sudo apt install ejabberdufw allow to any port 5280 proto tcpufw allow to any port 5222 proto tcpufw allow to any port 5269 proto tcpufw allow to any port 7777 proto tcpsudo nano /etc/ejabberd/ejabberd.yml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #### hosts: Domains served by ejabberd.## You can define one or several, for example:## hosts:## - "example.net"## - "example.com"## - "example.org"##hosts: - "developernote.com"...###. ====================###' ACCESS CONTROL LISTSacl: ## ## The 'admin' ACL grants administrative privileges to XMPP accounts. ## You can put here as many accounts as you want. ## admin: user: - "admin": "developernote.com" |
telnet developernote.com 5280 |
Now we need a certificate:
1 2 3 4 5 6 7 8 9 10 11 12 | port: 5280ip: "::"module: ejabberd_httprequest_handlers: "/websocket": ejabberd_http_ws## "/pub/archive": mod_http_fileserverweb_admin: truehttp_bind: true## register: truecaptcha: truetls: truecertfile: "/etc/ejabberd/ejabberd.pem" |
openssl -req -days 1825 -nodes -new -x509 -keyout server.key -out server.certcat server.key > ejabberd.pemcat server.cert >> ejabberd.pemsudo cp ejabberd.pem /etc/ejabberd/sudo ejabberdctl change_password admin developernote.com <password>sudo service ejabberd restart |
And then open https://developernote.com:5280/admin/ in a browser:
Adding regular users:
sudo ejabberdctl register <user name> developernote.com <password> |
Configuring Miranda on Windows 10
Setting up file transfer
I was able to send text messages, but file transfer did not work. I set up UFW logging:
sudo ufw status verbosesudo ufw logging onsudo ls /var/log/ufw*sudo service rsyslog statusgrep -i ufw /var/log/syslog |
but did not find some blocked connections. Then I set up the logging to C:\Users\D-Ef\AppData\Roaming\Miranda NG\home\Logs\netlog.txt in Miranda client:
And when I accepted incoming file I got the following in the log:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | ===OUT: 332(15) bytes[20:51:05 4378] [dmitriano] Inflate: Z_OK[20:51:05 4378] [dmitriano] (ZLIB) Data received<iq from='brat@developernote.com/Miranda' to='dmitriano@developernote.com/Miranda' xml:lang='en' type='set' id='mir8f6447e7f7f7762c_292'><query xmlns='http://jabber.org/protocol/bytestreams' sid='52761423'><streamhost jid='brat@developernote.com/Miranda' host='192.168.1.6' port='61045'/></query></iq>===IN: 301(26) bytes[20:51:05 4378] [dmitriano] recvResult = 301[20:51:05 4378] [dmitriano] Handling iq id mir8f6447e7f7f7762c_292, type set, from brat@developernote.com/Miranda[20:51:05 13F4] [dmitriano] bytestream_recv connecting to 192.168.1.6:61045[20:51:05 13F4] [dmitriano] Connection request to 192.168.1.6:61045 (Flags 0)....[20:51:05 13F4] [dmitriano] (000000000A862F80) Connecting to server 192.168.1.6:61045....[20:51:05 4378] [dmitriano] bytesParsed = 301[20:51:05 13F4] [dmitriano] (000000000A862F80) Connecting to ip 192.168.1.6:61045 ....[20:51:26 13F4] [dmitriano] w:\miranda-build\src\mir_app\src\netlib_openconn.cpp 707: connect() failed (10060)[20:51:26 13F4] [dmitriano] bytestream_recv_connection connection failed (10060), try next streamhost[20:51:26 13F4] [dmitriano] File transfer completed with error[20:51:26 13F4] [dmitriano] Destroying file transfer session 000000000A76AA10[20:51:26 13F4] [dmitriano] bytestream_recv_connection session not completed |
So Miranda tries to connect to sender’s local IP address that is terribly annoying of course.
Also when I enabled the sounds they did not play:
Other clients
Gajim client determined that the file transfer is disabled:
Does the file transfer require UPnP?
It has ‘Discover services…” page:
Checking UPnP
Downloaded some utility that checks if UPnP enabled:
Probably Windows Media Player Network Sharing Service should be running:
Links:
- Install Ejabberd XMPP Server in Ubuntu 16.04
- Is it possible to generate RSA key without pass phrase?
- Miranda NG
- Where are the logs for ufw located on Ubuntu Server?
- Can’t transfer files through XMPP
- XMPP Compliance Tester
- MiniUPnP Project
- How can I turn on the UPnP service on my Windows system?
https://serverfault.com/questions/659442/getting-ssl-certificate-chain-from-jabber-server
The solution is: Jabber requires starttls:
openssl s_client -connect my.jabber.server.net:5222
https://stackoverflow.com/questions/44047315/generate-a-self-signed-certificate-in-docker
What is wrong with simple RUN command? It works for me and the self-signed certificate is created successfully.
FROM debian:wheezy
RUN apt-get update && \
apt-get install -y openssl && \
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
openssl rsa -passin pass:x -in server.pass.key -out server.key && \
rm server.pass.key && \
openssl req -new -key server.key -out server.csr \
-subj “/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com” && \
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
# non-interactive and 10 years expiration
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj “/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname”
https://hub.docker.com/r/elsdoerfer/ejabberd
docker run -d \
–name “ejabberd” \
-p 5222:5222 \
-p 5269:5269 \
-p 5280:5280 \
-h ‘example.de’ \
-e “XMPP_DOMAIN=example.de” \
-e “ERLANG_NODE=ejabberd” \
-e “EJABBERD_ADMIN=admin@example.de admin2@example.de” \
-e “TZ=Europe/Berlin” \
rroemhild/ejabberd
docker exec -ti ejabberd ejabberdctl register admin example.de password1234
docker exec -ti ejabberd ejabberdctl register admin2 example.de password12345
https://github.com/VGoshev/ejabberd-docker/blob/master/docker/docker-run.sh
exec ejabberdctl foreground
https://github.com/processone/docker-ejabberd/blob/master/ecs/Dockerfile
ENTRYPOINT [“/sbin/tini”,”–“,”/home/ejabberd/bin/ejabberdctl”]
CMD [“foreground”]
https://www.docker.com/blog/docker-best-practices-choosing-between-run-cmd-and-entrypoint/
What is PID 1 and why does it matter?
In the context of Unix and Unix-like systems, including Docker containers, PID 1 refers to the first process started during system boot. All other processes are then started by PID 1, which in the process tree model is the parent of every process in the system.
Optional parameters when starting an ejabberd node:
–config-dir dir Config ejabberd: /etc/ejabberd
–config file Config ejabberd: /etc/ejabberd/ejabberd.yml
–ctl-config file Config ejabberdctl: /etc/ejabberd/ejabberdctl.cfg
–logs dir Directory for logs: /var/log/ejabberd
–spool dir Database spool dir: /var/lib/ejabberd
–node nodename ejabberd node name: ejabberd@localhost
Edit YAML file with Bash
https://stackoverflow.com/questions/63581308/edit-yaml-file-with-bash
Since you don’t want to install yq you could use python that you most probably already have installed.
Here are the fundamentals:
#!/usr/bin/python
import yaml
with open(“config.yml”) as f:
y = yaml.safe_load(f)
y[‘db’][‘admin’][‘password’] = ‘new_admin_pass’
print(yaml.dump(y, default_flow_style=False, sort_keys=False))
Using yq to edit yaml files
https://stackoverflow.com/questions/67272591/using-yq-to-edit-yaml-files-in-place-i-flag
yq – written in Go
Using yq you can edit a file in place:
yq -i e ‘.authentication.anonymous.enabled |= true’ sample.yml
https://github.com/mikefarah/yq
wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq &&\
chmod +x /usr/bin/yq
Securing ejabberd
https://docs.ejabberd.im/admin/guide/security/#firewall-settings
Firewall Settings
https://www.igniterealtime.org/projects/openfire/
Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.