Could not find a default user and password for Ejabber

@giacomo

What I am trying to achieve is to gain access to the Ejabber web console in order to manage the Rosters and groups , I do not want everyone to be shown on the list .

Created a group ejabberadmins on both the linux and the LDAP, results same as posted earlier no admin control only user access which is basically useless.

All this related to Nextcloud implementation and required at the nextcloud interface.

  1. The bosh server is not working on ejabber, I am not sure where the problem comes from.
    I have been working on this for few hours with no luck.

I was triggered by something I read on the net about proxy or forwarding, which could be my issue.
If I disable the shorewall firewall, I have no more results for http://myip:5222/http-bind
however the https://myip:5280/http-bind results are always ok

My server is up to date. and I just checked the software center through the web interface.

Command 1
----------curl -k -v https://192.168.23.xx:5280/http-bind-------------

  • About to connect() to 192.168.23.xx port 5280 (#0)
  • Trying 192.168.23.xx…
  • Connected to 192.168.23.xx (192.168.23.xx) port 5280 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • NSS error -5938 (PR_END_OF_FILE_ERROR)
  • Encountered end of file
  • Closing connection 0
    curl: (35) Encountered end of file
    ------------------------------------end of command 1---------

Command 2
---------------------curl -k -v https://192.168.23.xx/http-bind/---------------

  • About to connect() to 192.168.23.xx port 443 (#0)
  • Trying 192.168.23.xx…
  • Connected to 192.168.23.xx (192.168.23.xx) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • skipping SSL peer certificate verification
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • Server certificate:
  •   subject: L=Hometown,C=--,E=root@localhost.localdomain,OU=Main,ST=SomeState,O=Example Org,CN=NethServer
    
  •   start date: Oct 14 06:00:17 2016 GMT
    
  •   expire date: Oct 12 06:00:17 2026 GMT
    
  •   common name: NethServer
    
  •   issuer: L=Hometown,C=--,E=root@localhost.localdomain,OU=Main,ST=SomeState,O=Example Org,CN=NethServer
    

GET /http-bind/ HTTP/1.1
User-Agent: curl/7.29.0
Host: 192.168.23.xx
Accept: /

< HTTP/1.1 502 Proxy Error
< Date: Mon, 17 Oct 2016 15:17:06 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16
< Content-Length: 399
< Content-Type: text/html; charset=iso-8859-1
<

502 Proxy Error **

Proxy Error

** **

The proxy server received an invalid** response from an upstream server.
The proxy server could not handle the request GET /http-bind/.

Reason: Error reading from remote server

* Connection #0 to host 192.168.23.xx left intact

-----------end of command 2-- this is not correct as bosh port is 5280, 522, 5223 and not 443------

Command 3
--------------curl -k -v http://localhost:5222/http-bind/-----------

  • About to connect() to localhost port 5222 (#0)
  • Trying 127.0.0.1…
  • Connected to localhost (127.0.0.1) port 5222 (#0)

GET /http-bind/ HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost:5222
Accept: /

  • Connection #0 to host localhost left intact
<?xml version='1.0'?>

----------- end of command 3------

Command 4
----------------curl -k -v https://localhost:5223/http-bind/-----------------

  • About to connect() to localhost port 5223 (#0)
  • Trying 127.0.0.1…
  • Connection refused
  • Failed connect to localhost:5223; Connection refused
  • Closing connection 0
    curl: (7) Failed connect to localhost:5223; Connection refused
    -----------end of command 4--------------------

Command 5
-----------------curl -k -v http://localhost:5269/http-bind/------------

  • About to connect() to localhost port 5269 (#0)
  • Trying 127.0.0.1…
  • Connected to localhost (127.0.0.1) port 5269 (#0)

GET /http-bind/ HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost:5269
Accept: /

  • Connection #0 to host localhost left intact
<?xml version='1.0'?>

------------------End of command 5------------

Basically the Ejabber ports that I can see open in the ejabberd.conf are: 5222,5223,5280 as well as 5269

-------- extract from netstat -nlpu-------
netstat -lnptu | egrep “(5222|5269|5280|5223)”
tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 7782/beam.smp
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 7782/beam.smp
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 7782/beam.smp

5223 not shown although it is enabled


############# Extract from Ejabberd.conf
{
if ( ${ejabberd}{XMPPAccess} eq ‘tls’ ) {
$OUT .= ’ {5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}, starttls_required, {certfile, “/etc/ejabberd/ejabberd.pem”}]},‘;
$OUT .= “\n”;
$OUT .= ’ {5223, ejabberd_c2s, [{access, c2s}, tls, {certfile, “/etc/ejabberd/ejabberd.pem”}]}’;
$OUT .= “\n\n”;
}
else {
$OUT .= ’ {5222, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, {shaper, c2s_shaper}]},‘;
$OUT .= “\n”;
$OUT .= ’ {5223, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, tls, {certfile, “/etc/ejabberd/ejabberd.pem”}]}’;
$OUT .= “\n\n”;
}
}

######################

Hope to find a solution… by the way the ejabber version on NS7 is 16.01 and the current stable ejabber is 16.09 is there a way to upgrade without breaking the setup or NS7 ?

I tried to locate the package nethserver-ejabberd-1.1.2-1.ns7.noarch.rpm with no luck


Finally the file (/etc/httpd/conf.d/ejabberd.conf) is well updated with the following lines:

LoadModule proxy_http_module modules/mod_proxy_http.so

SSLProxyEngine On
+SSLProxyVerify none
+SSLProxyCheckPeerCN off
+SSLProxyCheckPeerName off
+SSLProxyCheckPeerExpire off

ProxyPass /http-bind https://127.0.0.1:5280/http-bind
ProxyPassReverse /http-bind https://127.0.0.1:5280/http-bind