Ejabberd include s2s and TLS connections

Hi there,

as far as I know, one would need to connect to other jabber-servers via s2s anyway. So please include/activate s2s and probably TLS connections per default.

just my two cents :slight_smile:


Tony

Most of NS users do not uses s2s, in fact no one asked this feature before :slight_smile:
But we could implement it using a prop (disabled by default), something like

config setprop ejabberd S2S enabled
signal-event nethserver-ejabberd-update

What do you think? Any other toughts?

TLS is enabled by default on port 5223, on port 5222 start tls is enabled.

Sounds perfect, thank you

Sure, but not for s2s connections (at least the logs tell me that)

Ah! I didn’t understand you were referring TLS over s2s.
Could you please try to enable it? I never tested it.

Configuration

Add these lines to ejabberd's configuration file:

{s2s_use_starttls, true}. 
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.

Restart ejabberd.
From now on, ejabberd will try to use encryption when connecting to another Jabber server. If the other server does not support encryption, ejabberd will fall back to an unencrypted connection.

Since I still do not know how the templating system works, I don’t know how I would add these lines to the config. Can you help me on that one?

1 Like

Try to replace the template-custom content with this:

{
    my $s2s = $ejabberd{'S2S'} || 'disabled';

    if ($s2s eq 'enabled') {
        $OUT .= "\n";
        $OUT .= '     ,{5269, ejabberd_s2s_in,  [{shaper, s2s_shaper}, {max_stanza_size, 131072}]}';
        $OUT .= '     ,{s2s_use_starttls, true}';
        $OUT .= '     ,{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}';
        $OUT .= "\n";
    }
}

Then:

config setprop ejabberd S2S enabled
signal-event nethserver-ejabberd-update

If you want to know more about the template system, take a look at this: http://docs.nethserver.org/projects/nethserver-devel/en/v7/templates.html

So, I read the ejabberd documentation again and it says:
s2s_use_starttls: false|optional|required|required_trusted

Now, when I try with ‘optional’ I get the following error message:

2017-02-14 20:03:58.588 [error] <0.36.0> CRASH REPORT Process <0.36.0> with 0 neighbours exited with reason: no case clause matching {s2s_use_starttls,optional} in ejabberd_config:get_config_option_key/2 line 374 in application_master:init/4 line 133

Sorry but I can’t help here, I never used this ejabberd function.

Feel free to modify the template custom to follow your needs.
When you have a working configuration, post it back and I will try to make it available for everybody.

1 Like

Ehi Tony what are the differences between our actual implementation and s2s?
Why do you need exactly that? Sorry but I’m not following you

Quote from prosody.im: XMPP allows for servers communicating seamlessly with each other, forming a global ‘federated’ IM network. This architecture is very similar to email, where someone on gmail.com can send an email to someone with an account on hotmail.com, for example.

So, its not about simply adding contacts and stuff, its when you’ll want to use their MUC for example.
I hope hat explains it a little.


Tony

Hello friends,
I wonder if you you have managed it into a working configuration? For me, unfortunately, the suggested configuration is not working (the ejabberd wont start with it.) When I try to modify the configuration without the TLS connection, the ejabberd service is working, but still not able to connect to other XMPP servers.
Thank you.

eJabber is cool - but if you want to use it in combination you always have to make some changes manually.

I think that’s stupid!

Would it be possible to add something to the GUI and at least select the following options:

eJabber activate option field = “yes / no”

external messages (S2S) option field = "yes / no"
external ports “ports”

group permissions
External user group pull-down field = "Name of group"
Internal user group pull-down field = "Name of group"
User group admin pull-down field = “Name of group”

I hope you can follow my thoughts, if not ask - please!

Yes I know, you can adjust everything in the ejaberd.cfg and customize the templates, but it is more comfortable if it can be done in the GUI.

My hope is that the acceptance will be higher compared to other services that the private sphere tramples on.
My circle of friends is thinking right now!

Gerald

addendum:
Too bad, currently the focus is on the version 7.5 - vll it still works with the product maintenance :wink: