tuto:linux_divers:installer_ejabberd_sur_centos

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision 		Révision précédente
tuto:linux_divers:installer_ejabberd_sur_centos [25/01/2011 10:50]
dani créée 		tuto:linux_divers:installer_ejabberd_sur_centos [05/09/2013 17:19] (Version actuelle)
Ligne 9: Ligne 9:
 ===== Configuration des dépôts tiers ===== ===== Configuration des dépôts tiers =====
  
-Suivre ce [[extras_repo|how-to]] pour configurer les dépôts tiers+Suivre ce [[tuto:ipasserelle:divers:extras_repo|how-to]] pour configurer les dépôts tiers
  
 ===== Installer Ejabberd ===== ===== Installer Ejabberd =====
Ligne 27: Ligne 27:
 <code bash> <code bash>
 yum --enablerepo=fws-testing install ejabberd-modules yum --enablerepo=fws-testing install ejabberd-modules
 +</code>
 +
 +===== Préparations =====
 +Par soucis de performance, et de facilité d'administration, nous allons utiliser une base MySQL pour stocker les informations relatives au serveur jabber (par défaut, Ejabberd utilise une base Mnesia, fournit par erlang)
 +
 +==== Configuration de mysqld ====
 +
 +Ejabberd a besoin du moteur InnoDB, il faut donc l'activer. Il faut aussi activer l'écoute sur le réseau (Ejabberd ne sachant pas communiquer avec un socket UNIX)
 +
 +Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins)
 +<code bash>
 +cp -a /etc/my.cnf /etc/my.cnf.default
 +echo '' > /etc/my.cnf
 +vim /etc/my.cnf
 +</code>
 +
 +Puis y placer les ligne suivantes:
 +<code>
 +[mysqld]
 +pid-file=/var/run/mysqld/mysqld.pid
 +basedir=/usr
 +datadir=/var/lib/mysql
 +innodb_data_home_dir = /var/lib/mysql/
 +innodb_data_file_path = ibdata1:10M:autoextend
 +innodb_log_group_home_dir = /var/lib/mysql/
 +innodb_log_arch_dir = /var/lib/mysql/
 +innodb_buffer_pool_size = 16M
 +innodb_additional_mem_pool_size = 2M
 +innodb_log_file_size = 5M
 +innodb_log_buffer_size = 8M
 +innodb_flush_log_at_trx_commit = 1
 +innodb_lock_wait_timeout = 50
 +innodb_file_per_table
 +
 +socket=/var/lib/mysql/mysql.sock
 +# networking is enabled
 +log-error=/var/log/mysqld.log
 +max_allowed_packet=16M
 +user=mysql
 +
 +[mysqld_safe]
 +
 +
 +</code>
 +
 +==== Création d'un mot de passe root (mysql) ====
 +
 +<code bash>
 +/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' > ~/.my.pw
 +chmod 600 ~/.my.pw
 +/usr/bin/mysqladmin -u root password $(cat ~/.my.pw)
 +echo '[client]' > ~/.my.cnf
 +echo "password="$(cat ~/.my.pw) >> ~/.my.cnf
 +</code>
 +
 +==== Création d'une base de donnée pour Ejabberd ====
 +
 +<code bash>
 +/usr/bin/openssl rand -base64 50 | tr -c -d '[:alnum:]' > /etc/ejabberd/db.pw
 +chmod 600 /etc/ejabberd/db.pw
 +mysql -e 'create database ejabberd'
 +mysql -e "grant all privileges on ejabberd.* to 'ejabberd'@'localhost' identified by $(cat /etc/ejabberd/db.pw)"
 +mysql -e 'flush privileges'
 +</code>
 +
 +==== Importation du schéma pour Ejabberd ====
 +
 +<code bash>
 +mysql ejabberd < /usr/share/doc/ejabberd-modules-0.1/mysql.sql
 </code> </code>
  
 ===== Configuration de de base ===== ===== Configuration de de base =====
-Le fichier de configuration principal d'Ejabberd est **/etc/ejabberd/ejabberd.cfg**+Le fichier de configuration d'Ejabberd est **/etc/ejabberd/ejabberd.cfg**
 La syntaxe est en erlang La syntaxe est en erlang
  
Ligne 41: Ligne 110:
 {acl, admin, {user, "admin"}}. {acl, admin, {user, "admin"}}.
 % {acl, admin, {user, "user1"}}. % {acl, admin, {user, "user1"}}.
 +
 +% Local users:
 +{acl, local, {user_regexp, ""}}.
 +
 +% Blocked users:
 +%{acl, blocked, {user, "test"}}.
  
 % Everybody can create pubsub nodes % Everybody can create pubsub nodes
Ligne 49: Ligne 124:
 {access, configure, [{allow, admin}]}. {access, configure, [{allow, admin}]}.
  
-Every username can be registered via in-band registration: +Registration is disabled
-% You could replace {allow, all} with {deny, all} to prevent user from using +
-% in-band registration+
 {access, register, [{deny,all}]}. {access, register, [{deny,all}]}.
- 
  
 % Only admins can send announcement messages : % Only admins can send announcement messages :
 {access, announce, [{allow, admin}]}. {access, announce, [{allow, admin}]}.
 +
 % Only non-blocked users can use c2s connections: % Only non-blocked users can use c2s connections:
 {access, c2s, [{deny, blocked}, {access, c2s, [{deny, blocked},
Ligne 84: Ligne 157:
 % Allow access only for local users: % Allow access only for local users:
 {access, local, [{allow, local}]}. {access, local, [{allow, local}]}.
 +
 +
 +%% Being Acls for MSN users
 +
 +% This example will deny communication with MSN users, except
 +% The ones listed in good_msn_users
 +
 +% Requires mod_filter
 +
 +{acl, good_msn_users, {user, "user1\\40hotmail.com", "msn.domain.tld"}}.
 +{acl, good_msn_users, {user, "user2\\40hotmail.fr", "msn.domain.tld"}}.
 +{acl, good_msn_users, {user, "", "msn.domain.tld"}}.
 +{acl, msn_users, {server_glob, "msn*"}}.
 +
 +{access, mod_filter, [{allow, all}]}.
 +{access, mod_filter_presence, [{allow, all}]}.
 +{access, mod_filter_message, [{allow, all}]}.
 +{access, mod_filter_iq, [{allow, all}]}.
 +
 +{access, mod_filter, [
 +  % Filter incoming messages; allow only good messages
 +  {allow, good_msn_users},
 +  {deny, msn_users},
 +  % Filter the rest, including outgoing messages
 +  {filter_msn, all}
 +]}.
 +
 +{access, filter_msn, [
 +  % Users can send messages to good MSN users
 +  {allow, good_msn_users},
 +  % but not to other MSN users
 +  {deny, msn_users},
 +  % All non-MSN traffic is allowed
 +  {allow, all}
 +]}.
 +
 +%% End filter example
  
 % Auth MySQL % Auth MySQL
Ligne 89: Ligne 199:
  
 % mysql database access, with native mysql driver % mysql database access, with native mysql driver
-{odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "secret"}}.+{odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "__SECRET__"}}.
  
 % Host name: % Host name:
Ligne 131: Ligne 241:
   {mod_disco,      []},   {mod_disco,      []},
   {mod_stats,      []},   {mod_stats,      []},
-  {mod_vcard_ldap, +  {mod_vcard_odbc, []}, 
-   [ +  %% if you prefer ldap based vcard service, use the following 
-    {ldap_base, "ou=Users,$base"}, +  %% adapt it to your needs 
-    {ldap_filter, "(objectClass=inetOrgPerson)"}, +%  {mod_vcard_ldap, 
-    {ldap_vcard_map,+  [ 
 +   {ldap_base, "ou=Users,dc=domain,dc=tld"}, 
 +   {ldap_filter, "(objectClass=inetOrgPerson)"}, 
 +   {ldap_vcard_map,
     %% vcard patterns     %% vcard patterns
-     [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname +%     [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname 
-      {"GIVEN", "%s", ["givenName"]}, +     {"GIVEN", "%s", ["givenName"]}, 
-      {"FAMILY", "%s", ["sn"]}, +     {"FAMILY", "%s", ["sn"]}, 
-      {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John" +     {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John" 
-      {"EMAIL", "%s", ["mail"]}, +     {"EMAIL", "%s", ["mail"]}, 
-      {"BDAY", "%s", ["birthDay"]}, +     {"BDAY", "%s", ["birthDay"]}, 
-      {"ORGNAME", "%s", ["o"]}, +     {"ORGNAME", "%s", ["o"]}, 
-      {"ORGUNIT", "%s", ["ou"]}, +     {"ORGUNIT", "%s", ["ou"]}, 
-      {"LOCALITY", "%s", ["l"]}, +     {"LOCALITY", "%s", ["l"]}, 
-      {"STREET", "%s", ["Street"]}, +     {"STREET", "%s", ["Street"]}, 
-      {"TEL", "%s", ["Phone"]} +     {"TEL", "%s", ["Phone"]} 
-     ]}, +    ]}, 
-    %% Search form +   %% Search form 
-    {ldap_search_fields, +   {ldap_search_fields, 
-     [{"User", "%u"}, +    [{"User", "%u"}, 
-      {"Name", "givenName"}, +     {"Name", "givenName"}, 
-      {"Family Name", "sn"}, +     {"Family Name", "sn"}, 
-      {"Email", "mail"}]}, +     {"Email", "mail"}]}, 
-    %% vCard fields to be reported +   %% vCard fields to be reported 
-    %% Note that JID is always returned with search results +   %% Note that JID is always returned with search results 
-    {ldap_search_reported, +   {ldap_search_reported, 
-     [{"Full Name", "FN"}, +    [{"Full Name", "FN"}, 
-      {"Nickname", "NICKNAME"}]} +     {"Nickname", "NICKNAME"}]} 
-  ]},+ ]},
 %  {mod_vcard_odbc, []}, %  {mod_vcard_odbc, []},
   {mod_caps,       []},   {mod_caps,       []},
Ligne 184: Ligne 297:
   {mod_version,    []},   {mod_version,    []},
   {mod_admin_extra,    []},   {mod_admin_extra,    []},
-  {mod_echo,       [{host, "echo.lapiole.org"}]}+%  {mod_archive_odbc, [{database_type, "mysql"}, 
 +%                      {default_auto_save, true}, 
 +%                      {enforce_default_auto_save, false}, 
 +%                      {default_expire, infinity}, 
 +%                      {enforce_min_expire, 0}, 
 +%                      {enforce_max_expire, infinity}, 
 +%                      {replication_expire, 31536000}, 
 +%                      {session_duration, 1800}, 
 +%                      {wipeout_interval, 86400}]}, 
 +% {mod_log_chat,  [{path, "/var/log/ejabberd/chat"}, {format, text}]}, 
 + 
 + 
 +  {mod_echo,       [{host, "echo.domain.tld"}]}
  ]}.  ]}.
  
Ligne 193: Ligne 318:
 </code> </code>
  
 +On remplace maintenant par le mot de passe mysql pour ejabberd:
 +<code bash>
 +export PASS=$(cat /etc/ejabberd/db.pw)
 +sed -i -e "s/__SECRET/$PASS/g" /etc/ejabberd/ejabberd.cfg
 +unset PASS
 +</code>
 +
 +===== Installer spectrum =====
 +[[http://spectrum.im/projects/spectrum/wiki|Spectrum]] permet de fournir des passerelles (transports) entre xmpp et d'autres protocoles. Il supportes de nombreux protocoles, dont MSN. Il est disponible dans le dépôt EPEL également
 +
 +<code bash>
 +yum --enablerepo=epel install spectrum
 +</code>
 +
 +==== Configurer la passerelle MSN ====
 +
 +Il faut d'abord créer le fichier de configuration **/etc/spectrum/msn.cfg**
 +<code>
 +[service]
 +# enable this spectrum instance
 +enable=1
 +
 +# one of: aim, facebook, gg, icq, irc, msn, myspace, qq, simple, xmpp, yahoo
 +protocol=msn
 +
 +# component ip
 +server=127.0.0.1
 +
 +# if use_proxy is 1, the http_proxy env var will be used as the proxy server
 +# for example export http_proxy="http://user:passwd@your.proxy.server:port/"
 +use_proxy=0
 +
 +# component JID
 +jid=$protocol.domain.tld
 +
 +# component secret
 +password=secret
 +
 +# component port
 +port=5347
 +
 +config_interface = /var/run/spectrum/$jid.sock
 +
 +# IP:port where filetransfer proxy binds to. This has to be public IP.
 +#filetransfer_bind_address=192.0.2.1:12345
 +
 +# IP:port which will be sent in filetransfer request as stream host.
 +#filetransfer_public_address=192.0.2.1:12345
 +
 +# admin JIDs - Jabber IDs of transport administrators who have access to admin adhoc commands
 +# separated by semicolons
 +#admins=admin@example.com;foo@bar.cz
 +
 +# directory where downloaded files will be saved
 +filetransfer_cache=/var/lib/spectrum/filetransfer_cache
 +
 +# URL used to acces filestransfer_cache directory from the web.
 +filetransfer_web=http://example.com/files/
 +
 +# name of transport (this will appear in service discovery)
 +name=MSN Transport
 +
 +# default language
 +language=fr
 +
 +# transport features separated by semicolons
 +# combination of: avatars, chatstate, filetransfer
 +# if commented, all features will be used
 +# This variable is DEPRECATED and will be removed in future versions. Use [features] instead.
 +#transport_features = avatars;chatstate;filetransfer
 +
 +# if vip_mode is 1, users are divided to 2 groups according to 'vip' database field
 +vip_mode=0
 +
 +# if vip_mode is 1, you can set transport to be availabe only for VIP users by setting only_for_vip to 1.
 +only_for_vip=0
 +
 +# if vip_mode is 1 and only_for_vip is 1, users can connect from these servers even they are not VIP.
 +# This feature is useful, if you want to enable transport only for users from your server, but also want
 +# to give access to VIP users from other servers (for example from GTalk)
 +# seperated by semicolons
 +allowed_servers=localhost;domain.tld
 +
 +# transport features separated by semicolons which will be used for VIP users.
 +# combination of: avatars, chatstate, filetransfer
 +# if commented, all features will be used
 +# This variable is DEPRECATED and will be removed in future versions.  Use [vip-features] instead.
 +#vip_features = avatars;chatstate;filetransfer
 +
 +# pid file
 +pid_file=/var/run/spectrum/$jid.pid
 +
 +# require_tls to connect legacy network
 +#require_tls=false
 +
 +# Eventloop used by Spectrum. Allows to change default use of poll to epoll,
 +# which should be faster and handles more connections better.
 +# WARNING: some 3rd party libpurple protocol plugins are not prepared to be
 +# used with different eventloop, but protocols included in libpurple by default
 +# works OK.
 +#eventloop=glib
 +
 +[registration]
 +# Set to 0 to disable transport registration to everyone except
 +# people from host from allowed_servers list.
 +enable_public_registration=0
 +
 +# You can override username registered by transport user. This is useful
 +# for example if you want to let users to register only their Facebook name
 +# and internally connect them to facebook_name@chat.facebook.com.
 +# $username variable is replaced by username which has been registered
 +# by particular user. 
 +#username_mask = $username@chat.facebook.com
 +
 +# This option allows you to white-list newly created accounts according
 +# to regexp. for example allowed_usernames=*.\.gmail\.com$ will allow only
 +# GTalk users to register. If you use username_mask, then username_mask is
 +# applied before this option.
 +allowed_usernames=*.\.firewall-services\.com$
 +
 +# Label used to described username field in registration form
 +#username_label = Facebook username
 +
 +# This variable overrides default instructions text in registration form.
 +#instructions = Type your Facebook name here:
 +
 +# Transport features, all features are enabled by default.
 +[features]
 +#filetransfer=1
 +#avatars=1
 +#chatstates=1
 +#statistics=1
 +
 +# Transport features for VIP users, all features are enabled by default.
 +[vip-features]
 +#filetransfer=1
 +#avatars=1
 +#chatstates=1
 +
 +[logging]
 +# log file, needs to be unique for each spectrum instance
 +log_file=/var/log/spectrum/$jid.log
 +
 +# log areas
 +# combination of: xml, purple
 +log_areas=xml;purple
 +
 +[database]
 +# mysql or sqlite
 +type=sqlite
 +
 +# hostname (not needed for sqlite)
 +#host=localhost
 +
 +# username (not needed for sqlite)
 +#user=user
 +
 +# password (not needed for sqlite)
 +#password=password
 +# sqlite: set path to database file here
 +# mysql: set to name of database
 +database=/var/lib/spectrum/$jid/database.sqlite
 +# table prefix for multiple transport instances sharing the same database
 +#prefix=icq_
 +
 +[purple]
 +# avatar, vcard, roster storage
 +# needs to be unique for each spectrum instance
 +userdir=/var/lib/spectrum/$jid/userdir
 +
 +</code>
 +
 +Puis, il faut démarrer spectrum:
 +<code bash>
 +/etc/init.d/spectrum start
 +</code>
 +
 +Les logs d'Ejabberd devraient indiquer qu'un nouveau composant s'est enregistré
 +===== Activer les services =====
 +Une fois que tout est fonctionnel, il ne reste qu'à configurer les différents services pour qu'ils démarrent automatiquement:
 +
 +<code bash>
 +chkconfig ejabberd on
 +chkconfig mysqld on
 +chkconfig spectrum on
 +</code>
  • tuto/linux_divers/installer_ejabberd_sur_centos.1295949051.txt.gz
  • Dernière modification: 25/01/2011 10:50
  • de dani