cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4f3a86906d
openbsd-ports/net/ejabberd/pkg
History
..
DESCR
ejabberd.rc
PLIST
README

README 

$OpenBSD: README,v 1.9 2018/09/04 12:46:16 espie Exp $

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

* Migration
  When moving database between machines, or upgrading from 1.1.x to
  2.x.x version you will need to follow the instructions available at
  http://www.ejabberd.im/migrate-host
  Node name is by default set to ejabberd@`hostname -s`


* Configuration
  * DNS
    SRV records for your server can make your life easier. Example
    records:
      _jabber._tcp.example.org.		SRV 5 0 5269 host.example.org.
      _xmpp-server._tcp.example.org.	SRV 5 0 5269 host.example.org.
      _xmpp-client._tcp.example.org.	SRV 5 0 5222 host.example.org.


  * Configuration file
        Set up the hostnames served by the server:
                {hosts, ["example.net", "example.com", "example.org"]}.
        Add administrative user
                {acl, admin, {user, "ermine", "example.org"}}.
        If you want to disallow in-band registration of users:
                {access, register, [{deny, all}]}.
        Users to get notifications about created new accounts:
                {registration_watchers, ["admin1@example.org"]},


* Administration
  Control is done using ${TRUEPREFIX}/sbin/ejabberdctl. Run it without
  arguments for list of possible commands and flags. It needs to be
  executed as either root or _ejabberd user.

  Another possibility, giving you more options, is the web interface,
  available at http://your.server:5280/admin/. First, you need to
  create a user in the "admin" ACL group. Then you can use his full JID
  and account password to log in.


* Using SSL
  The sample configuration enables SSL by default. You just need to
  generate the keys. Note that you should enter your domain name as the
  Common Name for your certificate.
    # openssl req -new -nodes -x509 -newkey rsa:4096 -days 365 \
      -keyout ${SYSCONFDIR}/ejabberd/myserver.pem \
      -out ${SYSCONFDIR}/ejabberd/myserver.pem
    # chown root:_ejabberd ${SYSCONFDIR}/ejabberd/myserver.pem
    # chmod 640 ${SYSCONFDIR}/ejabberd/myserver.pem

  To disable SSL comment out (prepend with %%) lines containing
  'certfile' and the whole block pertaining to port 5223


* Hostname resolving
  As Erlang is rather picky when it comes to resolving the hostname of
  the Jabber server. It requires the machine's shortname to be
  resolveable to the local address. A line such as the following for
  /etc/hosts suffices (make sure my_hostname matches the output of
  `hostname -s`):
  	127.0.0.1       my_hostname

* Epmd
  Epmd is a small name server used by Erlang programs when establishing
  distributed Erlang communications.  ejabberd needs epmd to use
  ejabberdctl and also when clustering ejabberd nodes.  If ejabberd is
  stopped, and there aren't any other Erlang programs running in the
  system, you can safely stop epmd if you want, using this command:
        epmd -kill

  It is strongly recommended to block the port 4369 in the firewall for
  external connections. epmd listens in this port, and usually epmd is
  not needed from outside the machine.