welcome: please sign in

The following 153 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
accessible   adding   Additional   adjusted   Administration   admins   All   Alternative   and   are   at   authentication   automatically   be   but   by   Category   certificate   class   clients   Compliance   compliant   Config   configuration   Connection   contact   content   Contents   cookie   Cookie   Coop   copied   credentials   Daemon   default   disabled   disco   Discovering   domtool   ejabberd   enable   enabled   endpoints   erlang   Erlang   example   extensions   few   files   firewall   for   from   future   handled   have   hcoop   host   html   http   https   if   If   im   in   Installation   installing   is   It   json   known   krb5   left   list   managed   managing   may   member   meta   Methods   Might   mod   moment   must   need   needed   net   new   node   nodes   not   Of   offered   Old   one   only   open   or   org   over   please   ports   Puppet   Records   records   relevant   removing   replace   requires   result   same   sending   server   servers   service   set   setup   several   should   single   Socket   some   Static   stored   stun   Suites   System   Table   temporary   the   These   things   think   to   two   unclear   unencrypted   up   use   used   using   We   we   Web   well   When   when   will   with   would   www   xep   xmpp   you  

Clear message
Edit

DaemonAdmin / EJabberD

Contents

  1. Daemon
  2. Installation
  3. Additional Config
    1. DNS Records
    2. Static files in hcoop.net/.well-known
  4. Old content
    1. Erlang Cookie

1. Daemon

We use ejabberd

We are compliant with XEP-0423: XMPP Compliance Suites 2020. We have STUN, STUNS, and TURNS (TURN over TLS) enabled, but have left UDP TURN disabled (unclear if using UDP TURN would result in some clients sending member credentials unencrypted, or if only the temporary credentials offered by mod_stun_disco are used). If you think we should enable TURN over UDP, please contact the admins.

2. Installation

Installation is handled by Puppet class hcoop::service::xmpp::ejabberd. It will automatically use the HCoop TLS certificate, set up krb5 authentication, and open the needed firewall ports.

3. Additional Config

A few things are not managed by Puppet.

3.1. DNS Records

We need several DNS records for XMPP servers, stored in the hcoop.net domtool configuration.

3.2. Static files in hcoop.net/.well-known

XEP-0156: Discovering Alternative XMPP Connection Methods (HTTP) requires two files to be accessible from https://hcoop.net:

These list BOSH and WebSocket endpoints and may need to be adjusted when adding/removing ejabberd servers.

4. Old content

Might be relevant in the future -- we have a single server setup at the moment, and are not managing the erlang cookie for example.

All nodes must have the same erlang cookie. When installing a new node replace the default Debian cookie with one copied from ~ejabberd/.erlang_cookie.

CategorySystemAdministration

DaemonAdmin/EJabberD (last edited 2020-08-29 20:43:11 by ClintonEbadi)