jnboehm

Installing ejabberd without privileges

I use uberspace as my personal server. Since you share the host with other people you do not have any special privileges. This means that you have to change the way you install software since you cannot write to /usr/local/bin or other common system paths. Fortunately this can often easily be fixed; the same goes for ejabberd. There is another guide to set up ejabberd on an uberspace but it’s a bit dated and also doesn’t use letsencrypt for the certificate.

ejabberd is an excellent XMPP server licensed under GPL2 and fully XMPP-compliant. It is also surprisingly simple to set up!

Install

I chose to compile from source. Clone the repository with git clone https://github.com/processone/ejabberd and change into the directory. Then you’ll have to configure it. We explicitly do not want to have it installed in the system directories but in our own ~. You will also need to specify the user (yourself) that should be allowed to execute the program via ejabberdctl. the line ./configure --prefix=$HOME --enable-user=$USER will take care of just that. If that failed, try to use a newer version of Erlang (the language ejabberd is written in) through updating your path variable with export PATH=/package/host/localhost/erlang-19/bin:$PATH. The configuration step will also download the dependencies of the project. After a call to make and make install you’re all set up.

Configure

You need to change the config file ~/etc/ejabberd/ejabberd.yml before you can access the ejabberd server. Important lines are the ones for hosts and listening ports. You simply have to specify your domain name(s) $USER.your-server-name.uberspace.de or whatever domain you have registered yourself. the listening ports are a bit more complicated.

If you are using uberspace you cannot use the default port for the XMPP server, because you’re only allowed to access a specific range of ports. Have a look at their documentation to see how you can open one, although it’s probably not more than uberspace-add-port -p tcp -f. Then enter it into the config file. The next line should read module: ejabberd_c2s. This means that this port will be used to do client-to-server communication. If you’ve created a certificate for your domain via letsencrypt and set it up to automatically refresh it with the script in the uberspace wiki (if not: you really should, you can read up on it here) then you can concat the privkey.pem and cert.pem files into a single file, because that’s the expected format for the certfile. I have written another tiny script called cat-cert-and-key.sh:

#!/bin/sh
DOMAIN=example.com

cat $HOME/.config/letsencrypt/live/$DOMAIN/privkey.pem \
    $HOME/.config/letsencrypt/live/$DOMAIN/cert.pem > \
    ~/etc/ejabberd/cert-and-key.pem

You can then call this script from the script that refreshes your certificate. I have added it in the second to last line:

#!/bin/bash
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin

openssl x509 -checkend 1296000 \
    -in ~/.config/letsencrypt/live/jnboehm.com/cert.pem \
    > /dev/null

if [ $? != 0 ]; then
	# run let's encrypt
	letsencrypt certonly
	# import certificate
	uberspace-add-certificate \
        -k ~/.config/letsencrypt/live/jnboehm.com/privkey.pem \
        -c ~/.config/letsencrypt/live/jnboehm.com/cert.pem
	$HOME/bin/cat-cert-and-key.sh
fi

Don’t forget to execute cat-cert-and-key.sh at least once to create the certfile. Then you will be able to specify as your certfile in ejabberd.yml:

certfile: "/home/jnb/etc/ejabberd/cert-and-key.pem"

When you have done all that ejabberdctl start will bring up the server. All you need to do is register yourself with ejabberdctl register name domain password and then you can point your XMPP client to your own domain.

Federation

I have not set up federation but to accomplish that you will need to contact your domain provider and set up an SRV record. Then you can open ports for the ejabberd_s2s_in module. The process should be pretty similar to the one for the client-to-server communication.


Last modified:

Categories: install erlang xmpp

Tag: ejabberd