112020-08-29 20:43:11ClintonEbadi102020-08-29 20:42:45ClintonEbadiclearer language92020-08-29 20:41:52ClintonEbadi82020-08-29 19:57:34ClintonEbadiactually, we can enable TURNS, not sure it does anything...72020-08-29 19:22:01ClintonEbadinote that we're compliant with 2020 recommended XEPs, and that we don't use TURN (and why)62020-08-23 22:15:32ClintonEbadidust off a bit, collect details on everything configured outside of puppet here52020-08-23 22:04:29ClintonEbadiupdated docs, move to DaemonAdmin with others42011-03-09 20:23:18ClintonEbadi32011-03-09 09:06:47ClintonEbadifirewall config22011-03-09 09:02:17ClintonEbadierlang cookie12011-03-09 08:58:28ClintonEbadiinitial jabber admin notes

We use ejabberd We are compliant with XEP-0423: XMPP Compliance Suites 2020. We have STUN, STUNS, and TURNS (TURN over TLS) enabled, but have left UDP TURN disabled (unclear if using UDP TURN would result in some clients sending member credentials unencrypted, or if only the temporary credentials offered by mod_stun_disco are used). If you think we should enable TURN over UDP, please contact the admins.

Installation is handled by Puppet class hcoop::service::xmpp::ejabberd. It will automatically use the HCoop TLS certificate, set up krb5 authentication, and open the needed firewall ports.

A few things are not managed by Puppet.

We need several DNS records for XMPP servers, stored in the hcoop.net domtool configuration.

XEP-0156: Discovering Alternative XMPP Connection Methods (HTTP) requires two files to be accessible from : These list BOSH and WebSocket endpoints and may need to be adjusted when adding/removing ejabberd servers.

Might be relevant in the future -- we have a single server setup at the moment, and are not managing the erlang cookie for example.

All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from ~ejabberd/.erlang_cookie. CategorySystemAdministration