use [features] instead. | ||
+ | # | ||
+ | |||
+ | # if vip_mode is 1, users are divided to 2 groups according to ' | ||
+ | vip_mode=0 | ||
+ | |||
+ | # if vip_mode is 1, you can set transport to be availabe only for VIP users by setting only_for_vip to 1. | ||
+ | only_for_vip=0 | ||
+ | |||
+ | # if vip_mode is 1 and only_for_vip is 1, users can connect from these servers even they are not VIP. | ||
+ | # This feature is useful, if you want to enable transport only for users from your server, but also want | ||
+ | # to give access to VIP users from other servers (for example from GTalk) | ||
+ | # seperated by semicolons | ||
+ | allowed_servers=localhost; | ||
+ | |||
+ | # transport features separated by semicolons which will be used for VIP users. | ||
+ | # combination of: avatars, chatstate, filetransfer | ||
+ | # if commented, all features will be used | ||
+ | # This variable is DEPRECATED and will be removed in future versions. | ||
+ | # | ||
+ | |||
+ | # pid file | ||
+ | pid_file=/ | ||
+ | |||
+ | # require_tls to connect legacy network | ||
+ | # | ||
+ | |||
+ | # Eventloop used by Spectrum. Allows to change default use of poll to epoll, | ||
+ | # which should be faster and handles more connections better. | ||
+ | # WARNING: some 3rd party libpurple protocol plugins are not prepared to be | ||
+ | # used with different eventloop, but protocols included in libpurple by default | ||
+ | # works OK. | ||
+ | # | ||
+ | |||
+ | [registration] | ||
+ | # Set to 0 to disable transport registration to everyone except | ||
+ | # people from host from allowed_servers list. | ||
+ | enable_public_registration=0 | ||
+ | |||
+ | # You can override username registered by transport user. This is useful | ||
+ | # for example if you want to let users to register only their Facebook name | ||
+ | # and internally connect them to facebook_name@chat.facebook.com. | ||
+ | # $username variable is replaced by username which has been registered | ||
+ | # by particular user. | ||
+ | # | ||
+ | |||
+ | # This option allows you to white-list newly created accounts according | ||
+ | # to regexp. for example allowed_usernames=*.\.gmail\.com$ will allow only | ||
+ | # GTalk users to register. If you use username_mask, | ||
+ | # applied before this option. | ||
+ | allowed_usernames=*.\.firewall-services\.com$ | ||
+ | |||
+ | # Label used to described username field in registration form | ||
+ | # | ||
+ | |||
+ | # This variable overrides default instructions text in registration form. | ||
+ | # | ||
+ | |||
+ | # Transport features, all features are enabled by default. | ||
+ | [features] | ||
+ | # | ||
+ | #avatars=1 | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # Transport features for VIP users, all features are enabled by default. | ||
+ | [vip-features] | ||
+ | # | ||
+ | #avatars=1 | ||
+ | # | ||
+ | |||
+ | [logging] | ||
+ | # log file, needs to be unique for each spectrum instance | ||
+ | log_file=/ | ||
+ | |||
+ | # log areas | ||
+ | # combination of: xml, purple | ||
+ | log_areas=xml; | ||
+ | |||
+ | [database] | ||
+ | # mysql or sqlite | ||
+ | type=sqlite | ||
+ | |||
+ | # hostname (not needed for sqlite) | ||
+ | # | ||
+ | |||
+ | # username (not needed for sqlite) | ||
+ | #user=user | ||
+ | |||
+ | # password (not needed for sqlite) | ||
+ | # | ||
+ | # sqlite: set path to database file here | ||
+ | # mysql: set to name of database | ||
+ | database=/ | ||
+ | # table prefix for multiple transport instances sharing the same database | ||
+ | # | ||
+ | |||
+ | [purple] | ||
+ | # avatar, vcard, roster storage | ||
+ | # needs to be unique for each spectrum instance | ||
+ | userdir=/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | Puis, il faut démarrer spectrum: | ||
+ | <code bash> | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Les logs d' | ||
+ | ===== Activer les services ===== | ||
+ | Une fois que tout est fonctionnel, | ||
+ | |||
+ | <code bash> | ||
+ | chkconfig ejabberd on | ||
+ | chkconfig mysqld on | ||
+ | chkconfig spectrum on | ||
+ | </ |