Ceci est une ancienne révision du document !
Installation d'Ejabberd sur CentOS
Ejabberd est un serveur xmpp (jabber) robuste, écrit en erlang. Ce how-to décrit l'installation sur une CentOS
Installation d'une CentOS de base
Suivre ce how-to pour l'installation de base
Configuration des dépôts tiers
Suivre ce how-to pour configurer les dépôts tiers
Installer Ejabberd
Le dépôt EPEL propose un paquet pour Ejabberd
yum --enablerepo=epel install ejabberd
On peut aussi installer le serveur mysql pour le stockage des données
yum install mysql-server
Ainsi que les modules supplémentaires pour Ejabberd (intégrant entre autre le driver mysql natif)
yum --enablerepo=fws-testing install ejabberd-modules
Préparations
Par soucis de performance, et de facilité d'administration, nous allons utiliser une base MySQL pour stocker les informations relatives au serveur jabber (par défaut, Ejabberd utilise une base Mnesia, fournit par erlang)
Configuration de mysqld
Ejabberd a besoin du moteur InnoDB, il faut donc l'activer. Il faut aussi activer l'écoute sur le réseau (Ejabberd ne sachant pas communiquer avec un socket UNIX)
Voici un exemple de configuration my.cnf (à ajuster en fonction des besoins)
cp -a /etc/my.cnf /etc/my.cnf.default echo '' > /etc/my.cnf vim /etc/my.cnf
Puis y placer les ligne suivantes:
[mysqld] pid-file=/var/run/mysqld/mysqld.pid basedir=/usr datadir=/var/lib/mysql innodb_data_home_dir = /var/lib/mysql/ innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /var/lib/mysql/ innodb_log_arch_dir = /var/lib/mysql/ innodb_buffer_pool_size = 16M innodb_additional_mem_pool_size = 2M innodb_log_file_size = 5M innodb_log_buffer_size = 8M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 innodb_file_per_table socket=/var/lib/mysql/mysql.sock # networking is enabled log-error=/var/log/mysqld.log max_allowed_packet=16M user=mysql [mysqld_safe]
Création d'un mot de passe root (mysql)
/usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' > ~/.my.pw chmod 600 ~/.my.pw /usr/bin/mysqladmin -u root password $(cat ~/.my.pw) echo '[client]' > ~/.my.cnf echo "password="$(cat ~/.my.pw) >> ~/.my.cnf
Création d'une base de donnée pour Ejabberd
/usr/bin/openssl rand -base64 50 | tr -c -d '[:alnum:]' > /etc/ejabberd/db.pw chmod 600 /etc/ejabberd/db.pw mysql -e 'create database ejabberd' mysql -e "grant all privileges on ejabberd.* to 'ejabberd'@'localhost' identified by $(cat /etc/ejabberd/db.pw)" mysql -e 'flush privileges'
Importation du schéma pour Ejabberd
mysql ejabberd < /usr/share/doc/ejabberd-modules-0.1/mysql.sql
Configuration de de base
Le fichier de configuration d'Ejabberd est /etc/ejabberd/ejabberd.cfg La syntaxe est en erlang
Voici un exemple:
% Users that have admin access. Add line like one of the following after you % will be successfully registered on server to get admin access: {acl, admin, {user, "admin"}}. % {acl, admin, {user, "user1"}}. % Local users: {acl, local, {user_regexp, ""}}. % Blocked users: %{acl, blocked, {user, "test"}}. % Everybody can create pubsub nodes {access, pubsub_createnode, [{allow, all}]}. % Only admins can use configuration interface: {access, configure, [{allow, admin}]}. % Registration is disabled {access, register, [{deny,all}]}. % Only admins can send announcement messages : {access, announce, [{allow, admin}]}. % Only non-blocked users can use c2s connections: {access, c2s, [{deny, blocked}, {allow, all}]}. % Set shaper with name "normal" to limit traffic speed to 1000B/s {shaper, normal, {maxrate, 1000}}. % Set shaper with name "fast" to limit traffic speed to 50000B/s {shaper, fast, {maxrate, 50000}}. % For all users except admins used "normal" shaper {access, c2s_shaper, [{none, admin}, {normal, all}]}. % For all S2S connections used "fast" shaper {access, s2s_shaper, [{fast, all}]}. % Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. % All users are allowed to use MUC service: {access, muc, [{allow, all}]}. {access, muc_log, [{allow, admin}, {deny, all}]}. % Allow access only for local users: {access, local, [{allow, local}]}. %% Being Acls for MSN users % This example will deny communication with MSN users, except % The ones listed in good_msn_users % Requires mod_filter {acl, good_msn_users, {user, "user1\\40hotmail.com", "msn.domain.tld"}}. {acl, good_msn_users, {user, "user2\\40hotmail.fr", "msn.domain.tld"}}. {acl, good_msn_users, {user, "", "msn.domain.tld"}}. {acl, msn_users, {server_glob, "msn*"}}. {access, mod_filter, [{allow, all}]}. {access, mod_filter_presence, [{allow, all}]}. {access, mod_filter_message, [{allow, all}]}. {access, mod_filter_iq, [{allow, all}]}. {access, mod_filter, [ % Filter incoming messages; allow only good messages {allow, good_msn_users}, {deny, msn_users}, % Filter the rest, including outgoing messages {filter_msn, all} ]}. {access, filter_msn, [ % Users can send messages to good MSN users {allow, good_msn_users}, % but not to other MSN users {deny, msn_users}, % All non-MSN traffic is allowed {allow, all} ]}. %% End filter example % Auth MySQL {auth_method, odbc}. % mysql database access, with native mysql driver {odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "__SECRET__"}}. % Host name: {hosts, ["domain.tld"]}. %% Define the maximum number of time a single user is allowed to connect: {max_user_sessions, 10}. % Default language for server messages {language, "fr"}. % Listened ports: {listen, [ % Standard port 5222 with TLS support (and required) {5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}, starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}]}, % Deprecated SSL port on 5223 {5223, ejabberd_c2s, [{access, c2s}, tls, {certfile, "/etc/ejabberd/ejabberd.pem"}]} % Uncomment this line to allow s2s connections: % ,{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}, {max_stanza_size, 131072}]} % Example of transport configuration % ,{5347, ejabberd_service, [{host, "msn.domain.tld", % [{password, "secret"}]}]} ]}. % If SRV lookup fails, then port 5269 is used to communicate with remote server % Uncomment this line to allow s2s connections % {outgoing_s2s_port, 5269}. % Modules {modules, [ % {mod_register, [{access, register}]}, {mod_roster_odbc, []}, {mod_privacy_odbc, []}, {mod_adhoc, []}, {mod_configure, []}, % Depends on mod_adhoc {mod_configure2, []}, {mod_disco, []}, {mod_stats, []}, {mod_vcard_odbc, []}, %% if you prefer ldap based vcard service, use the following %% adapt it to your needs % {mod_vcard_ldap, % [ % {ldap_base, "ou=Users,dc=domain,dc=tld"}, % {ldap_filter, "(objectClass=inetOrgPerson)"}, % {ldap_vcard_map, %% vcard patterns % [{"NICKNAME", "%u", []}, % just use user's part of JID as his nickname % {"GIVEN", "%s", ["givenName"]}, % {"FAMILY", "%s", ["sn"]}, % {"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John" % {"EMAIL", "%s", ["mail"]}, % {"BDAY", "%s", ["birthDay"]}, % {"ORGNAME", "%s", ["o"]}, % {"ORGUNIT", "%s", ["ou"]}, % {"LOCALITY", "%s", ["l"]}, % {"STREET", "%s", ["Street"]}, % {"TEL", "%s", ["Phone"]} % ]}, % %% Search form % {ldap_search_fields, % [{"User", "%u"}, % {"Name", "givenName"}, % {"Family Name", "sn"}, % {"Email", "mail"}]}, % %% vCard fields to be reported % %% Note that JID is always returned with search results % {ldap_search_reported, % [{"Full Name", "FN"}, % {"Nickname", "NICKNAME"}]} % ]}, % {mod_vcard_odbc, []}, {mod_caps, []}, {mod_offline_odbc, []}, {mod_announce, [{access, announce}]}, % Depends on mod_adhoc {mod_private_odbc, []}, {mod_irc, []}, % Default options for mod_muc: % host: "conference." ++ ?MYNAME % access: all % access_create: all % access_admin: none (only room creator has owner privileges) {mod_muc, [{access, muc}, {access_create, muc}, {access_admin, muc_admin}]}, {mod_muc_log, []}, {mod_shared_roster, []}, {mod_pubsub, [ {access_createnode, pubsub_createnode}, {plugins, ["flat", "hometree", "pep"]} ]}, {mod_time, []}, {mod_last_odbc, []}, % {mod_xmlrpc,[{port, 4560},{timeout, 5000}]}, {mod_version, []}, {mod_admin_extra, []}, {mod_echo, [{host, "echo.domain.tld"}]} ]}. %%% Local Variables: %%% mode: erlang %%% End:
On remplace maintenant par le mot de passe mysql pour ejabberd:
export PASS=$(cat /etc/ejabberd/db.pw) sed -i -e "s/__SECRET/$PASS/g" /etc/ejabberd/ejabberd.cfg unset PASS