## page was renamed from JabberAdmin <> == Daemon == We use [[http://www.ejabberd.im/|ejabberd]] We are compliant with [[https://xmpp.org/extensions/xep-0423.html|XEP-0423: XMPP Compliance Suites 2020]]. We have a STUN server, STUNS server, and TURNS (TURN over TLS) enabled, but not a UDP TURN server (unclear if using UDP TURN would result in some client sending member credentials unencrypted, or if only the temporary credentials offered by `mod_stun_disco` are used). If you think we should enable TURN over UDP, please contact the admins. == Installation == Installation is handled by Puppet class `hcoop::service::xmpp::ejabberd`. It will automatically use the HCoop TLS certificate, set up krb5 authentication, and open the needed firewall ports. == Additional Config == A few things are not managed by Puppet. === DNS Records === We need several DNS records for XMPP servers, stored in the `hcoop.net` domtool configuration. === Static files in hcoop.net/.well-known === [[https://xmpp.org/extensions/xep-0156.html|XEP-0156: Discovering Alternative XMPP Connection Methods (HTTP)]] requires two files to be accessible from https://hcoop.net: * https://hcoop.net/.well-known/host-meta * https://hcoop.net/.well-known/host-meta.json These list BOSH and WebSocket endpoints and may need to be adjusted when adding/removing ejabberd servers. == Old content == Might be relevant in the future -- we have a single server setup at the moment, and are not managing the erlang cookie for example. === Erlang Cookie === All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from `~ejabberd/.erlang_cookie`. ---- CategorySystemAdministration