ejabberd: can't seem to enable Stream Management - xmpp

Heyo,
I'm having a bit of a headache trying to get Stream Management (XEP-0198) working in ejabberd 17.04 in Ubuntu 16.10, though I've had this problem since ejabberd 17.03, and in spite of searching just about everywhere, I can't seem to get find a straight answer beyond either explicitly adding stream_management: true to my config or leaving it out and letting that setting default to true. None of which seem to be offering any success, however.
My only indication that Stream Management isn't working at the moment is via the Android app Conversations, which lists the extension as Unavailable, though the app picks up the extension from another server just fine. I can't seem to see any errors in ejabberd's logs either, barring the one time I caused a syntax error that's since been corrected.
This is my current config (yes, I know, it's adapted form a sample and I need to clean some junk out):
##
### ejabberd configuration file
### Archipel Sample default condiguration
define_macro:
'CERT_LOCATION': "/certs/live/social.diskseven.com/ejabberd.pem"
'DH_PARAMS': "/certs/live/social.diskseven.com/dhparams.pem"
### =========
### DEBUGGING
# Increase this if you want sone insane erlang debug
loglevel: 3
### ================
### SERVED HOSTNAMES
# Change it for you FQDN
hosts:
- "xmpp.diskseven.com"
### ===============
### LISTENING PORTS
listen:
-
#it's a good idea to put xmlrpc behing a reverse proxy
#because you can't use tls directly, make it listen to localhost
ip: "::1"
# and read the Security section on the wiki
port: 4560
module: ejabberd_xmlrpc
access_commands:
xmlrpcaccess:
all : []
## ejabberd c2s
-
ip: "::"
port: 5222
stream_management: true
module: ejabberd_c2s
resend_on_timeout: if_offline
##
## If you installed a SSL
## certificate, specify the full path to the
## file and uncomment this line:
##
certfile: 'CERT_LOCATION'
starttls: true
starttls_required: true
ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
max_stanza_size: 65536000
shaper: c2s_shaper
access: c2s
## ejabbed s2s
-
ip: "::"
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 65536000
## ejabberd http/s and websocket/s
-
ip: "::"
port: 5280
module: ejabberd_http
request_handlers:
"/xmpp": ejabberd_http_ws
# if you want to use starttls with websock
# the URI will be wss://
# please be sure that the certificate belong
# to a trusted AC in your browser
certfile: 'CERT_LOCATION'
dhfile: 'DH_PARAMS'
# tls: true
web_admin: true
http_bind: true
### ===
### S2S
s2s_access: all
s2s_use_starttls: required
s2s_certfile: 'CERT_LOCATION' #concantinated cert.
s2s_dhfile: 'DH_PARAMS'
s2s_ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
s2s_protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
## domain_certfile: Specify a different certificate for each served hostname.
##
##host_config:
## "xmpp.diskseven.com":
## domain_certfile: 'CERT_LOCATION'
## "conference.xmpp.diskseven.com":
## domain_certfile: 'CERT_LOCATION'
### ==============
### AUTHENTICATION
auth_method: internal
### ===============
### TRAFFIC SHAPERS
shaper:
# in B/s
normal: 1000
fast: 50000000
### ====================
### ACCESS CONTROL LISTS
acl:
admin:
user:
- "admin": "xmpp.diskseven.com"
local:
user_regexp: ""
### ============
### ACCESS RULES
access:
max_user_sessions:
all: 5
local:
local: allow
c2s:
blocked: deny
all: allow
c2s_shaper:
admin: none
all: fast
s2s_shaper:
all: fast
s2s_access:
all: allow
announce:
admin: allow
configure:
admin: allow
muc_admin:
admin: allow
muc_create:
local: allow
muc:
all: allow
pubsub_createnode:
all: allow
register:
all: deny
xmlrpcaccess:
admin : allow
### Frequency of account registration
registration_timeout: 600
### ================
### DEFAULT LANGUAGE
language: "en"
### =======
### MODULES
modules:
mod_adhoc: []
mod_announce:
access: announce
mod_blocking: []
mod_caps: []
mod_client_state: []
mod_carboncopy: []
mod_configure: []
mod_disco: []
mod_http_bind:
max_inactivity: 400 # timeout valie for BOSH usefull for a large number of VM
mod_http_upload: []
mod_irc: []
mod_last: []
mod_mam: []
mod_muc:
host: "conference.#HOST#"
access: all
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin
mod_offline: []
mod_privacy: []
mod_private: []
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
max_items_node: 1000
plugins:
- "flat"
- "hometree"
- "pep"
pep_mapping:
"urn:xmpp:microblog:0": "mb"
mod_ping:
send_pings: true
ping_interval: 60
ping_ack_timeout: 30
timeout_action: kill
mod_register:
access: register
mod_roster:
versioning: true
mod_shared_roster: []
mod_time: []
mod_vcard: []
mod_version: []
mod_admin_extra: []
# mod_fail2ban:
# c2s_auth_ban_lifetime: 1300
# c2s_max_auth_failures: 5

In ejabberd 17.03+ stream management is implemented as a separate module: mod_stream_mgmt. You should have read release notes ;)

Related

I can not activate a new user with the url in mail. Page not found

When I register a new user :
- I receive a mail with activation link to activate this new user
- I tested in localhost and it works
- Deploy on production
- I tested and the link in production but it didn't find page
I updated my application-prod.yml application-dev.yml to receive the mails.
I changed my app.yml to remove the port 8080 in production with :
ports:
- 80:8080
My app.yml :
version: '2'
services:
mariage-app:
image: mylogin/mariage
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=prod,swagger
- SPRING_DATASOURCE_URL=jdbc:mysql://mariage-mysql:3306/mariage?useUnicode=true&characterEncoding=utf8&useSSL=false
- JHIPSTER_SLEEP=10 # gives time for the database to boot before the application
ports:
- 80:8080
mariage-mysql:
extends:
file: mysql.yml
service: mariage-mysql
´´´
My application-prod.yml
´´´
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================
# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
# ===================================================================
logging:
level:
ROOT: INFO
ch.ricreate.mariage: INFO
io.github.jhipster: INFO
spring:
devtools:
restart:
enabled: false
livereload:
enabled: false
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/mariage?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC
username: username
password: password
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQL5InnoDBDialect
database: MYSQL
show-sql: false
properties:
hibernate.id.new_generator_mappings: true
hibernate.connection.provider_disables_autocommit: true
hibernate.cache.use_second_level_cache: true
hibernate.cache.use_query_cache: false
hibernate.generate_statistics: true
hibernate.cache.region.factory_class: com.hazelcast.hibernate.HazelcastCacheRegionFactory
hibernate.cache.hazelcast.instance_name: mariage
hibernate.cache.use_minimal_puts: true
hibernate.cache.hazelcast.use_lite_member: true
liquibase:
contexts: prod
mail:
host: smtp.mymail.ch
port: 587
username: mymail#mymail.ch
password: password
tls: true
properties.mail.smtp:
auth: true
starttls.enable: true
ssl.trust: smtp.mymail.ch
thymeleaf:
cache: true
# ===================================================================
# To enable TLS in production, generate a certificate using:
# keytool -genkey -alias mariage -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
# port: 443
# ssl:
# key-store: classpath:config/tls/keystore.p12
# key-store-password: password
# key-store-type: PKCS12
# key-alias: mariage
# # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/)
# ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# ===================================================================
server:
port: 8080
compression:
enabled: true
mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
min-response-size: 1024
# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================
jhipster:
http:
version: V_1_1 # To use HTTP/2 you will need SSL support (see above the "server.ssl" configuration)
cache: # Used by the CachingHttpHeadersFilter
timeToLiveInDays: 1461
cache: # Cache configuration
hazelcast: # Hazelcast distributed cache
time-to-live-seconds: 3600
backup-count: 1
management-center: # Full reference is available at: http://docs.hazelcast.org/docs/management-center/3.9/manual/html/Deploying_and_Starting.html
enabled: false
update-interval: 3
url:
security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
# As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
# - In the JHipster Registry (which includes a Spring Cloud Config server)
# - In a separate `application-prod.yml` file, in the same folder as your executable WAR file
# - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
base64-secret: MY BASE 64 KEY...
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
mail: # specific JHipster mail property, for standard properties see MailProperties
from: mymail#mymail
base-url: http://www.mydomain.ch
metrics:
logs: # Reports metrics in the logs
enabled: false
report-frequency: 60 # in seconds
logging:
logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
enabled: false
host: localhost
port: 5000
queue-size: 512
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================
# application:
I have this error messages :
3www.mydomain.ch/:13 GET http://www.mydomain.ch/main.3f34c02a7b8ec7cd9bd5.js net::ERR_ABORTED 404 (Not Found)
(index):1 Refused to apply style from 'http://www.mydomain.ch/styles.676f69d3635eaaafa540.css' because its MIME type ('application/json') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
2www.mydomain.ch/:13 GET http://www.mydomain.ch/polyfills.9d3a8743be9f041e6ba8.js net::ERR_ABORTED 404 (Not Found)
Did you change the template templates/mail/activationEmail.html ?

Ejabberd: Failed to start BOSH session when connecting from client

Today I upgraded a server from Ubuntu 16.04 to 18.04, this also included a jump from ejabberd 16.01 to 18.01. Now we got a problem connecting from the client (using strophe.js)
[info] <0.359.0>#ejabberd_listener:accept:302 (<0.876.0>) Accepted connection 127.0.0.1:60552 -> 127.0.0.1:8088
[error] <0.876.0>#ejabberd_bosh:start:133 Failed to start BOSH session: {error,{noproc,{gen_server,call,[ejabberd_c2s_sup,{start_child,[{xmpp_socket,{socket_state,ejabberd_bosh,{http_bind,<0.877.0>,{{9x,1xx,2xx,1xx},60552}},infinity,undefined,none,<0.877.0>}},[{receiver,<0.877.0>},{xml_socket,true}]]},infinity]}}}
[error] <0.877.0>#gen_server:call CRASH REPORT Process <0.877.0> with 0 neighbours exited with reason: no such process or port in call to gen_server:call(ejabberd_c2s_sup, {start_child,[{xmpp_socket,{socket_state,ejabberd_bosh,{http_bind,<0.877.0>,{{9x,1xx,2xx,1xx},60552}},...}},...]}, infinity) in p1_fsm:init_it/6 line 392
[error] <0.617.0>#gen_server:call Supervisor 'mod_bosh_chat3.myserver.com' had child undefined started with {ejabberd_bosh,start_link,undefined} at <0.877.0> exit with reason no such process or port in call to gen_server:call(ejabberd_c2s_sup, {start_child,[{xmpp_socket,{socket_state,ejabberd_bosh,{http_bind,<0.877.0>,{{9x,1xx,2xx,1xx},60552}},...}},...]}, infinity) in context child_terminated
I am aware that mod_http_bind is replaced by mod_bosh. Clients connect through apache proxy from port 80 to 8088. Requesting :80/http-bind/ will therefore be passed to :8088/bosh/
I also wiped the mnesia database completely, after the upgrade to make sure it was not corrupt or deprecated.
According to this question, I also checked that curl is enabled.
At loglevel debug, the mod_bosh module seems to be started:
[debug] <0.329.0>#gen_mod:start_module:193 loading mod_bosh at jabber.myserver.com
[debug] <0.329.0>#gen_mod:start_module:193 loading mod_push at jabber.myserver.com
[debug] <0.600.0> Supervisor ejabberd_gen_mod_sup started ejabberd_tmp_sup:start_link('mod_bosh_jabber.myserver.com', ejabberd_bosh) at pid <0.651.0>
This is my complete config:
loglevel: 5
log_rotate_size: 0
log_rotate_date: ""
log_rate_limit: 100
hosts:
- "localhost"
- "jabber.myserver.com"
- "chat3.myserver.com"
- "test-chat3.myserver.com"
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:#STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "no_tlsv1"
- "cipher_server_preference"
- "no_compression"
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
listen:
-
port: 8088
ip: "127.0.0.1"
module: ejabberd_http
request_handlers:
"/bosh": mod_bosh
web_admin: true
tls: false
disable_sasl_mechanisms: "digest-md5"
s2s_use_starttls: false
auth_password_format: plain
auth_method: sql
sql_type: mysql
sql_server: "10.0.0.51"
sql_database: "databasename"
sql_username: "username"
sql_password: "secret-as-hell"
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 10000
acl:
admin:
user:
- "": "localhost"
- "admin": "test-chat3.myserver.com"
- "admin": "chat3.myserver.com"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: local
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
language: "en"
acme:
contact: "mailto:example-admin#example.com"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco: {}
mod_echo: {}
mod_irc: {}
mod_bosh: {}
mod_last: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
mod_roster:
versioning: true
mod_shared_roster: {}
mod_stats: {}
mod_time: {}
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_version: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_s2s_dialback: {}
mod_http_api: {}
allow_contrib_modules: true
Any hints is greatly appreciated :-)
The problem in your configuration seems that you removed ejabberd_c2s listener. It is needed, and you can see it mentioned in the error message. So, the problem is solved by adding it, at least in my case, for example:
listen:
-
port: 5222
module: ejabberd_c2s
-
port: 8088
ip: "127.0.0.1"
module: ejabberd_http
request_handlers:
"/bosh": mod_bosh
web_admin: true
tls: false
Such a requirement is not mentioned in the ejabberd documentation, so I've added it now.
UPDATE: Forget everything below. Please see the answer from Badlop
Did a complete reinstall of ejabberd:
apt-get --purge autoremove ejabberd
(make sure /etc/ejabberd is empty)
apt-get update
apt-get upgrade
apt-get install ejabberd
Here the relevant parts of ejabberd.yml. I didn't change anything else:
hosts:
- "localhost"
- "chat3.myserver.com" <- the public domain
listen:
-
port: 5222
...
-
port: 5269
...
-
##port: 5280
port: 8088 <- use any port you like
ip: "127.0.0.1" <- listen only on localhost
module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
## register: true
## captcha: true
tls: false <- no need for tls on localhost
protocol_options: 'TLS_OPTIONS'
auth_method: sql
sql_type: mysql
sql_server: "server"
sql_database: "ejabberd_live"
sql_username: "ejabberd"
sql_password: "secret"
acl:
admin:
user:
- "": "localhost"
- "admin": "chat3.myserver.com"
And just if you are wondering about my proxy configuration in apache. These are the relevant lines of my chat3.myserver.com virtual host:
ProxyPass /http-bind/ http://127.0.0.1:8088/bosh
ProxyPassReverse /http-bind/ http://127.0.0.1:8088/bosh
ProxyPass /admin/ http://127.0.0.1:8088/admin/
ProxyPassReverse /admin/ http://127.0.0.1:8088/admin/
You will of cause also need to get the mysql database schema from here ... and so on...
I have no idea what caused the connection error. I guess the upgrade of ejabberd was somehow faulty. At least I am pretty sure that this was not a known bug. I crawled the internet for 4 hours without finding anything like it with this version of ejabberd (18.01). And also the error message - even under loglevel 5 - was extremely vague. If this had been a configuration error, I am sure the error messages would have been a lot more specific.

ejabberd how to get admin link active?

(this is not a local machine problem nor local server)
I'm not able to connect admin on my domain and server ip too
mydomain.com:5280/admin/
on ssh terminal i started ejabberd , status is:
The node 'ejabberd#mydomain.com' is started with status: started
ejabberd 15.11 is running in that node
why im not able to connect it on domain and server ip? is there any way to check on which link i can open admin?
I installed it on ubuntu server, ejabberd.yml file is
###
###' ejabberd configuration file
###
###
### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/
### The configuration file is written in YAML.
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
### Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
### Examples of quoted string: "Lizzard", "orange".
### Example of folded string:
### > Art thou not Romeo,
### and a Montague?
###. =======
###' LOGGING
##
## loglevel: Verbosity of log files generated by ejabberd.
## 0: No ejabberd log at all (not recommended)
## 1: Critical
## 2: Error
## 3: Warning
## 4: Info
## 5: Debug
## loglevel: 4
##
## rotation: Describe how to rotate logs. Either size and/or date can trigger
## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
## does not disable rotation, it instead rotates the file and keeps no previous
## versions around. Setting size to X rotate log when it reaches X bytes.
## To disable rotation set the size to 0 and the date to ""
## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
## Some examples:
## $D0 rotate every night at midnight
## $D23 rotate every day at 23:00 hr
## $W0D23 rotate every week on Sunday at 23:00 hr
## $W5D16 rotate every week on Friday at 16:00 hr
## $M1D0 rotate on the first day of every month at midnight
## $M5D6 rotate on every 5th day of the month at 6:00 hr
## log_rotate_size: 10485760 log_rotate_date: "" log_rotate_count: 1
##
## overload protection: If you want to limit the number of messages per second
## allowed from error_logger, which is a good idea if you want to avoid a flood
## of messages when system is overloaded, you can set a limit.
## 100 is ejabberd's default. log_rate_limit: 100
##
## watchdog_admins: Only useful for developers: if an ejabberd process
## consumes a lot of memory, send live notifications to these XMPP
## accounts.
##
## watchdog_admins:
## - "admin#mydomain.com"
###. ===============
###' NODE PARAMETERS
##
## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
## identical value on all nodes, and in most cases shouldn't be changed at all from
## default value.
##
## net_ticktime: 60
###. ================
###' SERVED HOSTNAMES
##
## hosts: Domains served by ejabberd.
## You can define one or several, for example:
## hosts:
## - "example.net"
## - "example.com"
## - "example.org"
## hosts:
- "mydomain.com" # server domain
- "192.168.1.1" # my server ip address
##
## route_subdomains: Delegate subdomains to other XMPP servers.
## For example, if this ejabberd serves example.org and you want
## to allow communication with an XMPP server called im.example.org.
##
## route_subdomains: s2s
###. ===============
###' LISTENING PORTS
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
## listen:
-
port: 5222
module: ejabberd_c2s
certfile: "/home/jack/ejabberd/conf/server.pem"
starttls: true
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
## starttls_required: true
##
## Custom OpenSSL options
##
protocol_options:
- "no_sslv3"
## - "no_tlsv1"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper ## ## ejabberd_service: Interact with external components (transports, ...) ## ## - ## port: 8888
## module: ejabberd_service ## access: all ## shaper_rule: fast ## ip: "127.0.0.1" ## hosts: ## "icq.example.org":
## password: "secret" ## "sms.example.org": ## password: "secret"
## ## ejabberd_stun: Handles STUN Binding requests ## ## -
## port: 3478 ## transport: udp ## module: ejabberd_stun
## ## To handle XML-RPC requests that provide admin credentials:
## ## - ## port: 4560 ## module: ejabberd_xmlrpc ## maxsessions: 10 ## timeout: 5000 ## access_commands: ##
xmlrpc: ## commands: all ## options: []
-
port: 5280
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
"/bosh": mod_bosh
"/oauth": ejabberd_oauth
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
register: true
captcha: false
###. ==================
###' S2S GLOBAL OPTIONS
##
## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
## Allowed values are: false optional required required_trusted
## You must specify a certificate file.
##
## s2s_use_starttls: optional
##
## s2s_certfile: Specify a certificate file.
##
## s2s_certfile: "/home/jack/ejabberd/conf/server.pem"
## Custom OpenSSL options
##
## s2s_protocol_options:
## - "no_sslv3"
## - "no_tlsv1"
##
## domain_certfile: Specify a different certificate for each served hostname.
##
## host_config:
## "example.org":
## domain_certfile: "/home/jack/ejabberd/conf/example_org.pem"
## "example.com":
## domain_certfile: "/home/jack/ejabberd/conf/example_com.pem"
##
## S2S whitelist or blacklist
##
## Default s2s policy for undefined hosts.
##
## s2s_access: s2s
##
## Outgoing S2S options
##
## Preferred address families (which to try first) and connect timeout
## in milliseconds.
##
## outgoing_s2s_families:
## - ipv4
## - ipv6
## outgoing_s2s_timeout: 10000
###. ==============
###' AUTHENTICATION
##
## auth_method: Method used to authenticate the users.
## The default method is the internal.
## If you want to use a different method,
## comment this line and enable the correct ones.
## auth_method: internal
##
## Store the plain passwords or hashed for SCRAM:
## auth_password_format: plain
## auth_password_format: scram
##
## Define the FQDN if ejabberd doesn't detect it:
## fqdn: "server3.example.com"
##
## Authentication using external script
## Make sure the script is executable by ejabberd.
##
## auth_method: external
## extauth_program: "/path/to/authentication/script"
##
## Authentication using ODBC
## Remember to setup a database in the next section.
##
## auth_method: odbc
##
## Authentication using PAM
##
## auth_method: pam
## pam_service: "pamservicename"
##
## Authentication using LDAP
##
## auth_method: ldap
##
## List of LDAP servers:
## ldap_servers:
## - "localhost"
##
## Encryption of connection to LDAP servers:
## ldap_encrypt: none
## ldap_encrypt: tls
##
## Port to connect to on LDAP servers:
## ldap_port: 389
## ldap_port: 636
##
## LDAP manager:
## ldap_rootdn: "dc=example,dc=com"
##
## Password of LDAP manager:
## ldap_password: "******"
##
## Search base of LDAP directory:
## ldap_base: "dc=example,dc=com"
##
## LDAP attribute that holds user ID:
## ldap_uids:
## - "mail": "%u#mail.example.org"
##
## LDAP filter:
## ldap_filter: "(objectClass=shadowAccount)"
##
## Anonymous login support:
## auth_method: anonymous
## anonymous_protocol: sasl_anon | login_anon | both
## allow_multiple_connections: true | false
##
## host_config:
## "public.example.org":
## auth_method: anonymous
## allow_multiple_connections: false
## anonymous_protocol: sasl_anon
##
## To use both anonymous and internal authentication:
##
## host_config:
## "public.example.org":
## auth_method:
## - internal
## - anonymous
###. ==============
###' DATABASE SETUP
## ejabberd by default uses the internal Mnesia database,
## so you do not necessarily need this section.
## This section provides configuration examples in case
## you want to use other database backends.
## Please consult the ejabberd Guide for details on database creation.
##
## MySQL server:
##
## odbc_type: mysql
## odbc_server: "server"
## odbc_database: "database"
## odbc_username: "username"
## odbc_password: "password"
##
## If you want to specify the port:
## odbc_port: 1234
##
## PostgreSQL server:
##
## odbc_type: pgsql
## odbc_server: "server"
## odbc_database: "database"
## odbc_username: "username"
## odbc_password: "password"
##
## If you want to specify the port:
## odbc_port: 1234
##
## If you use PostgreSQL, have a large database, and need a
## faster but inexact replacement for "select count(*) from users"
##
## pgsql_users_number_estimate: true
##
## SQLite:
##
## odbc_type: sqlite
## odbc_database: "/home/jack/ejabberd/database/ejabberd.db"
##
## ODBC compatible or MSSQL server:
##
## odbc_type: odbc
## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
##
## Number of connections to open to the database for each virtual host
##
## odbc_pool_size: 10
##
## Interval to make a dummy SQL request to keep the connections to the
## database alive. Specify in seconds: for example 28800 means 8 hours
##
## odbc_keepalive_interval: undefined
###. ===============
###' TRAFFIC SHAPERS
shaper: ## ## The "normal" shaper limits traffic speed to 1000 B/s
## normal: 1000
## ## The "fast" shaper limits traffic speed to 50000 B/s ##
fast: 50000
##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
## max_fsm_queue: 1000
###. ====================
###' ACCESS CONTROL LISTS acl: ## ## The 'admin' ACL grants administrative privileges to XMPP accounts. ## You can put here as
many accounts as you want. ## admin:
user:
- "admin": "mydomain.com"
## ## Blocked users ## ## blocked: ## user: ## -
"baduser": "example.org" ## - "test"
## Local users: don't modify this. ## local:
user_regexp: ""
## ## More examples of ACLs ## ## jabberorg: ## server:
## - "jabber.org" ## aleksey: ## user: ## - "aleksey": "jabber.ru" ## test: ## user_regexp: "^test" ## user_glob:
"test*"
## ## Loopback network ## loopback:
ip:
- "192.168.1.1" #added server ip address
- "::1/128"
- "::FFFF:127.0.0.1/128" ## ## Bad XMPP servers ## ## bad_servers: ## server: ## - "xmpp.zombie.org" ## -
"xmpp.spam.com"
##
## Define specific ACLs in a virtual host.
##
## host_config:
## "localhost":
## acl:
## admin:
## user:
## - "bob-local": "localhost"
###. ============
###' ACCESS RULES access_rules: ## Maximum number of simultaneous sessions allowed for a single user: max_user_sessions:
all: 10 ## Maximum number of offline messages that users can have: max_user_offline_messages:
admin: 5000
all: 100 ## This rule allows access only for local users: local:
local: allow ## Only non-blocked users can use c2s connections: c2s:
blocked: deny
all: allow ## For C2S connections, all users except admins use the "normal" shaper c2s_shaper:
admin: none
all: normal ## All S2S connections use the "fast" shaper s2s_shaper:
all: fast ## Only admins can send announcement messages: announce:
admin: allow ## Only admins can use the configuration interface: configure:
admin: allow ## Admins of this server are also admins of the MUC service: muc_admin:
admin: allow ## Only accounts of the local ejabberd server can create rooms: muc_create:
local: allow ## All users are allowed to use the MUC service: muc:
all: allow ## Only accounts on the local ejabberd server can create Pubsub nodes: pubsub_createnode:
local: allow ## In-band registration allows registration of any possible username. ## To disable in-band registration, replace
'allow' with 'deny'. register:
all: allow ## Only allow to register from localhost trusted_network:
loopback: allow ## Do not establish S2S connections with bad servers ## s2s: ## bad_servers: deny ## all: allow
## By default the frequency of account registrations from the same IP
## is limited to 1 account every 10 minutes. To disable, specify: infinity registration_timeout: infinity
##
## Define specific Access Rules in a virtual host.
##
## host_config:
## "localhost":
## access:
## c2s:
## admin: allow
## all: deny
## register:
## all: deny
###. ================
###' DEFAULT LANGUAGE
##
## language: Default language used for server messages.
## language: "en"
##
## Set a different default language in a virtual host.
##
## host_config:
## "localhost":
## language: "ru"
###. =======
###' CAPTCHA
##
## Full path to a script that generates the image.
##
## captcha_cmd: "/home/jack/ejabberd/lib/ejabberd-15.11/priv/bin/captcha.sh"
##
## Host for the URL and port where ejabberd listens for CAPTCHA requests.
##
## captcha_host: "example.org:5280"
##
## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
##
## captcha_limit: 5
###. =======
###' MODULES
##
## Modules enabled in all ejabberd virtual hosts.
## modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: # recommends mod_adhoc
access: announce mod_blocking: {} # requires mod_privacy mod_caps: {} mod_carboncopy: {} mod_client_state: {}
mod_configure: {} # requires mod_adhoc mod_disco: {} ## mod_echo:
{} ## mod_irc: {} mod_http_bind: {} ## mod_http_fileserver: ##
docroot: "/var/www" ## accesslog:
"/home/jack/ejabberd/logs/access.log" mod_last: {} mod_muc:
## host: "conference.#HOST#"
access: muc
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin mod_muc_admin: {} ## mod_muc_log: {} ## mod_multicast: {} mod_offline:
access_max_user_messages: max_user_offline_messages mod_ping: {} ## mod_pres_counter: ## count: 5 ## interval: 60 mod_privacy: {} mod_private: {} ## mod_proxy65: {} mod_pubsub:
access_createnode: pubsub_createnode
## reduces resource comsumption, but XEP incompliant
ignore_pep_from_offline: true
## XEP compliant, but increases resource comsumption
## ignore_pep_from_offline: false
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps mod_register:
##
## Protect In-Band account registrations with CAPTCHA.
##
## captcha_protected: true
##
## Set the minimum informational entropy for passwords.
##
## password_strength: 32
##
## After successful registration, the user receives
## a message with this subject and body.
##
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
##
## When a user registers, send a notification to
## these XMPP accounts.
##
## registration_watchers:
## - "admin1#example.org"
##
## Only clients in the server machine can register accounts
##
## ip_access: trusted_network
##
## Local c2s or remote s2s users cannot register accounts
##
## access_from: deny
access_from: register mod_roster: {} mod_shared_roster: {} ## mod_stats: {} ## mod_time: {} mod_vcard: {} mod_version: {}
##
## Enable modules with custom options in a specific virtual host
##
## host_config:
## "localhost":
## modules:
## mod_echo:
## host: "mirror.localhost"
##
## Enable modules management via ejabberdctl for installation and
## uninstallation of public/private contributed modules
## (enabled by default)
##
allow_contrib_modules: true
###.
###'
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
After trying lot on virtual server , i got to know from server providers they cant open outbound ip for 5280 , 5222 which require to run mydomain.com:5280/admin web admin interface. and its not open for users.
Inbound ip is open for us , so the reason im able to access it by ssh. and on ssh terminal i started ejabberd.
Solution : server must need to open inbound and outbound ports. i updated my server and able to open ports on server. which works then.

ejabberd doesn't store roster persistently

I'm running ejabberd in Kubernetes using the following image: https://hub.docker.com/r/jprjr/ejabberd/
I've tried to test persistency by removing an account from Pidgin and adding it again. Pidgin does not load the previously added roster.
I tried Mnesia and Postgres. The Postgres database seems to be untouched by ejabberd but I don't get any erros in the logs either.
Any ideas, what could cause this behavior?
My configuration:
hosts: ["example.com"]
loglevel: 4
hide_sensitive_log_data: true
listen:
- port: 5222
module: ejabberd_c2s
access: c2s
shaper: c2s_shaper
zlib: true
starttls_required: true
starttls: true
certfile: "/etc/ejabberd/ejabberd.pem"
- port: 5269
module: ejabberd_s2s_in
shaper: s2s_shaper
max_stanza_size: 65536
s2s_use_starttls: true
s2s_certfile: "/etc/ejabberd/ejabberd.pem"
transport: tcp
auth_method: [ldap]
ldap_servers: ["ldap.example.com"]
ldap_port: 389
ldap_rootdn: "CN=ejabberd,OU=ServiceAccounts,DC=example,DC=com"
ldap_password: "*********"
ldap_base: "OU=User,DC=example,DC=com"
ldap_uids:
- "sAMAccountName": "%u"
ldap_filter: "(&(objectClass=user)(memberof=CN=ejabberdUsers,CN=Users,DC=example,DC=com))"
# tried with and w/o
# default_db: odbc
# sm_db_type: odbc
# odbc_type: pgsql
# odbc_server: "db.example.com"
# odbc_password: "********"
# odbc_port: 10051
shaper:
normal: 1000
fast: 50000
acl:
admin:
user:
"admin1": "example.com"
"admin2": "example.com"
access:
local:
local: allow
c2s:
blocked: deny
all: allow
ejabberd store roster persistently.
you need to enable mod_roster in ejabberd configuration file and database setting what you want for example
mod_roster:
db_type: odbc
it seems you are missing configuration for more detail of configuration check these links.
https://github.com/processone/ejabberd/blob/master/test/ejabberd_SUITE_data/ejabberd.yml
https://www.process-one.net/docs/ejabberd/guide_en.html

Exception in create user on ejabberd using Smack

I have a client code on server which create user on ejabberd using admin login following is my code for creating user
public Response registerNewUser(NewUserInfo info){
logger.info("start : registerNewUser");
ConnectionConfiguration conf = new ConnectionConfiguration("IISD43", 5222);
con.connect();
con.login("admin","admin");
XMPPConnection con = new XMPPConnection(conf);
AccountManager accountManger = con.getAccountManager();
try {
System.out.println(accountManger.supportsAccountCreation());
accountManger.createAccount(info.getPhoneNumber(), "test"+info.getPhoneNumber());
return new Response(200,"User Registered");
} catch (XMPPException e) {
e.printStackTrace();
logger.error("failed to create new user for userInfo "+info.getPhoneNumber()+" "+e);
return new Response(400, "User Not Registered");
}catch(Exception e){
e.printStackTrace();
return new Response(400, "User Not Registered");
}finally{
logger.info("end : registerNewUser");
}
}
the SYSO prints True
Error :
forbidden(403)
at org.jivesoftware.smack.AccountManager.createAccount(AccountManager.java:240)
at com.notificationprocessor.impl.XMPPRequestManger.registerNewUser(XMPPRequestManger.java:52)
at com.notificationprocessor.controller.RequestManager.createNotificationClient(RequestManager.java:34)
My ejabbered is on Windows machine it yml file is
as follows
###
### ejabberd configuration file
###
###
### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/
### The configuration file is written in YAML.
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
### Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
### Examples of quoted string: "Lizzard", "orange".
### Example of folded string:
### > Art thou not Romeo,
### and a Montague?
### =======
### LOGGING
##
## loglevel: Verbosity of log files generated by ejabberd.
## 0: No ejabberd log at all (not recommended)
## 1: Critical
## 2: Error
## 3: Warning
## 4: Info
## 5: Debug
##
loglevel: 4
##
## rotation: Describe how to rotate logs. Either size and/or date can trigger
## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
## does not disable rotation, it instead rotates the file and keeps no previous
## versions around. Setting size to X rotate log when it reaches X bytes.
## To disable rotation set the size to 0 and the date to ""
## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
## Some examples:
## $D0 rotate every night at midnight
## $D23 rotate every day at 23:00 hr
## $W0D23 rotate every week on Sunday at 23:00 hr
## $W5D16 rotate every week on Friday at 16:00 hr
## $M1D0 rotate on the first day of every month at midnight
## $M5D6 rotate on every 5th day of the month at 6:00 hr
##
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
##
## overload protection: If you want to limit the number of messages per second
## allowed from error_logger, which is a good idea if you want to avoid a flood
## of messages when system is overloaded, you can set a limit.
## 100 is ejabberd's default.
log_rate_limit: 100
##
## watchdog_admins: Only useful for developers: if an ejabberd process
## consumes a lot of memory, send live notifications to these XMPP
## accounts.
##
## watchdog_admins:
## - "admin#IISD43"
### ================
### SERVED HOSTNAMES
##
## hosts: Domains served by ejabberd.
## You can define one or several, for example:
## hosts:
## - "example.net"
## - "example.com"
## - "example.org"
##
hosts:
- "IISD43"
##
## route_subdomains: Delegate subdomains to other XMPP servers.
## For example, if this ejabberd serves example.org and you want
## to allow communication with an XMPP server called im.example.org.
##
## route_subdomains: s2s
### ===============
### LISTENING PORTS
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
-
port: 5222
module: ejabberd_c2s
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
starttls: true
certfile: "C:\\Users\\IISU43\\AppData\\Roaming\\ejabberd\\conf\\server.pem"
## Custom OpenSSL options
##
## protocol_options:
## - "no_sslv3"
## - "no_tlsv1"
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper
##
## ejabberd_service: Interact with external components (transports, ...)
##
## -
## port: 8888
## module: ejabberd_service
## access: all
## shaper_rule: fast
## ip: "127.0.0.1"
## hosts:
## "icq.example.org":
## password: "secret"
## "sms.example.org":
## password: "secret"
##
## ejabberd_stun: Handles STUN Binding requests
##
## -
## port: 3478
## transport: udp
## module: ejabberd_stun
##
## To handle XML-RPC requests that provide admin credentials:
##
## -
## port: 4560
## module: ejabberd_xmlrpc
-
port: 5280
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
# "/pub/archive": mod_http_fileserver
web_admin: true
http_poll: false
http_bind: true
## register: true
captcha: false
##
## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
## Allowed values are: false optional required required_trusted
## You must specify a certificate file.
##
## s2s_use_starttls: optional
##
## s2s_certfile: Specify a certificate file.
##
## s2s_certfile: "C:\\Users\\IISU43\\AppData\\Roaming\\ejabberd\\conf\\server.pem"
## Custom OpenSSL options
##
## s2s_protocol_options:
## - "no_sslv3"
## - "no_tlsv1"
##
## domain_certfile: Specify a different certificate for each served hostname.
##
## host_config:
## "example.org":
## domain_certfile: "C:\\Users\\IISU43\\AppData\\Roaming\\ejabberd\\conf\\example_org.pem"
## "example.com":
## domain_certfile: "C:\\Users\\IISU43\\AppData\\Roaming\\ejabberd\\conf\\example_com.pem"
##
## S2S whitelist or blacklist
##
## Default s2s policy for undefined hosts.
##
## s2s_policy: s2s
##
## Outgoing S2S options
##
## Preferred address families (which to try first) and connect timeout
## in milliseconds.
##
## outgoing_s2s_families:
## - ipv4
## - ipv6
## outgoing_s2s_timeout: 10000
### ==============
### AUTHENTICATION
##
## auth_method: Method used to authenticate the users.
## The default method is the internal.
## If you want to use a different method,
## comment this line and enable the correct ones.
##
auth_method: internal
##
## Store the plain passwords or hashed for SCRAM:
## auth_password_format: plain
## auth_password_format: scram
##
## Define the FQDN if ejabberd doesn't detect it:
## fqdn: "server3.example.com"
##
## Authentication using external script
## Make sure the script is executable by ejabberd.
##
## auth_method: external
## extauth_program: "/path/to/authentication/script"
##
## Authentication using ODBC
## Remember to setup a database in the next section.
##
## auth_method: odbc
##
## Authentication using PAM
##
## auth_method: pam
## pam_service: "pamservicename"
##
## Authentication using LDAP
##
## auth_method: ldap
##
## List of LDAP servers:
## ldap_servers:
## - "loalhost"
##
## Encryption of connection to LDAP servers:
## ldap_encrypt: none
## ldap_encrypt: tls
##
## Port to connect to on LDAP servers:
## ldap_port: 389
## ldap_port: 636
##
## LDAP manager:
## ldap_rootdn: "dc=example,dc=com"
##
## Password of LDAP manager:
## ldap_password: "******"
##
## Search base of LDAP directory:
## ldap_base: "dc=example,dc=com"
##
## LDAP attribute that holds user ID:
## ldap_uids:
## - "mail": "%u#mail.example.org"
##
## LDAP filter:
## ldap_filter: "(objectClass=shadowAccount)"
##
## Anonymous login support:
## auth_method: anonymous
## anonymous_protocol: sasl_anon | login_anon | both
## allow_multiple_connections: true | false
##
## host_config:
## "public.example.org":
## auth_method: anonymous
## allow_multiple_connections: false
## anonymous_protocol: sasl_anon
##
## To use both anonymous and internal authentication:
##
## host_config:
## "public.example.org":
## auth_method:
## - internal
## - anonymous
### ==============
### DATABASE SETUP
## ejabberd by default uses the internal Mnesia database,
## so you do not necessarily need this section.
## This section provides configuration examples in case
## you want to use other database backends.
## Please consult the ejabberd Guide for details on database creation.
##
## MySQL server:
##
## odbc_type: mysql
## odbc_server: "server"
## odbc_database: "database"
## odbc_username: "username"
## odbc_password: "password"
##
## If you want to specify the port:
## odbc_port: 1234
##
## PostgreSQL server:
##
## odbc_type: pgsql
## odbc_server: "server"
## odbc_database: "database"
## odbc_username: "username"
## odbc_password: "password"
##
## If you want to specify the port:
## odbc_port: 1234
##
## If you use PostgreSQL, have a large database, and need a
## faster but inexact replacement for "select count(*) from users"
##
## pgsql_users_number_estimate: true
##
## ODBC compatible or MSSQL server:
##
## odbc_type: odbc
## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
##
## Number of connections to open to the database for each virtual host
##
## odbc_pool_size: 10
##
## Interval to make a dummy SQL request to keep the connections to the
## database alive. Specify in seconds: for example 28800 means 8 hours
##
## odbc_keepalive_interval: undefined
### ===============
### TRAFFIC SHAPERS
shaper:
##
## The "normal" shaper limits traffic speed to 1000 B/s
##
normal: 1000
##
## The "fast" shaper limits traffic speed to 50000 B/s
##
fast: 50000
##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
##
max_fsm_queue: 1000
###. ====================
###' ACCESS CONTROL LISTS
acl:
##
## The 'admin' ACL grants administrative privileges to XMPP accounts.
## You can put here as many accounts as you want.
##
admin:
user:
- "admin": "IISD43"
##
## Blocked users
##
## blocked:
## user:
## - "baduser": "example.org"
## - "test"
## Local users: don't modify this.
##
local:
user_regexp: ""
##
## More examples of ACLs
##
## jabberorg:
## server:
## - "jabber.org"
## aleksey:
## user:
## - "aleksey": "jabber.ru"
## test:
## user_regexp: "^test"
## user_glob: "test*"
##
## Loopback network
##
loopback:
ip:
- "127.0.0.0/8"
##
## Bad XMPP servers
##
## bad_servers:
## server:
## - "xmpp.zombie.org"
## - "xmpp.spam.com"
##
## Define specific ACLs in a virtual host.
##
## host_config:
## "localhost":
## acl:
## admin:
## user:
## - "bob-local": "localhost"
### ============
### ACCESS RULES
access:
## Maximum number of simultaneous sessions allowed for a single user:
max_user_sessions:
all: 10
## Maximum number of offline messages that users can have:
max_user_offline_messages:
admin: 5000
all: 100
## This rule allows access only for local users:
local:
local: allow
## Only non-blocked users can use c2s connections:
c2s:
blocked: deny
all: allow
## For C2S connections, all users except admins use the "normal" shaper
c2s_shaper:
admin: none
all: normal
## All S2S connections use the "fast" shaper
s2s_shaper:
all: fast
## Only admins can send announcement messages:
announce:
admin: allow
## Only admins can use the configuration interface:
configure:
admin: allow
## Admins of this server are also admins of the MUC service:
muc_admin:
admin: allow
## Only accounts of the local ejabberd server can create rooms:
muc_create:
local: allow
## All users are allowed to use the MUC service:
muc:
all: allow
## Only accounts on the local ejabberd server can create Pubsub nodes:
pubsub_createnode:
local: allow
## In-band registration allows registration of any possible username.
## To disable in-band registration, replace 'allow' with 'deny'.
register:
all: allow
## Only allow to register from localhost
trusted_network:
loopback: allow
## Do not establish S2S connections with bad servers
## s2s:
## bad_servers: deny
## all: allow
## By default the frequency of account registrations from the same IP
## is limited to 1 account every 10 minutes. To disable, specify: infinity
## registration_timeout: 600
##
## Define specific Access Rules in a virtual host.
##
## host_config:
## "localhost":
## access:
## c2s:
## admin: allow
## all: deny
## register:
## all: deny
### ================
### DEFAULT LANGUAGE
##
## language: Default language used for server messages.
##
language: "en"
##
## Set a different default language in a virtual host.
##
## host_config:
## "localhost":
## language: "ru"
### =======
### CAPTCHA
##
## Full path to a script that generates the image.
##
## captcha_cmd: "C:\\Program Files\\ejabberd-15.07\\lib\\ejabberd-15.07\\priv\\tools\\captcha.sh"
##
## Host for the URL and port where ejabberd listens for CAPTCHA requests.
##
## captcha_host: "example.org:5280"
##
## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
##
## captcha_limit: 5
### =======
### MODULES
##
## Modules enabled in all ejabberd virtual hosts.
##
modules:
mod_adhoc: []
mod_announce: # recommends mod_adhoc
access: announce
## mod_blocking: [] # requires mod_privacy
mod_caps: []
mod_carboncopy: []
mod_configure: [] # requires mod_adhoc
mod_disco: []
## mod_echo: []
## mod_irc: []
mod_http_bind: []
## mod_http_fileserver:
## docroot: "/var/www"
## accesslog: "C:\\Program Files\\ejabberd-15.07\\logs\\access.log"
mod_last: []
mod_muc:
## host: "conference.#HOST#"
access: muc
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin
## mod_muc_log: []
mod_offline:
access_max_user_messages: max_user_offline_messages
## mod_ping: []
## mod_pres_counter:
## count: 5
## interval: 60
mod_privacy: []
mod_private: []
## mod_proxy65: []
mod_pubsub:
access_createnode: pubsub_createnode
## reduces resource comsumption, but XEP incompliant
ignore_pep_from_offline: true
## XEP compliant, but increases resource comsumption
## ignore_pep_from_offline: false
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
mod_register:
##
## Protect In-Band account registrations with CAPTCHA.
##
## captcha_protected: true
##
## Set the minimum informational entropy for passwords.
##
## password_strength: 32
##
## After successful registration, the user receives
## a message with this subject and body.
##
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
##
## When a user registers, send a notification to
## these XMPP accounts.
##
## registration_watchers:
## - "admin1#example.org"
##
## Only clients in the server machine can register accounts
##
ip_access: trusted_network
##
## Local c2s or remote s2s users cannot register accounts
##
## access_from: deny
access: register
mod_roster: []
mod_shared_roster: []
## mod_time: []
mod_vcard: []
mod_version: []
##
## Enable modules with custom options in a specific virtual host
##
## append_host_config:
## "localhost":
## modules:
## mod_echo:
## host: "mirror.localhost"
##
## Enable modules management via ejabberdctl for installation and
## uninstallation of public/private contributed modules
## (enabled by default)
##
allow_contrib_modules: true
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
As far as i got from config file it allows everyone for account creation, donno whether I am completely right.
Any pointer on resolving error appreciated
Modify these changes to you ejabberd.yml file.
## In-band registration allows registration of any possible username.
## To disable in-band registration, replace 'allow' with 'deny'.
register:
- allow
## Only allow to register from network.
trusted_network:
- allow: all