welcome: please sign in

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
Last name of the current Debian Project Leader

Edit

DaemonAdmin / EJabberD

Contents

  1. Daemon
  2. Installation
  3. Additional Config
    1. DNS Records
    2. Static files in hcoop.net/.well-known
  4. Old content
    1. Erlang Cookie

1. Daemon

We use ejabberd

We are compliant with XEP-0423: XMPP Compliance Suites 2020. We have STUN, STUNS, and TURNS (TURN over TLS) enabled, but have left UDP TURN disabled (unclear if using UDP TURN would result in some clients sending member credentials unencrypted, or if only the temporary credentials offered by mod_stun_disco are used). If you think we should enable TURN over UDP, please contact the admins.

2. Installation

Installation is handled by Puppet class hcoop::service::xmpp::ejabberd. It will automatically use the HCoop TLS certificate, set up krb5 authentication, and open the needed firewall ports.

3. Additional Config

A few things are not managed by Puppet.

3.1. DNS Records

We need several DNS records for XMPP servers, stored in the hcoop.net domtool configuration.

3.2. Static files in hcoop.net/.well-known

XEP-0156: Discovering Alternative XMPP Connection Methods (HTTP) requires two files to be accessible from https://hcoop.net:

These list BOSH and WebSocket endpoints and may need to be adjusted when adding/removing ejabberd servers.

4. Old content

Might be relevant in the future -- we have a single server setup at the moment, and are not managing the erlang cookie for example.

All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from ~ejabberd/.erlang_cookie.

CategorySystemAdministration