I use uberspace as my personal server. Since
you share the host with other people you do not have any special
privileges. This means that you have to change the way you install
software since you cannot write to /usr/local/bin
or other common
system paths. Fortunately this can often easily be fixed; the same
goes for ejabberd. There
is
another guide to
set up ejabberd on an uberspace but it’s a bit dated and also doesn’t
use letsencrypt for the certificate.
ejabberd is an excellent XMPP server licensed under GPL2 and fully XMPP-compliant. It is also surprisingly simple to set up!
Install
I chose to compile from source. Clone the repository with git clone https://github.com/processone/ejabberd
and change into the directory.
Then you’ll have to configure it. We explicitly do not want to have
it installed in the system directories but in our own ~
. You will
also need to specify the user (yourself) that should be allowed to
execute the program via ejabberdctl
. the line ./configure --prefix=$HOME --enable-user=$USER
will take care of just that. If
that failed, try to use a newer version of Erlang (the language
ejabberd is written in) through updating your path variable with
export PATH=/package/host/localhost/erlang-19/bin:$PATH
. The
configuration step will also download the dependencies of the project.
After a call to make
and make install
you’re all set up.
Configure
You need to change the config file ~/etc/ejabberd/ejabberd.yml
before you can access the ejabberd server. Important lines are the
ones for hosts
and listening ports
. You simply have to specify
your domain name(s) $USER.your-server-name.uberspace.de
or whatever
domain you have registered yourself. the listening ports are a bit
more complicated.
If you are using uberspace you cannot use the default port for the
XMPP server, because you’re only allowed to access a specific range of
ports. Have a look
at their documentation to
see how you can open one, although it’s probably not more than
uberspace-add-port -p tcp -f
. Then enter it into the config file.
The next line should read module: ejabberd_c2s
. This means that
this port will be used to do client-to-server communication. If
you’ve created a certificate for your domain via letsencrypt and set
it up to automatically refresh it with the script in the uberspace
wiki (if not: you really should, you can read up on
it
here)
then you can concat the privkey.pem
and cert.pem
files into a
single file, because that’s the expected format for the certfile
. I
have written another tiny script called cat-cert-and-key.sh
:
#!/bin/sh
DOMAIN=example.com
cat $HOME/.config/letsencrypt/live/$DOMAIN/privkey.pem \
$HOME/.config/letsencrypt/live/$DOMAIN/cert.pem > \
~/etc/ejabberd/cert-and-key.pem
You can then call this script from the script that refreshes your certificate. I have added it in the second to last line:
#!/bin/bash
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
openssl x509 -checkend 1296000 \
-in ~/.config/letsencrypt/live/jnboehm.com/cert.pem \
> /dev/null
if [ $? != 0 ]; then
# run let's encrypt
letsencrypt certonly
# import certificate
uberspace-add-certificate \
-k ~/.config/letsencrypt/live/jnboehm.com/privkey.pem \
-c ~/.config/letsencrypt/live/jnboehm.com/cert.pem
$HOME/bin/cat-cert-and-key.sh
fi
Don’t forget to execute cat-cert-and-key.sh
at least
once to create the certfile. Then you will be able to specify as your
certfile in ejabberd.yml
:
certfile: "/home/jnb/etc/ejabberd/cert-and-key.pem"
When you have done all that ejabberdctl start
will bring up the
server. All you need to do is register yourself with ejabberdctl register name domain password
and then you can point your XMPP client
to your own domain.
Federation
I have not set up federation but to accomplish that you will need to
contact your domain provider and set up an SRV record. Then you can
open ports for the ejabberd_s2s_in
module. The process should be
pretty similar to the one for the client-to-server communication.