Rdr pass on $ext_if inet proto tcp from ! to $ext_if port $ports_xmpp -> $xmpp Now, let's open 5222, 5269, 54 in our firewall in order to let it talk out. You'll want to change all the IP addresses and the admin JID - (message me!). # vim: set filetype=yaml tabstop=8 /usr/local/etc/ejabberd/ejabberd.yml See the Jabber SPAM Manifesto for details: # Think twice before enabling registration from any # network (see access_rules section above). # Only accept registration requests from the "trusted" # Avoid buggy clients to make their bookmarks public Uncomment this when you have SQL configured:Īccess_max_user_messages: max_user_offline_messages # For small servers SQLite is a good fit and is very easy # Mnesia is limited to 2GB, better to use an SQL backend # /.well-known/acme-challenge: ejabberd_acme # If you already have certificates, list them here Ldap_filter: "(memberOf=cn=xmpp,ou=groups,dc=xf)" Ldap_tls_cacertfile: "/etc/ssl/ldapcert.pem" # ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* # ******* YAML IS INDENTATION SENSITIVE ******* # The configuration file is written in YAML. # The parameters used in this configuration file are explained at The protocol options are industry standard, and the cipher selected is either CHACHA20-POLY1305 or AES256-SHA384 - arguably the best options out there.
#Ejabberd password full#
We're going to harden TLS a bit with the following lines in each listen stanza (don't copy this into any configs, see below for full config): protocol_options:Ĭiphers: "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384"
Ldap_filter: "(memberOf=cn=xmpp,ou=groups,dc=xf)" # check group membership (optional) /usr/local/etc/ejabberd/ejabberd.yml Ldap_base: "ou=users,dc=xf" # where to search
Ldap_password: "hunter2" # password for said DN Ldap_rootdn: "cn=passdn,ou=admin,dc=xf" # what DN to bind as uid # which attribute in LDAP is the username Ldap_tls_cacertfile: "/etc/ssl/ldapcert.pem" # replace with your cert path
#Ejabberd password update#
Let's test one of these out: omega# dig srv _xmpp-server._tcp.zm.is +shortĪfter issuing certificates with acme.sh and copying them into my FreeBSD jail every day with CRON (out of scope of this article), let's update the config with the LDAP definition: host_config: I'll be adding these to point to sin.zm.is. Let's get those out of the way now so they have time to propagate. We'll want to create some DNS records to tell people where to look for our XMPP service. The following 14 package(s) will be affected (of 0 checked):
#Ejabberd password install#
Let's install ejabberd: # pkg install ejabberd I'm setting this up on FreeBSD, so let's install all the relevant packages. I'm really not sure how many more witty intros I can do on these articles.
0 kommentar(er)
