How to install and configure Jabber Server (Ejabberd) on Debian Lenny GNU / Linux

Wednesday, 28th December 2011

Ejabberd server erlang logo hedgehog

I've recently installed a jabber server on one Debian Lenny server and hence decided to describe my installations steps hoping this would help ppl who would like to run their own jabber server on Debian . After some research of the jabber server softwares available, I decided to install Ejabberd

The reasons I choose Ejabberd is has rich documentation, good community around the project and the project in general looks like one of the best free software jabber servers available presently. Besides that ejabberd doesn't need Apache or MySQL and only depends on erlang programming language.

Here is the exact steps I followed to have installed and configured a running XMPP jabber server.

1. Install Ejabberd with apt

The installation of Ejabberd is standard, e.g.:

debian:~# apt-get --yes install ejabberd

Now as ejabberd is installed, some minor configuration is necessery before the server can be launched:

2. Edit /etc/ejabberd/ejabberd.cfg

Inside I changed the default settings for:

a) Uncomment%%override_acls.. Changed:

%%%% Remove the Access Control Lists before new ones are added.%%%%override_acls.

to

%%
%% Remove the Access Control Lists before new ones are added.
%%
override_acls.

b) Admin User from:

%% Admin user
{acl, admin, {user, "", "example.com"}}.

to

%% Admin user
{acl, admin, {user, "admin", "jabber.myserver-host.com"}}.

c) default %% Hostname of example.com to my real hostname:

%% Hostname
{hosts, ["jabber.myserver-host.com"]}.

The rest of the configurations in /etc/ejabberd/ejabberd.cfg can stay like it is, though it is interesting to read it carefully before continuing as, there are some config timings which might prevent the XMPP server from user brute force attacks as well as few other goodies like for example (ICQ, MSN , Yahoo etc.) protocol transports.

3. Add iptables ACCEPT traffic (allow) rules for ports which are used by Ejabberd

The minimum ACCEPT rules to add are:

/sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 5222 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 5223 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 5223 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 5269 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 5269 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 5280 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 5280 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 4369 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 4369 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 53873 -j ACCEPT

Of course if there is some specific file which stores iptables rules or some custom firewall these rules has to be added / modified to fit appropriate place or chain.

4. Restart ejabberd via init.d script

debian:~# /etc/init.d/ejabberd restart
Restarting jabber server: ejabberd is not running. Starting ejabberd.

5. Create ejabberd necessery new user accounts

debian:~# /usr/sbin/ejabberdctl register admin jabber.myserver-host.com mypasswd1
debian:~# /usr/sbin/ejabberdctl register hipo jabber.myserver-host.com mypasswd2
debian:~# /usr/sbin/ejabberdctl register newuser jabber.myserver-host.com mypasswd3
debian:~# /usr/sbin/ejabberdctl register newuser1 jabber.myserver-host.com mypasswd4
...
etc.

ejabberdctl ejabberd server client (frontend) has multiple other options and the manual is a good reading.

One helpful use of ejabberdctl is:

debian:~# /usr/sbin/ejabberdctl status
Node ejabberd@debian is started. Status: started
ejabberd is running

ejabberctl can be used also to delete some existent users, for example to delete the newuser1 just added above:

debian:~# /usr/sbin/ejabberdctl unregister newuser jabber.myserver-host.com

6. Post install web configurations

ejabberd server offers a web interface listening on port 5280, to access the web interface right after it is installed I used URL: http://jabber.myserver-host.com:5280/admin/

To login to http://jabber.myserver-host.com:5280/admin/ you will need to use the admin username previously added in this case:
admin@jabber.myserver-host.com mypasswd1

Anyways in the web interface there is not much of configuration options available for change.

7. Set dns SRV records

I'm using Godaddy 's DNS for my domain so here is a screenshot on the SRV records that needs to be configured on Godaddy:

GoDaddy DNS SRV records screenshot

In the screenshto Target is the Fually qualified domain hostname for the jabber server.

Setting the SRV records for the domain using Godaddy's DNS could take from 24 to 48 hours to propagate the changes among all the global DNS records so be patient.

If instead you use own custom BIND DNS server the records that needs to be added to the respective domain zone file are:

_xmpp-client._tcp 900 IN SRV 5 0 5222 jabber.myserver-host.com.
_xmpp-server._tcp 900 IN SRV 5 0 5269 jabber.myserver-host.com.
_jabber._tcp 900 IN SRV 5 0 5269 jabber.myserver-host.com.

8. Testing if the SRV dns records for domain are correct

debian:~$ nslookup
> set type=SRV
> jabber.myserver-host.com
 ...
> myserver-host.com

 If all is fine above nslookup request should return the requested domain SRV records.
You might be wondering what is the purpose of setting DNS SRV records at all, well if your jabber server has to communicate with the other jabber servers on the internet using the DNS SRV record is the way your server will found the other ones and vice versa.

DNS records can also be checked with dig for example

$ dig SRV _xmpp-server._tcp.mydomain.net

[…]

;; QUESTION SECTION:
;_xmpp-server._tcp.mydomain.net. IN SRV

;; ANSWER SECTION:
_xmpp-server._tcp.mydomain.net. 259200 IN SRV 5 0 5269 jabber.mydomain.net.

;; ADDITIONAL SECTION:
jabber.mydomain.net. 259200 IN A 11.22.33.44

;; Query time: 109 msec
;; SERVER: 212.27.40.241#53(212.27.40.241)
;; WHEN: Sat Aug 14 14:14:22 2010
;; MSG SIZE rcvd: 111

9. Debugging issues with ejabberd

Ejabberd log files are located in /var/log/ejabberd , you will have to check the logs in case of any issues with the jabber XMPP server. Here is the three files which log messages from ejabberd:

debian:~$ ls -1 /var/log/ejabberd/
ejabberd.log
erl_crash.dump
sasl.log

I will not get into details on the logs as the best way to find out about them is to read them 😉

10. Testing ejabberd server with Pidgin

To test if my Jabber server works properly I used Pidgin universal chat client . However there are plenty of other multiplatform jabber clients out there e.g.: Psi , Spark , Gajim etc.

Here is a screenshot of my (Accounts -> Manage Accounts -> Add) XMPP protocol configuration

Pidgin account configuration XMPP on debian Linux
 

Share this on:

Download PDFDownload PDF

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

8 Responses to “How to install and configure Jabber Server (Ejabberd) on Debian Lenny GNU / Linux”

  1. admin says:
    Epiphany 2.30.6 Epiphany 2.30.6 Debian GNU/Linux x64 Debian GNU/Linux x64
    Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6

    Also its a good practice to edit /etc/default/ejabberd and inside add

    SMP=enable

    this enables support for SMP kernels most linux kernels nowdays are SMP

    View CommentView Comment
  2. hip0 says:
    Opera 11.00 Opera 11.00 GNU/Linux x64 GNU/Linux x64
    Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.7.62 Version/11.00

    One other Jabber  helpful command is the cmd to check all logged in usernames on ejabberd:
    This is done with ejabberdctl
    ejabberdctl connected-users
    georgi.georgiev@jabber.myserver.com/33452567231325714453446703
    ….
    etc.

     

    View CommentView Comment
  3. Carl Chenet says:
    IceWeasel 24.2.0 IceWeasel 24.2.0 GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20131215 Firefox/24.0 Iceweasel/24.2.0

    Lenny is outdated, no more support of any kind (bugs, security). You should use Wheezy, the current Debian stable. Moreover the softwares offered by Lenny are really outdated too.
     

    View CommentView Comment
    • Carl Chenet says:
      IceWeasel 24.2.0 IceWeasel 24.2.0 GNU/Linux x64 GNU/Linux x64
      Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20131215 Firefox/24.0 Iceweasel/24.2.0

      Sorry I miss the publication date. Forget what I said.

      View CommentView Comment
    • admin says:
      Firefox 33.0 Firefox 33.0 Windows 7 x64 Edition Windows 7 x64 Edition
      Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0

      Hi Carl,

      At time of writting the article I was still using Lenny. Now I guess the tutorial to install should be similar even when using newer versions.

      Regards,

      Georgi

      View CommentView Comment
  4. admin says:
    Firefox 52.0 Firefox 52.0 GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0

    Actually lately I prefer Gajim much more, because Pidgin is too much interactive for my console soul 🙂

    View CommentView Comment
  5. admin says:
    Firefox 52.0 Firefox 52.0 GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0

    If your jabber init script /etc/init.d/ejabberd start is failing to launch ejabberd, once all is configured as explained in the article, you’ll have to check your firewall rules, you will need to have allowed for connection as a minimum following rules add them to your firewall init script and then try again. Another thing to check whether it is the firewall causing ejabberd to malfunction, just stop the firewall for a short time and relaunch ejabberd:

    -A INPUT -s 127.0.0.1/32 -p tcp -m tcp –dport 5222 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -p tcp -m tcp –dport 5223 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -p tcp -m tcp –dport 4369 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -p tcp -m tcp –dport 5269 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -p tcp -m tcp –dport 5280 -j ACCEPT

    A INPUT -p tcp -m tcp –dport 5222 -j ACCEPT
    -A INPUT -p tcp -m tcp –dport 5223 -j ACCEPT
    -A INPUT -p tcp -m tcp –dport 4369 -j ACCEPT
    -A INPUT -p tcp -m tcp –dport 5269 -j ACCEPT
    -A INPUT -p tcp -m tcp –dport 5280 -j ACCEPT
    -A INPUT -p udp -m udp –dport 5222 -j ACCEPT
    -A INPUT -p udp -m udp –dport 5223 -j ACCEPT
    -A INPUT -p udp -m udp –dport 4369 -j ACCEPT
    -A INPUT -p udp -m udp –dport 5269 -j ACCEPT
    -A INPUT -p udp -m udp –dport 5280 -j ACCEPT

    View CommentView Comment
  6. admin says:
    Firefox 52.0 Firefox 52.0 GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0

    For those who want to access it via Mobile Phone be it Android or IOS, here is a list of some clients you might consider with support for ORT encryption.

    Xabber, IM+ , AstraChat, Bruno the Jabber Bear,  Salut à Toi, Tigase Messenger, Zom

    View CommentView Comment

Leave a Reply

CommentLuv badge