From 2d41c81890bc44a43c9c988cc164995f48867c53 Mon Sep 17 00:00:00 2001 From: Badlop Date: Thu, 8 Oct 2009 14:34:32 +0000 Subject: [PATCH] Document new option max_fsm_queue. SVN Revision: 2649 --- doc/guide.html | 379 ++++++++++++++++++++++++++----------------------- doc/guide.tex | 19 ++- 2 files changed, 219 insertions(+), 179 deletions(-) diff --git a/doc/guide.html b/doc/guide.html index 25ad209d3..416bb71ce 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -103,119 +103,120 @@ BLOCKQUOTE.figure DIV.center DIV.center HR{display:none;} 2.4.1  Requirements
  • 2.4.2  Download Source Code
  • 2.4.3  Compile -
  • 2.4.4  Install -
  • 2.4.5  Start -
  • 2.4.6  Specific Notes for BSD -
  • 2.4.7  Specific Notes for Sun Solaris -
  • 2.4.8  Specific Notes for Microsoft Windows +
  • 2.4.4  Compiling ejabberd under Snow Leopard with Erlang R13B +
  • 2.4.5  Install +
  • 2.4.6  Start +
  • 2.4.7  Specific Notes for BSD +
  • 2.4.8  Specific Notes for Sun Solaris +
  • 2.4.9  Specific Notes for Microsoft Windows
    • -
  • 2.5  Create a XMPP Account for Administration -
  • 2.6  Upgrading ejabberd +
  • 2.5  Create a XMPP Account for Administration +
  • 2.6  Upgrading ejabberd
    • -
  • Chapter 3  Configuring ejabberd +
  • Chapter 3  Configuring ejabberd -
  • Chapter 4  Managing an ejabberd Server +
  • Chapter 4  Managing an ejabberd Server -
  • Chapter 5  Securing ejabberd +
  • Chapter 5  Securing ejabberd -
  • Chapter 6  Clustering +
  • Chapter 6  Clustering -
  • Chapter 7  Debugging +
  • Chapter 7  Debugging -
  • Appendix A  Internationalization and Localization -
  • Appendix B  Release Notes -
  • Appendix C  Acknowledgements -
  • Appendix D  Copyright Information +
  • Appendix A  Internationalization and Localization +
  • Appendix B  Release Notes +
  • Appendix C  Acknowledgements +
  • Appendix D  Copyright Information

    • Chapter 1  Introduction

    ejabberd is a free and open source instant messaging server written in Erlang/OTP.

    ejabberd is cross-platform, distributed, fault-tolerant, and based on open standards to achieve real-time communication.

    ejabberd is designed to be a rock-solid and feature rich XMPP server.

    ejabberd is suitable for small deployments, whether they need to be scalable or not, as well as extremely big deployments.

    @@ -383,8 +384,15 @@ To get the full list run the command: It will for example use CDATA to escape characters in the XMPP stream. Use this option only if you are sure your XMPP clients include a fully compliant XML parser.

    --disable-transient-supervisors
    Disable the use of Erlang/OTP supervision for transient processes. -

    -

    2.4.4  Install

    +

    +

    2.4.4  Compiling ejabberd under Snow Leopard with Erlang R13B

    +

    Erl Interface, the library to link Erlang with C code, is compiled as +32-bits code in Erlang R13B-2. Mac OS X Snow Leopard is a 64-bits +system and will try compiling ejabberd C code in 64-bits as a default.

    To compile ejabberd on Mac OS X Snow Leopard with Erlang R13B-2, you +need to force C code to be compiled with 32-bits. This is done with +the following configure command:

    CC='gcc -m32' CFLAGS=-m32 LDFLAGS=-m32 ./configure
+

    +

    2.4.5  Install

    To install ejabberd in the destination directories, run the command: 

    make install

    Note that you probably need administrative privileges in the system @@ -420,7 +428,7 @@ to install ejabberd.

    The files and directories created are, by de

    erlang.log
    Erlang/OTP system log

    -

    2.4.5  Start

    +

    2.4.6  Start

    You can use the ejabberdctl command line administration script to start and stop ejabberd. If you provided the configure option --enable-user=USER (see 2.4.3), you can execute ejabberdctl with either that system account or root.

    Usage example: @@ -443,11 +451,11 @@ copy ejabberd.init to something like /etc/init.d/ejabberd Create a system user called ejabberd; it will be used by the script to start the server. Then you can call /etc/inid.d/ejabberd start as root to start the server.

    -

    2.4.6  Specific Notes for BSD

    +

    2.4.7  Specific Notes for BSD

    The command to compile ejabberd in BSD systems is: 

    gmake

    -

    2.4.7  Specific Notes for Sun Solaris

    +

    2.4.8  Specific Notes for Sun Solaris

    You need to have GNU install, but it isn’t included in Solaris. It can be easily installed if your Solaris system @@ -462,7 +470,7 @@ for example:

    And finally install ejabberd with: 

    gmake -f Makefile.gi ginstall

    -

    2.4.8  Specific Notes for Microsoft Windows

    +

    2.4.9  Specific Notes for Microsoft Windows

    Requirements

    To compile ejabberd on a Microsoft Windows system, you need:

    -

    3.1.2  Virtual Hosting

    +

    3.1.2  Virtual Hosting

    Options can be defined separately for every virtual host using the host_config option.

    The syntax is:

    {host_config, HostName, [Option, ...]}

    Examples: @@ -622,7 +630,7 @@ other different modules for some specific virtual hosts: } ]}.

    -

    3.1.3  Listening Ports

    +

    3.1.3  Listening Ports

    The option listen defines for which ports, addresses and network protocols ejabberd will listen and what services will be run on them. Each element of the list is a tuple with the following elements: @@ -667,7 +675,7 @@ Handles incoming s2s connections.

    ejabberd_service
    Interacts with an external component (as defined in the Jabber Component Protocol (XEP-0114).
    - Options: access, hosts, + Options: access, hosts, max_fsm_queue, shaper, service_check_from
    ejabberd_stun
    Handles STUN Binding requests as defined in @@ -722,7 +730,16 @@ interesting to host a web-based XMPP client such as an incoming POST request can be configured with the global option http_poll_timeout. The default value is five minutes. The option can be defined in ejabberd.cfg, expressing the time -in seconds: {http_poll_timeout, 300}.

    {max_stanza_size, Size}
    +in seconds: {http_poll_timeout, 300}. +

    {max_fsm_queue, Size}
    +This option specifies the maximum number of elements in the queue of the FSM. +This option can be specified for an ejabberd_service listener, +or also globally for ejabberd_s2s_out. +If the option is not specified for an ejabberd_service listener, +the globally configured value is used. +The allowed values are integers and ’undefined’. +Default value: ’undefined’. +
    {max_stanza_size, Size}
    This option specifies an approximate maximum size in bytes of XML stanzas. Approximate, because it is calculated with the precision of one block of readed @@ -797,6 +814,14 @@ with a small list of trusted servers, or to block some specific servers.
    {s2s_max_retry_delay, Seconds}
    The maximum allowed delay for retry to connect after a failed connection attempt. Specified in seconds. The default value is 300 seconds (5 minutes). +
    {max_fsm_queue, Size}
    +This option specifies the maximum number of elements in the queue of the FSM. +This option can be specified for an ejabberd_service listener, +or also globally for ejabberd_s2s_out. +If the option is not specified for an ejabberd_service listener, +the globally configured value is used. +The allowed values are integers and ’undefined’. +Default value: ’undefined’.

    Examples

    For example, the following simple configuration defines:

    -

    3.1.5  Access Rules

    +

    3.1.5  Access Rules

    ACL Definition

    Access control in ejabberd is performed via Access Control Lists (ACLs). The @@ -1171,7 +1196,7 @@ There’s also available the access max_s2s_connections_per_node.< Allow up to 3 connections with each remote server: 

    {access, max_s2s_connections, [{3, all}]}.

    -

    3.1.6  Shapers

    +

    3.1.6  Shapers

    Shapers enable you to limit connection traffic. The syntax is:

    {shaper, ShaperName, Kind}.

    @@ -1190,7 +1215,7 @@ To define a shaper named ‘normal’ with traffic speed limi 50,000 bytes/second: 

    {shaper, fast, {maxrate, 50000}}.

    -

    3.1.7  Default Language

    +

    3.1.7  Default Language

    The option language defines the default language of server strings that can be seen by XMPP clients. If a XMPP client does not support xml:lang, the specified language is used.

    The option syntax is: @@ -1199,7 +1224,7 @@ In order to take effect there must be a translation file Language.msg in ejabberd’s msgs directory.

    For example, to set Russian as default language: 

    {language, "ru"}.

    Appendix A provides more details about internationalization and localization.

    -

    3.1.8  CAPTCHA

    +

    3.1.8  CAPTCHA

    Some ejabberd modules can be configured to require a CAPTCHA challenge on certain actions. If the client does not support CAPTCHA Forms (XEP-0158), a web link is provided so the user can fill the challenge in a web browser.

    An example script is provided that generates the image @@ -1231,7 +1256,7 @@ See section 3.1.3.

    Example configuration: ]}.

    -

    3.1.9  STUN

    +

    3.1.9  STUN

    ejabberd is able to act as a stand-alone STUN server (RFC 5389). Currently only Binding usage is supported. In that role ejabberd helps clients with Jingle ICE (XEP-0176) support to discover their external addresses and ports.

    You should configure ejabberd_stun listening module as described in 3.1.3 section. @@ -1258,7 +1283,7 @@ of RFC 5389 for details.

    _stun._tcp IN SRV 0 0 3478 stun.example.com. _stuns._tcp IN SRV 0 0 5349 stun.example.com.

    -

    3.1.10  Include Additional Configuration Files

    +

    3.1.10  Include Additional Configuration Files

    The option include_config_file in a configuration file instructs ejabberd to include other configuration files immediately.

    The basic syntax is:

    {include_config_file, Filename}.

    It is possible to specify suboptions using the full syntax: @@ -1288,7 +1313,7 @@ and later includes another file with additional rules: 

    {acl, admin, {user, "bob", "localhost"}}.
 {acl, admin, {user, "jan", "localhost"}}.

    -

    3.1.11  Option Macros in Configuration File

    +

    3.1.11  Option Macros in Configuration File

    In the ejabberd configuration file, it is possible to define a macro for a value and later use this macro when defining an option.

    A macro is defined with this syntax: @@ -1337,7 +1362,7 @@ This usage behaves as if it were defined and used this way: ] }.

    -

    3.2  Database and LDAP Configuration

    +

    3.2  Database and LDAP Configuration

    ejabberd uses its internal Mnesia database by default. However, it is possible to use a relational database or an LDAP server to store persistent, @@ -1370,7 +1395,7 @@ For example: {auth_method, [odbc]} ]}.

    -

    3.2.1  MySQL

    +

    3.2.1  MySQL

    Although this section will describe ejabberd’s configuration when you want to use the native MySQL driver, it does not describe MySQL’s installation and database creation. Check the MySQL documentation and the tutorial Using ejabberd with MySQL native driver for information regarding these topics. @@ -1427,7 +1452,7 @@ relational databases like MySQL. To enable storage to your database, just make sure that your database is running well (see previous sections), and replace the suffix-less or ldap module variant with the odbc module variant. Keep in mind that you cannot have several variants of the same module loaded!

    -

    3.2.2  Microsoft SQL Server

    +

    3.2.2  Microsoft SQL Server

    Although this section will describe ejabberd’s configuration when you want to use Microsoft SQL Server, it does not describe Microsoft SQL Server’s installation and database creation. Check the MySQL documentation and the @@ -1465,7 +1490,7 @@ database, just make sure that your database is running well (see previous sections), and replace the suffix-less or ldap module variant with the odbc module variant. Keep in mind that you cannot have several variants of the same module loaded!

    -

    3.2.3  PostgreSQL

    +

    3.2.3  PostgreSQL

    Although this section will describe ejabberd’s configuration when you want to use the native PostgreSQL driver, it does not describe PostgreSQL’s installation and database creation. Check the PostgreSQL documentation and the tutorial Using ejabberd with MySQL native driver for information regarding these topics. @@ -1522,7 +1547,7 @@ relational databases like PostgreSQL. To enable storage to your database, just make sure that your database is running well (see previous sections), and replace the suffix-less or ldap module variant with the odbc module variant. Keep in mind that you cannot have several variants of the same module loaded!

    -

    3.2.4  ODBC Compatible

    +

    3.2.4  ODBC Compatible

    Although this section will describe ejabberd’s configuration when you want to use the ODBC driver, it does not describe the installation and database creation of your database. Check the documentation of your database. The tutorial Using ejabberd with MySQL native driver also can help you. Note that the tutorial @@ -1567,7 +1592,7 @@ database, just make sure that your database is running well (see previous sections), and replace the suffix-less or ldap module variant with the odbc module variant. Keep in mind that you cannot have several variants of the same module loaded!

    -

    3.2.5  LDAP

    +

    3.2.5  LDAP

    ejabberd has built-in LDAP support. You can authenticate users against LDAP server and use LDAP directory as vCard storage. Shared rosters are not supported yet.

    Note that ejabberd treats LDAP as a read-only storage: @@ -1753,7 +1778,7 @@ configuration is shown below:

    {auth_method, ldap}.
   ...
  ]}.

    -

    3.3  Modules Configuration

    +

    3.3  Modules Configuration

    The option modules defines the list of modules that will be loaded after ejabberd’s startup. Each entry in the list is a tuple in which the first element is the name of a module and the second is a list of options for that @@ -1776,7 +1801,7 @@ all entries end with a comma: {mod_version, []} ]}.

    -

    3.3.1  Modules Overview

    +

    3.3.1  Modules Overview

    The following table lists all modules included in ejabberd.

    @@ -1838,7 +1863,7 @@ Last connection date and time: Use mod_last_odbc instead of ejabberd website. Please remember that these contributions might not work or that they can contain severe bugs and security leaks. Therefore, use them at your own risk!

    -

    3.3.2  Common Options

    The following options are used by many modules. Therefore, they are described in +

    3.3.2  Common Options

    The following options are used by many modules. Therefore, they are described in this separate section.

    iqdisc

    Many modules define handlers for processing IQ queries of different namespaces @@ -1892,7 +1917,7 @@ the "@HOST@" keyword must be used: ... ]}.

    -

    3.3.3  mod_announce

    +

    3.3.3  mod_announce

    This module enables configured users to broadcast announcements and to set the message of the day (MOTD). Configured users can perform these actions with a @@ -1956,7 +1981,7 @@ Only administrators can send announcements:

    Note that mod_announce can be resource intensive on large deployments as it can broadcast lot of messages. This module should be disabled for instances of ejabberd with hundreds of thousands users.

    -

    3.3.4  mod_disco

    +

    3.3.4  mod_disco

    @@ -2030,7 +2055,7 @@ and admin addresses for both the main server and the vJUD service: ... ]}.

    -

    3.3.5  mod_echo

    +

    3.3.5  mod_echo

    This module simply echoes any XMPP packet back to the sender. This mirror can be of interest for ejabberd and XMPP client debugging.

    Options: @@ -2050,7 +2075,7 @@ of them all? ... ]}.

    -

    3.3.6  mod_http_bind

    +

    3.3.6  mod_http_bind

    This module implements XMPP over Bosh (formerly known as HTTP Binding) as defined in XEP-0124 and XEP-0206. It extends ejabberd’s built in HTTP service with a configurable @@ -2103,7 +2128,7 @@ For example, to set 50 seconds: ... ]}.

    -

    3.3.7  mod_http_fileserver

    +

    3.3.7  mod_http_fileserver

    This simple module serves files from the local disk over HTTP.

    Options:

    {docroot, Path}
    @@ -2163,7 +2188,7 @@ To use this module you must enable it: ... ]}.

    -

    3.3.8  mod_last

    +

    3.3.8  mod_last

    This module adds support for Last Activity (XEP-0012). It can be used to discover when a disconnected user last accessed the server, to know when a connected user was last active on the server, or to query the uptime of the @@ -2172,7 +2197,7 @@ connected user was last active on the server, or to query the uptime of the {iqdisc, Discipline}

    This specifies the processing discipline for Last activity (jabber:iq:last) IQ queries (see section 3.3.2).

    -

    3.3.9  mod_muc

    +

    3.3.9  mod_muc

    This module provides a Multi-User Chat (XEP-0045) service. Users can discover existing rooms, join or create them. Occupants of a room can chat in public or have private chats.

    Some of the features of Multi-User Chat: @@ -2395,7 +2420,7 @@ the newly created rooms have by default those options. ... ]}.

    -

    3.3.10  mod_muc_log

    +

    3.3.10  mod_muc_log

    This module enables optional logging of Multi-User Chat (MUC) public conversations to HTML. Once you enable this module, users can join a room using a MUC capable XMPP client, and if they have enough privileges, they can request the @@ -2514,7 +2539,7 @@ top link will be the default <a href="/">Home</a>. ... ]}.

    -

    3.3.11  mod_offline

    +

    3.3.11  mod_offline

    This module implements offline message storage (XEP-0160). This means that all messages sent to an offline user will be stored on the server until that user comes @@ -2546,7 +2571,7 @@ and all the other users up to 100. ... ]}.

    -

    3.3.12  mod_ping

    +

    3.3.12  mod_ping

    This module implements support for XMPP Ping (XEP-0199) and periodic keepalives. When this module is enabled ejabberd responds correctly to ping requests, as defined in the protocol.

    Configuration options: @@ -2574,7 +2599,7 @@ and if a client does not answer to the ping in less than 32 seconds, its connect ... ]}.

    -

    3.3.13  mod_privacy

    +

    3.3.13  mod_privacy

    This module implements Blocking Communication (also known as Privacy Rules) as defined in section 10 from XMPP IM. If end users have support for it in their XMPP client, they will be able to: @@ -2602,7 +2627,7 @@ subscription type (or globally). {iqdisc, Discipline}

    This specifies the processing discipline for Blocking Communication (jabber:iq:privacy) IQ queries (see section 3.3.2).

    -

    3.3.14  mod_private

    +

    3.3.14  mod_private

    This module adds support for Private XML Storage (XEP-0049):

    Using this method, XMPP entities can store private data on the server and @@ -2614,7 +2639,7 @@ of client-specific preferences; another is Bookmark Storage ( This specifies the processing discipline for Private XML Storage (jabber:iq:private) IQ queries (see section 3.3.2).

    -

    3.3.15  mod_proxy65

    +

    3.3.15  mod_proxy65

    This module implements SOCKS5 Bytestreams (XEP-0065). It allows ejabberd to act as a file transfer proxy between two XMPP clients.

    Options: @@ -2672,7 +2697,7 @@ The simpliest configuration of the module: ... ]}.

    -

    3.3.16  mod_pubsub

    +

    3.3.16  mod_pubsub

    This module offers a Publish-Subscribe Service (XEP-0060). The functionality in mod_pubsub can be extended using plugins. The plugin that implements PEP (Personal Eventing via Pubsub) (XEP-0163) @@ -2721,7 +2746,7 @@ The following example will use node_tune instead of node_pep for every PEP node ... ]}.

    -

    3.3.17  mod_register

    +

    3.3.17  mod_register

    This module adds support for In-Band Registration (XEP-0077). This protocol enables end users to use a XMPP client to:

    • @@ -2800,7 +2825,7 @@ Also define a registration timeout of one hour: ... ]}.

    -

    3.3.18  mod_roster

    +

    3.3.18  mod_roster

    This module implements roster management as defined in RFC 3921: XMPP IM. It also supports Roster Versioning (XEP-0237).

    Options: @@ -2826,7 +2851,7 @@ Important: if you use mod_shared_roster, you must disable this option. ... ]}.

    -

    3.3.19  mod_service_log

    +

    3.3.19  mod_service_log

    This module adds support for logging end user packets via a XMPP message auditing service such as Bandersnatch. All user @@ -2856,7 +2881,7 @@ To log all end user packets to the Bandersnatch service running on ... ]}.

    -

    3.3.20  mod_shared_roster

    +

    3.3.20  mod_shared_roster

    This module enables you to create shared roster groups. This means that you can create groups of people that can see members from (other) groups in their rosters. The big advantages of this feature are that end users do not need to @@ -2931,7 +2956,7 @@ roster groups as shown in the following table:

    ModuleFeatureDependencies
    mod_adhocAd-Hoc Commands (XEP-0050) 

    -

    3.3.21  mod_stats

    +

    3.3.21  mod_stats

    This module adds support for Statistics Gathering (XEP-0039). This protocol allows you to retrieve next statistics from your ejabberd deployment:

    -

    3.3.22  mod_time

    +

    3.3.22  mod_time

    This module features support for Entity Time (XEP-0202). By using this XEP, you are able to discover the time at another entity’s location.

    Options:

    {iqdisc, Discipline}
    This specifies the processing discipline for Entity Time (jabber:iq:time) IQ queries (see section 3.3.2).

    -

    3.3.23  mod_vcard

    +

    3.3.23  mod_vcard

    This module allows end users to store and retrieve their vCard, and to retrieve other users vCards, as defined in vcard-temp (XEP-0054). The module also implements an uncomplicated Jabber User Directory based on the vCards of @@ -3025,7 +3050,7 @@ and that all virtual hosts will be searched instead of only the current one: ... ]}.

    -

    3.3.24  mod_vcard_ldap

    +

    3.3.24  mod_vcard_ldap

    ejabberd can map LDAP attributes to vCard fields. This behaviour is implemented in the mod_vcard_ldap module. This module does not depend on the authentication method (see 3.2.5).

    Note that ejabberd treats LDAP as a read-only storage: @@ -3204,7 +3229,7 @@ searching his info in LDAP.

  • ldap_vcard_map

    • -

    3.3.25  mod_version

    +

    3.3.25  mod_version

    This module implements Software Version (XEP-0092). Consequently, it answers ejabberd’s version when queried.

    Options:

    @@ -3213,8 +3238,8 @@ The default value is true.
    {iqdisc, Discipline}
    This specifies the processing discipline for Software Version (jabber:iq:version) IQ queries (see section 3.3.2).

    -

    Chapter 4  Managing an ejabberd Server

    -

    4.1  ejabberdctl

    With the ejabberdctl command line administration script +

    Chapter 4  Managing an ejabberd Server

    +

    4.1  ejabberdctl

    With the ejabberdctl command line administration script you can execute ejabberdctl commands (described in the next section, 4.1.1) and also many general ejabberd commands (described in section 4.2). This means you can start, stop and perform many other administrative tasks @@ -3226,7 +3251,7 @@ and other codes may be used for specific results. This can be used by other scripts to determine automatically if a command succeeded or failed, for example using: echo $?

    -

    4.1.1  ejabberdctl Commands

    When ejabberdctl is executed without any parameter, +

    4.1.1  ejabberdctl Commands

    When ejabberdctl is executed without any parameter, it displays the available options. If there isn’t an ejabberd server running, the available parameters are:

    @@ -3262,7 +3287,7 @@ robot1 testuser1 testuser2

    -

    4.1.2  Erlang Runtime System

    ejabberd is an Erlang/OTP application that runs inside an Erlang runtime system. +

    4.1.2  Erlang Runtime System

    ejabberd is an Erlang/OTP application that runs inside an Erlang runtime system. This system is configured using environment variables and command line parameters. The ejabberdctl administration script uses many of those possibilities. You can configure some of them with the file ejabberdctl.cfg, @@ -3339,7 +3364,7 @@ not “Simple Authentication and Security Layer”.

    Note that some characters need to be escaped when used in shell scripts, for instance " and {}. You can find other options in the Erlang manual page (erl -man erl).

    -

    4.2  ejabberd Commands

    An ejabberd command is an abstract function identified by a name, +

    4.2  ejabberd Commands

    An ejabberd command is an abstract function identified by a name, with a defined number and type of calling arguments and type of result that is registered in the ejabberd_commands service. Those commands can be defined in any Erlang module and executed using any valid frontend.

    ejabberd includes a frontend to execute ejabberd commands: the script ejabberdctl. @@ -3347,7 +3372,7 @@ Other known frontends that can be installed to execute ejabberd commands in diff ejabberd_xmlrpc (XML-RPC service), mod_rest (HTTP POST service), mod_shcommands (ejabberd WebAdmin page).

    -

    4.2.1  List of ejabberd Commands

    ejabberd includes a few ejabberd Commands by default. +

    4.2.1  List of ejabberd Commands

    ejabberd includes a few ejabberd Commands by default. When more modules are installed, new commands may be available in the frontends.

    The easiest way to get a list of the available commands, and get help for them is to use the ejabberdctl script: 

    $ ejabberdctl help
@@ -3398,7 +3423,7 @@ is very high.
 
    register user host password
     Register an account in that domain with the given password.
 
    unregister user host
     Unregister the given account.
 
      
    
-
    4.2.2  Restrict Execution with AccessCommands
      
    The frontends can be configured to restrict access to certain commands.
+
    4.2.2  Restrict Execution with AccessCommands
      
    The frontends can be configured to restrict access to certain commands.
 In that case, authentication information must be provided.
 In each frontend the AccessCommands option is defined
 in a different place. But in all cases the option syntax is the same:
@@ -3444,7 +3469,7 @@ and the provided arguments do not contradict Arguments.
    As an example to u
  {_bot_reg_test, [register, unregister], [{host, "test.org"}]}
 ]

    -

    4.3  Web Admin

    +

    4.3  Web Admin

    The ejabberd Web Admin allows to administer most of ejabberd using a web browser.

    This feature is enabled by default: a ejabberd_http listener with the option web_admin (see section 3.1.3) is included in the listening ports. Then you can open @@ -3516,13 +3541,13 @@ The file is searched by default in The directory of the documentation can be specified in the environment variable EJABBERD_DOC_PATH. See section 4.1.2.

    -

    4.4  Ad-hoc Commands

    If you enable mod_configure and mod_adhoc, +

    4.4  Ad-hoc Commands

    If you enable mod_configure and mod_adhoc, you can perform several administrative tasks in ejabberd with a XMPP client. The client must support Ad-Hoc Commands (XEP-0050), and you must login in the XMPP server with an account with proper privileges.

    -

    4.5  Change Computer Hostname

    ejabberd uses the distributed Mnesia database. +

    4.5  Change Computer Hostname

    ejabberd uses the distributed Mnesia database. Being distributed, Mnesia enforces consistency of its file, so it stores the name of the Erlang node in it (see section 5.4). The name of an Erlang node includes the hostname of the computer. @@ -3559,8 +3584,8 @@ mv /var/lib/ejabberd/*.* /var/lib/ejabberd/oldfiles/

  • Check that the information of the old database is available: accounts, rosters... After you finish, remember to delete the temporary backup files from public directories.

    • -

    Chapter 5  Securing ejabberd

    -

    5.1  Firewall Settings

    +

    Chapter 5  Securing ejabberd

    +

    5.1  Firewall Settings

    You need to take the following TCP ports in mind when configuring your firewall:

    @@ -3571,7 +3596,7 @@ After you finish, remember to delete the temporary backup files from public dire
    PortDescription
    port rangeUsed for connections between Erlang nodes. This range is configurable (see section 5.2).

    -

    5.2  epmd

    epmd (Erlang Port Mapper Daemon) +

    5.2  epmd

    epmd (Erlang Port Mapper Daemon) is a small name server included in Erlang/OTP and used by Erlang programs when establishing distributed Erlang communications. ejabberd needs epmd to use ejabberdctl and also when clustering ejabberd nodes. @@ -3596,7 +3621,7 @@ but can be configured in the file ejabberdctl.cfg. The Erlang command-line parameter used internally is, for example: 

    erl ... -kernel inet_dist_listen_min 4370 inet_dist_listen_max 4375

    -

    5.3  Erlang Cookie

    The Erlang cookie is a string with numbers and letters. +

    5.3  Erlang Cookie

    The Erlang cookie is a string with numbers and letters. An Erlang node reads the cookie at startup from the command-line parameter -setcookie. If not indicated, the cookie is read from the cookie file $HOME/.erlang.cookie. If this file does not exist, it is created immediately with a random cookie. @@ -3610,7 +3635,7 @@ to prevent unauthorized access or intrusion to an Erlang node. The communication between Erlang nodes are not encrypted, so the cookie could be read sniffing the traffic on the network. The recommended way to secure the Erlang node is to block the port 4369.

    -

    5.4  Erlang Node Name

    An Erlang node may have a node name. +

    5.4  Erlang Node Name

    An Erlang node may have a node name. The name can be short (if indicated with the command-line parameter -sname) or long (if indicated with the parameter -name). Starting an Erlang node with -sname limits the communication between Erlang nodes to the LAN.

    Using the option -sname instead of -name is a simple method @@ -3619,7 +3644,7 @@ However, it is not ultimately effective to prevent access to the Erlang node, because it may be possible to fake the fact that you are on another network using a modified version of Erlang epmd. The recommended way to secure the Erlang node is to block the port 4369.

    -

    5.5  Securing Sensible Files

    ejabberd stores sensible data in the file system either in plain text or binary files. +

    5.5  Securing Sensible Files

    ejabberd stores sensible data in the file system either in plain text or binary files. The file system permissions should be set to only allow the proper user to read, write and execute those files and directories.

    ejabberd configuration file: /etc/ejabberd/ejabberd.cfg
    @@ -3639,9 +3664,9 @@ so it is preferable to secure the whole /var/lib/ejabberd/ directory.
    Erlang cookie file: /var/lib/ejabberd/.erlang.cookie
    See section 5.3.

    -

    Chapter 6  Clustering

    +

    Chapter 6  Clustering

    -

    6.1  How it Works

    +

    6.1  How it Works

    A XMPP domain is served by one or more ejabberd nodes. These nodes can be run on different machines that are connected via a network. They all must have the ability to connect to port 4369 of all another nodes, and must @@ -3655,29 +3680,29 @@ router,

  • session manager,
  • s2s manager.

    • -

    6.1.1  Router

    +

    6.1.1  Router

    This module is the main router of XMPP packets on each node. It routes them based on their destination’s domains. It uses a global routing table. The domain of the packet’s destination is searched in the routing table, and if it is found, the packet is routed to the appropriate process. If not, it is sent to the s2s manager.

    -

    6.1.2  Local Router

    +

    6.1.2  Local Router

    This module routes packets which have a destination domain equal to one of this server’s host names. If the destination JID has a non-empty user part, it is routed to the session manager, otherwise it is processed depending on its content.

    -

    6.1.3  Session Manager

    +

    6.1.3  Session Manager

    This module routes packets to local users. It looks up to which user resource a packet must be sent via a presence table. Then the packet is either routed to the appropriate c2s process, or stored in offline storage, or bounced back.

    -

    6.1.4  s2s Manager

    +

    6.1.4  s2s Manager

    This module routes packets to other XMPP servers. First, it checks if an opened s2s connection from the domain of the packet’s source to the domain of the packet’s destination exists. If that is the case, the s2s manager routes the packet to the process serving this connection, otherwise a new connection is opened.

    -

    6.2  Clustering Setup

    +

    6.2  Clustering Setup

    Suppose you already configured ejabberd on one machine named (first), and you need to setup another one to make an ejabberd cluster. Then do following steps:

    1. @@ -3715,10 +3740,10 @@ and ‘access’ options because they will be taken from enabled only on one machine in the cluster.

    You can repeat these steps for other machines supposed to serve this domain.

    -

    6.3  Service Load-Balancing

    +

    6.3  Service Load-Balancing

    -

    6.3.1  Components Load-Balancing

    -

    6.3.2  Domain Load-Balancing Algorithm

    +

    6.3.1  Components Load-Balancing

    +

    6.3.2  Domain Load-Balancing Algorithm

    ejabberd includes an algorithm to load balance the components that are plugged on an ejabberd cluster. It means that you can plug one or several instances of the same component on each ejabberd cluster and that the traffic will be automatically distributed.

    The default distribution algorithm try to deliver to a local instance of a component. If several local instances are available, one instance is chosen randomly. If no instance is available locally, one instance is chosen randomly among the remote component instances.

    If you need a different behaviour, you can change the load balancing behaviour with the option domain_balancing. The syntax of the option is the following:

    {domain_balancing, "component.example.com", BalancingCriteria}.

    Several balancing criteria are available: