Chat Application will not work - how do we get this setup?

xmpp
chat
nextcloud
v7
ejabberd

(Charles) #1

NethServer Version: NethServer release 7.3.1611 (Final)
Module: XMPP/Jabber chat server (not sure of the version but my nethserver is fully up to date)

Hello @dev_team,

I’m kicking at this can again. I’ve got Nethserver running on CentOS 7 (fully updated). I’ve installed the XMPP/Jabber chat server module in Nethserver and it’s enabled (checkbox checked).

I’ve issued the following instruction through the command line (SSH into nethserver):
signal-event nethserver-ejabberd-save

I then use my nethserver address with the 5280 port to access the Admin page of XMPP/Jabber Chat Server:

https://mynethserver.company.ca:5280/admin

All I get is “This site cannot be reached”.

Has anyone got this working? I never have. What’s missing to get this working for me?

I’ve read the nethserver docs for Chat: http://docs.nethserver.org/en/v7/chat.html

There is no mention at all of the Admin page or how to get it working?

I’ve then tried to get the chat working from my Nextcloud pointing to my nethserver chat. Again no dice. I’m using the following:

XMPP Domain: company.ca
Bosh URL: https://mynethserver.company.ca/http-bind

The error I receive in Nextcloud is:
BOSH server NOT reachable or misconfigured.
502 Proxy Error

So what needs to be configured in Nethserver XMPP/Jabber to get this working?

Thank you.


(Marc) #2

To enable ejabberd webadmin page:

config setprop ejabberd WebAdmin enabled
signal-event nethserver-ejabberd-save

Then you can login with an admin account (admin@domain.tld), but I don’t see much in there. Also the ejabberd help file cannot be accessed:

Forbidden /opt/ejabberd-16.01/doc/guide.html - Try to specify the path to ejabberd documentation with the environment variable EJABBERD_DOC_PATH. Check the ejabberd Guide for more information.


Try with the IP address instead of the domain.


(EnzoC) #3

i use this setting


I removed http-bind because it increases exchange times, and sometimes does not deliver messages

webadmin is empty for me, no option no statistic…Nothing


(Dominik) #4

Hi @sharpec, i was struggling with it two days ago and finally i figure out pidgin settings:


But still i cannot access ejabber admin page - to be specific i can log in there but i can see only this:

On my test NS7 server i have got Samba4AD but after the chat server installation i have also problems with connecting to admin page - but in my case the reason for that was firewall (probably!) which i have uninstalled after chat server installation (i dunno why i have no possibility to open that page with firewall installed) - and because its test machine i don’t need firewall here.
I have also found on earlier post (from 2016) that chat server doen’t work with AD - but it could change from that time.


(EnzoC) #5

I have this setup in production

Machine1: Samba, DC Primary, Lets Encrypt Certificate
Machine2: Proxy, Chat server, account provider linked via LDAP to Samba, Lets Encrypt Certificate

in jabber client use
Username: enzo
Domain: xxxxx.it

Connection server: proxy.xxxxx.it
Server for Transfer: proxy.xxxxx.it

I see same screen


(Dominik) #6

Maybe this is a bug - i dunno - chat is working but ejabber has many more possibilities - not only “Virtual Hosts”


(devfx11) #7

I have the same problem.
I setprop the WebAdmin value to enabled and the commands described above.
Still i cannot access the webadmin panel on the mentioned port.
The port is open and the service is running on the port.
The network i connect to is in trusted networks.
I even tried accessing it from localhost still no luck.
Anyone know why is this happening ?


(devfx11) #8

Silly me , its https://server_ip:5280/admin

But i only see what others mention here

Virtual Hosts
Virtual Hosts
[GUIDE: VIRTUAL HOSTING]
Host Registered Users Online Users

So basically you see a panel where you can’t do anything :slight_smile:
Is there a way to access administrative panel of ejabberd ?

This page says :
“This happens because the ejabberd account you used to login in WebAdmin does not have admin rights. Check the ejabberd configuration file.”

But how do i not have admin right ? i logged in as admin@mydomain.lan , i even added the admin user to jabberadmins@mydomain.com group, which i created earlier.

I am using LDAP as a backend not Active Directory.

What am i doing wrong ?


(devfx11) #9

Well i got it fixed by replacing admin@mydomain.com to admin in /etc/ejabberd/ejabberd.cfg

But i dont see nothing in that file that would use jabberadmins group.
I do see the group in files in
/etc/e-smith/templates/etc/ejabberd/ejabberd.cfg/00template_vars
and
/etc/e-smith/templates/etc/ejabberd/ejabberd.cfg/10AdminUsers

It would be nice if someone could clarify why are those settings missing from ejabberd.cfg ?
I removed and re-added Instant messaging.

Is it because i have not created the group prior to installing the Instant Messaging packages ?

I would also note that i could not login as admin@mydomain.com only as admin.
Something happened when i entered the right password for that user but i got no data back, i could point to /admin/logout then i get logged out :slight_smile: strange


Ejabberd 16.01 bug or issue
(Charles) #10

Hmm, that wasn’t very good of me to start a thread, get lots of responses and not respond back. Sorry Team!

Ok, I’m looking at this again now. I’ve uploaded my 3 Wildcard Certificate files:

mycompany.pem
mycompany_key.pem
comodo-com-bundle.pem

They installed and are mycompany.ca is my default. I’ve checked and I can connect to my Nethserver using my Wildcard Cert for our office. I’ve installed Nextcloud on my Nethserver and it too can connect using my Wildcard SSL cert.

Now I’ve installed the Chat module in Nethserver. I try connecting to ejabber from Nextcloud and from Pidgin. Both fail with various errors:

From Nextcloud - BOSH server NOT reachable or misconfigured. 502 Proxy Error
From Pidgin - Unable to Connect.

I then checked my ejabberd.cfg file on my Nethserver. I see that ejabberd.cfg points to an ejabberd.pem file in /etc/ejabberd/. Looking at this file and I see that it contains the following all in the one file together (in this order):

mycompany_key.pem
mycompany.pem
comodo-com-bundle.pem

I then look at my /var/log/ejabberd/error.log file and I see the following error message repeatedly:

2017-10-16 19:55:02.049 [error] gen_fsm in state wait_for_feature_request terminated with reason: no match of right hand value {error,<<“SSL_CTX_use_certificate_file failed: error:0906D066:PEM routines:PEM_read_bio:bad end line”>>} in ejabberd_socket:starttls/3 line 153
2017-10-16 19:55:02.050 [error] CRASH REPORT Process with 0 neighbours exited with reason: no match of right hand value {error,<<“SSL_CTX_use_certificate_file failed: error:0906D066:PEM routines:PEM_read_bio:bad end line”>>} in ejabberd_socket:starttls/3 line 153 in p1_fsm:terminate/8 line 760

Aha! Now I’m onto something possibly interesting. So I take a better look at my ejabberd.pem file and I noticed that my two files:

mycompany_key.pem
mycompany.pem

have the End Private Key and Begin Certificate on the same line? Like this:

-----END PRIVATE KEY----------BEGIN CERTIFICATE-----

So I separated each to their own line and I issued the following commands:

config setprop ejabberd WebAdmin enabled
signal-event nethserver-ejabberd-save

And suddenly my Bosh Server error in Nextcloud is gone. Looks like I’m onto something here finally!

Next up is to start testing the chat app in Nextcloud but…

Why would Nethserver not create my ejabberd.pem file correctly when I installed the chat module?

Thanks!


(Giacomo Sanchietti) #11

This is strange, the certificate-update event is fired on certificate upload using the web interface.
You should see eiabberd configuration actions inside the certificate-update event in /var/log/messages


(Charles) #12

Hello @giacomo, thanks for this reply. Since I had a ejabberd.pem file it would mean that indeed the certificate-update event was fired on certificate upload when I used the web interface.

The issue in my opinion is how the certificate-update event concatenated my two files:
mycompany_key.pem
mycompany.pem

and didn’t separate the two files correctly.

Does this make sense what I’m saying.


(Charles) #13

Hello @giacomo and others on the Dev Team,

I’m going to resurrect this thread again to hopefully get an answer to why it’s occurring.

I’ve been using the chat app from Nextcloud pointing to my ejabberd on Nethsever for months without issue. But when I updated my Nethserver recently my users discovered that chat wasn’t working. I took a look at my ejabberd.pem file on Nethserver and again I discovered that my two files:

mycompany_key.pem
mycompany.pem

have the End Private Key and Begin Certificate on the same line like before.

-----END PRIVATE KEY----------BEGIN CERTIFICATE-----

So I separated each to their own line and I issued the following commands:

config setprop ejabberd WebAdmin enabled
signal-event nethserver-ejabberd-save

My chat app now works again from Nextcloud. There is something going on with my certificate when Nethserver builds my ejabberd (and I’m assuming other) ssl certs.

If these two lines need to be separated, why is Nethserver continually putting them on the same line? Is this by design?

Let me know if you need more information from my setup and I’ll do what I can to help.

Thanks,


(Stefano Fancello) #14

Hi @greavette,
can you please check which one of your certificates don’t have end of line at the end?
(just cat them )
when you find it, please check with openssl if it’s valid
openssl rsa -in YOURCERT -check -noout

Quick workaround is to add EOL to file before uploading (just open file with vim and save it)


(Davide Principi) #15

Fix proposal here, please review it: