Of course if there is some specific file which stores iptables rules or some custom firewall these rules has to be added / modified to fit appropriate place or chain. sbin/iptables -A INPUT -p tcp -m tcp -dport 53873 -j ACCEPT
sbin/iptables -A INPUT -p udp -m udp -dport 4369 -j ACCEPT sbin/iptables -A INPUT -p tcp -m tcp -dport 4369 -j ACCEPT sbin/iptables -A INPUT -p udp -m udp -dport 5280 -j ACCEPT sbin/iptables -A INPUT -p tcp -m tcp -dport 5280 -j ACCEPT sbin/iptables -A INPUT -p udp -m udp -dport 5269 -j ACCEPT sbin/iptables -A INPUT -p tcp -m tcp -dport 5269 -j ACCEPT sbin/iptables -A INPUT -p udp -m udp -dport 5223 -j ACCEPT sbin/iptables -A INPUT -p tcp -m tcp -dport 5223 -j ACCEPT sbin/iptables -A INPUT -p udp -m udp -dport 5222 -j ACCEPT sbin/iptables -A INPUT -p tcp -m tcp -dport 5222 -j ACCEPT
sbin/iptables -A INPUT -p tcp -m tcp -dport 22 -j ACCEPT Add iptables ACCEPT traffic (allow) rules for ports which are used by Ejabberd The rest of the configurations in /etc/ejabberd/ejabberd.cfg can stay like it is, though it is interesting to read it carefully before continuing as, there are some config timings which might prevent the XMPP server from user brute force attacks as well as few other goodies like for example (ICQ, MSN, Yahoo etc.) protocol transports.ģ. Ĭ) default %% Hostname of to my real hostname: %% Remove the Access Control Lists before new ones are added. %%%% Remove the Access Control Lists before new ones are added.%%%%override_acls. Inside I changed the default settings for: Now as ejabberd is installed, some minor configuration is necessery before the server can be launched: The installation of Ejabberd is standard, e.g.: Here is the exact steps I followed to have installed and configured a running XMPP jabber server. Besides that ejabberd doesn't need Apache or MySQL and only depends on erlang programming language.
EJABBERD TEST ESCALUS MAKE QUICKTEST SOFTWARE
The reasons I choose Ejabberd is has rich documentation, good community around the project and the project in general looks like one of the best free software jabber servers available presently.
EJABBERD TEST ESCALUS MAKE QUICKTEST INSTALL
After some research of the jabber server softwares available, I decided to install Ejabberd Now I have a ejabberd container that has the CA certs required permanently.I've recently installed a jabber server on one Debian Lenny server and hence decided to describe my installations steps hoping this would help ppl who would like to run their own jabber server on Debian. By changing image: to build: # image: ejabberd/ecs:latest FROM ejabberd/ecs:latestĬhange my docker-compose.yml from using an image to building the Dockerfile. This means I have to build my own container by creating my own build/ejabbed/Dockerfile. Then I have to make the change permanent. Now I can see the certificates load without error in the log. A quick proof of this by going into the container and add ca-certificates and restarting ejabberd: docker-compose exec -u root ejabberd sh These are Let’s Encrypt certs and I know they are trusted, so why the error? Turns out the image ejabberd/ecs:latest doesn’t come with any CA certificates. When I started the service it complains that the certificate is signed by an untrusted CA! ejabberd/conf/certs:/home/ejabberd/conf/certs:rw ejabberd/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml:rw
ejabberd/upload:/home/ejabberd/upload:rw ejabberd/database:/home/ejabberd/database:rw Which are mounted using my docker-compose.yml ejabberd: home/ejabberd/conf/certs/fullchain.pem Then add in the location of the certs I’m using: certfiles: # "/.well-known/acme-challenge": ejabberd_acme Should be easy enough, all I have to do is comment out the acme: stanza and the request_handlers:, maybe just the request_handler: would do it. This meant I could switch to the staging ACME, which would mean untrusted CA certificate errors, or use a previously issued certificate set until my blockage was cleared. When running the ejabberd docker image in my container set I ran into a problem where I hit the rate limiter on Let’s Encrypt.
0 kommentar(er)
