ejabberd + Biboumi + Docker = 🌞💬
dominik e744f68fce added abuse info | 2 years ago | |
---|---|---|
.vscode | 2 years ago | |
EXTRAS | 2 years ago | |
data | 2 years ago | |
.env.example | 2 years ago | |
.gitignore | 2 years ago | |
LICENSE | 2 years ago | |
README.md | 2 years ago | |
RELEASE.md | 2 years ago | |
TASKS.md | 2 years ago | |
XMPP-Compliance-Tester.md | 2 years ago | |
docker-compose.yml | 2 years ago | |
entrypoint.sh | 2 years ago | |
error-perm-fix.md | 2 years ago |
This setup packs all necessary configurations to run an ejabberd XMPP Server with a Biboumi IRC Gateway. Just put your IP and hostname in the .env
file, fire up docker-compose and you're good to go! The whole service lives in a single folder to ease backup and migration. All persistent data is stored in ./data/
. The configuration was crowd-sourced, for more details, see EXTRAS/reference-configurations.
FROM scratch
. All parameters are set using environment variables defined in docker-compose.yml
. The server runs under a unprivileged user (uid 1000).It is assumed that on the docker host we're already running
ejabberdctl
. Disabled in-band registration, web administration and the web API.entrypoint.sh
which generates the file ~/ env.yml
based on variables set in .env
~/conf/ejabberd.yml
which includes the configurations from ~/conf/conf.d/
and ~/ env.yml
from abovedocker-compose.yml
. The hostname is set in .env
, so no need to modify docker-compose.yml
.cronjob one-liner, running in the ejabberd container, dumps daily the ejabberd DB into ./data/backup/
.
Marked [x] ports will be opened on the Docker host, so they should not be used by another service on the same host.
5222:5222
Client 2 Server — bare minimum to speak with clients5223:5223
XMPP over TLS is actually deprecated, instead STARTTLS on port 5222 should be used. It is active for backward compatibility or could be moved to port 443 to ease usage behind firewalls.5269:5269
Server 2 Server — only needed when we want to speak with users from other servers5280:5280
Web admin (disabled), BOSH and WebSocket5443:5443
HTTP Upload113:8113
Identd so IRC servers can differentiate between users443!8080
Integrated webserver to serve static content, such as a javascript xmpp client. The port is exposed via the reverse proxy.5347:5347
Only used for internal unencrypted communication with the Biboumi (IRC gateway) component----:4560
XMLRPC — API, disabledBOSH (previously known as 'HTTP binding' or "http-bind") is a technology to use XMPP over HTTP. This allows XMPP applications to run in web pages, but also any other HTTP-only environment such as behind restrictive firewalls.
ejabber runs under user ejabberd
with uid/guid 9000
. All data is stored in /home/ejabberd/
within the container.
./data/conf/ejabberd.yml
— main configuration file.data/database/
— Erlang DB used to store all application data.data/backup/
— place to to store DB dumps.data/uploads/
— files transferred between users.data/cron/backup.sh
— job to daily dump the DB./opt/docker/proxy/data/certs/im.example.net/
— certificates and key material (to be changed as per the local docker host setup).data/www/
— static web content./data/biboumi/database/
— sqlite DB for Biboumi. The Biboumi configuration is defined via environment variables in docker-compose.yml
.Clone the repo and the reverse proxy and Let's Encrypt companion) to /opt/docker.
Copy .env.template
to .env
and setup your hostname and ip. A fixed ip is necessary to stun/turn to work.
Setup DNS To allow service discovery, following DNS records have to be created.
im 3600 IN A 1.2.3.4
*.im 3600 IN CNAME in
#_service._proto.name TTL class SRV priority weight port target
_xmpp-client._tcp.im.example.net. 3600 IN SRV 5 0 5222 im.example.net.
_xmpp-clients._tcp.im.example.net. 3600 IN SRV 10 0 5223 im.example.net.
_xmpp-server._tcp.im.example.net. 3600 IN SRV 5 0 5269 im.example.net.
To check the records: https://kingant.net/check_xmpp_dns/
Run docker-compose up
and watch out for possible errors. If everything goes fine, re-run with -d
.
Create users
ejabberd comes by default with no users. Privileges and ACLs for users are set in conf/conf.d/32-access.yml
.
In the default configuration file admin
is set as privileged user already.
To create new users, run from the docker host:
docker exec -it ejabberd /home/ejabberd/bin/ejabberdctl register <user> <domain> <password>
We'll need to create at least a user for the IRC gateway.
user=ircadmin
pass=`apg -q -n1 -m12`
docker exec -it ejabberd /home/ejabberd/bin/ejabberdctl register $user $hostname $pass
Further self-registration or LDAP authentication can be enabled in `ejabberd.yml`.
(Optional) Run the XMPP compliance tester
jar_file=ComplianceTester-0.2.3.jar
dl_url=https://gultsch.de/files/$jar_file
domain=$hostname
docker run --rm -it --name=xmpptest openjdk:alpine \
/bin/sh -c "wget $dl_url ; java -jar $jar_file $user@$domain $pass" \
| tee $domain.txt
(Optional) Setup a static website
data/www/
can be used to serve a static site,
e.g. for presenting compliance test results,
a web xmpp client or client setup instructions
cd $inst_dir/data/www
git clone --depth=1 https://github.com/conversejs/converse.js.git
mv converse.js webchat
cp webchat/fullscreen.html webchat/index.html
sed -i \
-e '/analytics/d' \
-e '/piwik/d' \
-e "/bosh_service_url/s/conversejs.org/$hostname:5280/" \
-e "/bosh_service_url/s/http-bind/bosh/" \
webchat/index.html
docker exec -it ejabberd sh
docker exec -it ejabberd /home/ejabberd/bin/ejabberdctl \
registered_users <host>
List all registered users in HOSTunregister <user> <host>
List all registered users in HOSTmodules_available
List the contributed modules available to installmodules_installed
List the contributed modules already installedmnesia
Get details about the databasereload_config
Reload ejabberd configuration file into memory (this will not start new servers)connected_users
list connected users with their resourcesbackup /home/ejabberd/backup/ejabberd.backup
Backup databaseinstall_fallback /home/ejabberd/backup/ejabberd.backup
restores the db and makes it active after the next restarthelp
lists available commandsfirefox https://www.sslshopper.com/ssl-checker.html#hostname=irc.example.net:6697
Docker's randomly generated hostnames causes ejabberd to calculate different unique node and DB name. To prevent a new DB beeing created with each container restart, use docker run --hostname <hostname>
or hostname:
and domainname:
in the docker-compose.yml
.
/opt/docker/proxy/data/certs/<hostname>
should be readable by ejabberd
user.
Inspect the vanilla container: docker run --rm -it --entrypoint /bin/sh ejabberd/ecs