diff --git a/doc/guide.html b/doc/guide.html
index 310abe64a..4770c5308 100644
--- a/doc/guide.html
+++ b/doc/guide.html
@@ -6,7 +6,7 @@
- ejabberd 3.0.0-alpha
+ ejabberd 2.1.0-alpha
Installation and Operation Guide
@@ -76,7 +76,7 @@ BLOCKQUOTE.figure DIV.center DIV.center HR{display:none;}
-| ejabberd 3.0.0-alpha |
+| ejabberd 2.1.0-alpha |
| |
| Installation and Operation Guide |
@@ -144,80 +144,81 @@ BLOCKQUOTE.figure DIV.center DIV.center HR{display:none;}
3.3.5 mod_echo
3.3.6 mod_http_bind
3.3.7 mod_http_fileserver
-3.3.8 mod_last
-3.3.9 mod_muc
-3.3.10 mod_muc_log
-3.3.11 mod_offline
-3.3.12 mod_ping
-3.3.13 mod_privacy
-3.3.14 mod_private
-3.3.15 mod_proxy65
-3.3.16 mod_pubsub
-3.3.17 mod_register
-3.3.18 mod_roster
-3.3.19 mod_service_log
-3.3.20 mod_shared_roster
-3.3.21 mod_stats
-3.3.22 mod_time
-3.3.23 mod_vcard
-3.3.24 mod_vcard_ldap
-3.3.25 mod_version
+3.3.8 mod_irc
+3.3.9 mod_last
+3.3.10 mod_muc
+3.3.11 mod_muc_log
+3.3.12 mod_offline
+3.3.13 mod_ping
+3.3.14 mod_privacy
+3.3.15 mod_private
+3.3.16 mod_proxy65
+3.3.17 mod_pubsub
+3.3.18 mod_register
+3.3.19 mod_roster
+3.3.20 mod_service_log
+3.3.21 mod_shared_roster
+3.3.22 mod_stats
+3.3.23 mod_time
+3.3.24 mod_vcard
+3.3.25 mod_vcard_ldap
+3.3.26 mod_version
-Chapter 4 Managing an ejabberd Server
+Chapter 4 Managing an ejabberd Server
-Chapter 5 Securing ejabberd
+Chapter 5 Securing ejabberd
-Chapter 6 Clustering
+Chapter 6 Clustering
-Chapter 7 Debugging
+Chapter 7 Debugging
-Appendix A Internationalization and Localization
-Appendix B Release Notes
-Appendix C Acknowledgements
-Appendix D Copyright Information
+Appendix A Internationalization and Localization
+Appendix B Release Notes
+Appendix C Acknowledgements
+Appendix D Copyright Information
-
ejabberd is a free and open source instant messaging server written in Erlang/OTP.
ejabberd is cross-platform, distributed, fault-tolerant, and based on open standards to achieve real-time communication.
ejabberd is designed to be a rock-solid and feature rich XMPP server.
ejabberd is suitable for small deployments, whether they need to be scalable or not, as well as extremely big deployments.
+ejabberd is a free and open source instant messaging server written in Erlang.
ejabberd is cross-platform, distributed, fault-tolerant, and based on open standards to achieve real-time communication.
ejabberd is designed to be a rock-solid and feature rich XMPP server.
ejabberd is suitable for small deployments, whether they need to be scalable or not, as well as extremely big deployments.
1.1 Key Features
ejabberd is:
@@ -268,12 +269,13 @@ Internal Authentication.
Others
@@ -336,14 +338,16 @@ as long as your system have all the dependencies. -
GNU Make
- GCC
-
- Erlang/OTP R12B-4 or higher, R13B or higher.
-
- exmpp 0.9.1 or higher
+
- Libexpat 1.95 or higher
+
- Erlang/OTP R10B-9 or higher. The recommended version is R12B-5. Support for R13 is experimental.
- OpenSSL 0.9.6 or higher, for STARTTLS, SASL and SSL encryption. Optional, highly recommended.
-
- Zlib 1.2.3 or higher, for Stream Compression support (XEP-0138). Optional.
+
- Zlib 1.2.3 or higher, for Stream Compression support (XEP-0138). Optional.
- Erlang mysql library. Optional. For MySQL authentication or storage. See section 3.2.1.
- Erlang pgsql library. Optional. For PostgreSQL authentication or storage. See section 3.2.3.
- PAM library. Optional. For Pluggable Authentication Modules (PAM). See section 3.1.4.
+
- GNU Iconv 1.8 or higher, for the IRC Transport (mod_irc). Optional. Not needed on systems with GNU Libc. See section 3.3.8.
- ImageMagick’s Convert program. Optional. For CAPTCHA challenges. See section 3.1.8.
+
- exmpp 0.9.1 or higher. Optional. For import/export user data with XEP-0227 XML files.
Released versions of ejabberd are available in the ProcessOne ejabberd downloads page:
@@ -458,25 +462,31 @@ for example:
To compile ejabberd on a Microsoft Windows system, you need:
We assume that we will try to put as much library as possible into C:\sdk\ to make it easier to track what is install for ejabberd.
-
-Install Erlang emulator (for example, into
C:\sdk\erl5.6.5).
+Install Erlang emulator (for example, into C:\sdk\erl5.5.5).
- Install Expat library into
C:\sdk\Expat-2.0.0
directory.Copy file C:\sdk\Expat-2.0.0\Libs\libexpat.dll
to your Windows system directory (for example, C:\WINNT or
C:\WINNT\System32)
-Note: instead of copying libexpat.dll to the Windows
-directory, you can add the directory C:\sdk\Expat-2.0.0\Libs
-to the PATH environment variable.
+
- Build and install the Iconv library into the directory
+
C:\sdk\GnuWin32.Copy file C:\sdk\GnuWin32\bin\lib*.dll to your
+Windows system directory (more installation instructions can be found in the
+file README.woe32 in the iconv distribution).
Note: instead of copying libexpat.dll and iconv.dll to the Windows
+directory, you can add the directories
+C:\sdk\Expat-2.0.0\Libs and
+C:\sdk\GnuWin32\bin to the PATH environment
+variable.
- Install OpenSSL in
C:\sdk\OpenSSL and add C:\sdk\OpenSSL\lib\VC to your path or copy the binaries to your system directory.
- Install ZLib in
C:\sdk\gnuWin32. Copy
-C:\sdk\GnuWin32\bin\zlib1.dll to your system directory.
+C:\sdk\GnuWin32\bin\zlib1.dll to your system directory. If you change your path it should already be set after libiconv install.
- Make sure the you can access Erlang binaries from your path. For example:
set PATH=%PATH%;"C:\sdk\erl5.6.5\bin"
- Depending on how you end up actually installing the library you might need to check and tweak the paths in the file configure.erl.
- While in the directory
ejabberd\src run:
@@ -493,7 +503,7 @@ There are two ways to register a Jabber account:
-
Using ejabberdctl (see section 4.1):
ejabberdctl register admin1 example.org FgT5bk3
-
- Using a Jabber client and In-Band Registration (see section 3.3.17).
+
- Using a Jabber client and In-Band Registration (see section 3.3.18).
- Edit the ejabberd configuration file to give administration rights to the Jabber account you created:
{acl, admins, {user, "admin1", "example.org"}}.
@@ -667,7 +677,7 @@ Handles incoming s2s connections.
Options: max_stanza_size
- ejabberd_service
-
Interacts with an external component
-(as defined in the Jabber Component Protocol (XEP-0114).
+(as defined in the Jabber Component Protocol (XEP-0114).
Options: access, hosts,
shaper, service_check_from
- ejabberd_http
-
@@ -685,7 +695,7 @@ To define a certificate file specific for a given domain, use the global option
This option can be used with ejabberd_service only. It is
used to disable control on the from field on packets send by an
external components. The option can be either true or
-false. The default value is true which conforms to XEP-0114.
+false. The default value is true which conforms to XEP-0114.
- {hosts, [Hostnames], [HostOptions]}
-
The external Jabber component that connects to this ejabberd_service
can serve one or more hostnames.
@@ -698,7 +708,7 @@ as seen in an example below.
- captcha
-
Simple web page that allows a user to fill a CAPTCHA challenge (see section 3.1.8).
- http_bind
-
-This option enables HTTP Binding (XEP-0124 and XEP-0206) support. HTTP Bind
+This option enables HTTP Binding (XEP-0124 and XEP-0206) support. HTTP Bind
enables access via HTTP requests to ejabberd from behind firewalls which
do not allow outgoing sockets on port 5222.
Remember that you must also install and enable the module mod_http_bind.
If HTTP Bind is enabled, it will be available at
http://server:port/http-bind/. Be aware that support for HTTP Bind
@@ -709,7 +719,7 @@ interesting to host a web-based Jabber client such as
embedded local web server
or Apache).
- http_poll
-
-This option enables HTTP Polling (XEP-0025) support. HTTP Polling
+This option enables HTTP Polling (XEP-0025) support. HTTP Polling
enables access via HTTP requests to ejabberd from behind firewalls which
do not allow outgoing sockets on port 5222.
If HTTP Polling is enabled, it will be available at
http://server:port/http-poll/. Be aware that support for HTTP Polling
@@ -735,7 +745,7 @@ and you also want mod_http_bind to serve the URIs /http-bind/,
use this option: {request_handlers, [{["a", "b"], mod_foo}, {["http-bind"], mod_http_bind}]}
- {service_check_from, true|false}
-
By enabling this option, ejabberd allows the component to send packets with any arbitrary domain in the ’from’ attribute.
-Note that XEP-0114 requires that the domain must match the hostname of the component.
+Note that XEP-0114 requires that the domain must match the hostname of the component.
Only enable this option if you are completely sure you need to enable it.
Default value: false.
- {shaper, <access rule>}
- This option defines a
@@ -756,7 +766,7 @@ This was the traditional encryption method in the early Jabber software,
commonly on port 5223 for client-to-server communications.
But this method is nowadays deprecated and not recommended.
The preferable encryption method is STARTTLS on port 5222, as defined
-RFC 3920: XMPP Core,
+RFC 3920: XMPP Core,
which can be enabled in ejabberd with the option starttls.
If this option is set, you should also set the certfile option.
- web_admin
- This option
@@ -765,7 +775,7 @@ at
http://server:port/admin/. Login and password are the username a
password of one of the registered users who are granted access by the
‘configure’ access rule.
- zlib
- This
-option specifies that Zlib stream compression (as defined in XEP-0138)
+option specifies that Zlib stream compression (as defined in XEP-0138)
is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you
specify both starttls (or tls) and zlib, the latter
@@ -1216,7 +1226,7 @@ can be seen by Jabber clients. If a Jabber client does not support
Appendix A provides more details about internationalization and localization.
Some ejabberd modules can be configured to require a CAPTCHA challenge on certain actions.
-If the client does not support CAPTCHA Forms (XEP-0158),
+If the client does not support CAPTCHA Forms (XEP-0158),
a web link is provided so the user can fill the challenge in a web browser.
An example script is provided that generates the image
using ImageMagick’s Convert program.
The configurable options are:
-
@@ -1616,7 +1626,7 @@ user’s part of a JID. For example, "%u@example.org". The default
value is "%u".
- ldap_filter
-
-RFC 4515 LDAP filter. The
+RFC 2254 LDAP filter. The
default is none. Example:
"(&(objectClass=shadowAccount)(memberOf=Jabber Users))". Please, do
not forget to close brackets and do not use superfluous whitespaces. Also you
@@ -1775,37 +1785,38 @@ all entries end with a comma:
The following table lists all modules included in ejabberd.
-
(*) This module requires a supported database. For a list of supported databases, see section 3.2.
@@ -1902,7 +1913,7 @@ message is sent to all registered users. If the user is online and connected
to several resources, only the resource with the highest priority will receive
the message. If the registered user is not connected, the message will be
stored offline in assumption that offline storage
-(see section 3.3.11) is enabled.
+(see section 3.3.12) is enabled.
- example.org/announce/online (example.org/announce/all-hosts/online)
- The
message is sent to all connected users. If the user is online and connected
to several resources, all resources will receive the message.
@@ -1955,11 +1966,11 @@ disabled for instances of ejabberd with hundreds of thousands users.
This module adds support for Service Discovery (XEP-0030). With
+
This module adds support for Service Discovery (XEP-0030). With
this module enabled, services on your server can be discovered by
Jabber clients. Note that ejabberd has no modules with support
-for the superseded Jabber Browsing (XEP-0011) and Agent Information
-(XEP-0094). Accordingly, Jabber clients need to have support for
+for the superseded Jabber Browsing (XEP-0011) and Agent Information
+(XEP-0094). Accordingly, Jabber clients need to have support for
the newer Service Discovery protocol if you want them be able to discover
the services you offer.
Options:
-
@@ -1970,7 +1981,7 @@ the processing discipline for Service Discovery (http://jabber.org/protocol/
you can specify a list of extra domains that are added to the Service Discovery item list.
- {server_info, [ {Modules, Field, [Value]} ]}
-
Specify additional information about the server,
-as described in Contact Addresses for XMPP Services (XEP-0157).
+as described in Contact Addresses for XMPP Services (XEP-0157).
Modules can be the keyword ‘all’,
in which case the information is reported in all the services;
or a list of ejabberd modules,
@@ -2046,7 +2057,7 @@ of them all?
This module implements XMPP over Bosh (formerly known as HTTP Binding)
-as defined in XEP-0124 and XEP-0206.
+as defined in XEP-0124 and XEP-0206.
It extends ejabberd’s built in HTTP service with a configurable
resource at which this service will be hosted.
To use HTTP-Binding, enable the module:
{modules,
@@ -2154,9 +2165,69 @@ To use this module you must enable it:
},
...
]}.
-
-
-
This module adds support for Last Activity (XEP-0012). It can be used to
+
+
+
This module is an IRC transport that can be used to join channels on IRC
+servers.
End user information:
+
+
-
+A Jabber client with ‘groupchat 1.0’ support or Multi-User
+Chat support (XEP-0045) is necessary to join IRC channels.
+
- An IRC channel can be joined in nearly the same way as joining a
+Jabber Multi-User Chat room. The difference is that the room name will
+be ‘channel%irc.example.org’ in case irc.example.org is
+the IRC server hosting ‘channel’. And of course the host should point
+to the IRC transport instead of the Multi-User Chat service.
+
- You can register your nickame by sending ‘IDENTIFY password’ to
+ nickserver!irc.example.org@irc.jabberserver.org.
+ - Entering your password is possible by sending ‘LOGIN nick password’
+ to nickserver!irc.example.org@irc.jabberserver.org.
+ - The IRC transport provides Ad-Hoc Commands (XEP-0050)
+to join a channel, and to set custom IRC username and encoding.
+
- When using a popular Jabber server, it can occur that no
+connection can be achieved with some IRC servers because they limit the
+number of conections from one IP.
+
Options:
+
-
+
+host
- This option defines the Jabber ID of the
+service. If the host option is not specified, the Jabber ID will be the
+hostname of the virtual host with the prefix ‘irc.’. The keyword "@HOST@"
+is replaced at start time with the real virtual host name.
+
+
- access
- This option can be used to specify who
+may use the IRC transport (default value: all).
+
- default_encoding
- Set the default IRC encoding (default value: "koi8-r").
+
Examples:
+
-
+In the first example, the IRC transport is available on (all) your
+virtual host(s) with the prefix ‘irc.’. Furthermore, anyone is
+able to use the transport. The default encoding is set to "iso8859-15".
+
{modules,
+ [
+ ...
+ {mod_irc, [{access, all}, {default_encoding, "iso8859-15"}]},
+ ...
+ ]}.
+ - In next example the IRC transport is available with JIDs with prefix irc-t.net.
+Moreover, the transport is only accessible to two users
+of example.org, and any user of example.com:
+
{acl, paying_customers, {user, "customer1", "example.org"}}.
+{acl, paying_customers, {user, "customer2", "example.org"}}.
+{acl, paying_customers, {server, "example.com"}}.
+
+{access, irc_users, [{allow, paying_customers}, {deny, all}]}.
+
+{modules,
+ [
+ ...
+ {mod_irc, [{access, irc_users},
+ {host, "irc.example.net"}]},
+ ...
+ ]}.
+
+
+
This module adds support for Last Activity (XEP-0012). It can be used to
discover when a disconnected user last accessed the server, to know when a
connected user was last active on the server, or to query the uptime of the
ejabberd server.
Options:
@@ -2164,8 +2235,8 @@ connected user was last active on the server, or to query the uptime of the
iqdisc
- This specifies
the processing discipline for Last activity (jabber:iq:last) IQ queries (see section 3.3.2).
-
-
This module provides a Multi-User Chat (XEP-0045) service.
+
+
This module provides a Multi-User Chat (XEP-0045) service.
Users can discover existing rooms, join or create them.
Occupants of a room can chat in public or have private chats.
Some of the features of Multi-User Chat:
-
@@ -2387,7 +2458,7 @@ the newly created rooms have by default those options.
...
]}.
-
+
This module enables optional logging of Multi-User Chat (MUC) public conversations to
HTML. Once you enable this module, users can join a room using a MUC capable
Jabber client, and if they have enough privileges, they can request the
@@ -2397,7 +2468,7 @@ Room details are added on top of each page: room title, JID,
author, subject and configuration.
The room JID in the generated HTML is a link to join the room (using
-XMPP URI).
+XMPP URI).
Subject and room configuration changes are tracked and displayed.
Joins, leaves, nick changes, kicks, bans and ‘/me’ are tracked and
displayed, including the reason if available.
@@ -2507,8 +2578,8 @@ top link will be the default <a href="/">Home</a>.
...
]}.
-
-
This module implements offline message storage (XEP-0160).
+
+
This module implements offline message storage (XEP-0160).
This means that all messages
sent to an offline user will be stored on the server until that user comes
online again. Thus it is very similar to how email works. Note that
@@ -2539,8 +2610,8 @@ and all the other users up to 100.
...
]}.
-
-
This module implements support for XMPP Ping (XEP-0199) and periodic keepalives.
+
+
This module implements support for XMPP Ping (XEP-0199) and periodic keepalives.
When this module is enabled ejabberd responds correctly to
ping requests, as defined in the protocol.
Configuration options:
-
@@ -2567,7 +2638,7 @@ and if a client does not answer to the ping in less than 32 seconds, its connect
...
]}.
-
+
This module implements Blocking Communication (also known as Privacy Rules)
as defined in section 10 from XMPP IM. If end users have support for it in
their Jabber client, they will be able to:
@@ -2589,26 +2660,26 @@ or subscription type (or globally).
- Allowing or blocking all communications based on JID, group, or
subscription type (or globally).
-(from http://xmpp.org/specs/rfc3921.html#privacy)
+(from http://www.xmpp.org/specs/rfc3921.html#privacy)
Options:
-
iqdisc
- This specifies
the processing discipline for Blocking Communication (jabber:iq:privacy) IQ queries (see section 3.3.2).
-
-
This module adds support for Private XML Storage (XEP-0049):
+
+
This module adds support for Private XML Storage (XEP-0049):
Using this method, Jabber entities can store private data on the server and
retrieve it whenever necessary. The data stored might be anything, as long as
it is valid XML. One typical usage for this namespace is the server-side storage
-of client-specific preferences; another is Bookmark Storage (XEP-0048).
+of client-specific preferences; another is Bookmark Storage (XEP-0048).
Options:
-
iqdisc
- This specifies
the processing discipline for Private XML Storage (jabber:iq:private) IQ queries (see section 3.3.2).
-
-
This module implements SOCKS5 Bytestreams (XEP-0065).
+
+
This module implements SOCKS5 Bytestreams (XEP-0065).
It allows ejabberd to act as a file transfer proxy between two
XMPP clients.
Options:
-
@@ -2662,10 +2733,10 @@ The simpliest configuration of the module:
...
]}.
-
-
This module offers a Publish-Subscribe Service (XEP-0060).
+
+
This module offers a Publish-Subscribe Service (XEP-0060).
The functionality in mod_pubsub can be extended using plugins.
-The plugin that implements PEP (Personal Eventing via Pubsub) (XEP-0163)
+The plugin that implements PEP (Personal Eventing via Pubsub) (XEP-0163)
is enabled in the default ejabberd configuration file,
and it requires mod_caps.
Options:
-
@@ -2708,8 +2779,8 @@ The following example will use node_tune instead of node_pep for every PEP node
...
]}.
-
-
This module adds support for In-Band Registration (XEP-0077). This protocol
+
+
This module adds support for In-Band Registration (XEP-0077). This protocol
enables end users to use a Jabber client to:
-
Register a new account on the server.
@@ -2781,10 +2852,10 @@ Also define a registration timeout of one hour:
...
]}.
-
+
This module implements roster management as defined in
-RFC 3921: XMPP IM.
-It also supports Roster Versioning (XEP-0237).
Options:
+RFC 3921: XMPP IM.
+It also supports Roster Versioning (XEP-0237).
Options:
-
iqdisc
- This specifies
the processing discipline for Roster Management (jabber:iq:roster) IQ queries (see section 3.3.2).
@@ -2807,7 +2878,7 @@ Important: if you use mod_shared_roster, you must disable this option.
...
]}.
-
+
This module adds support for logging end user packets via a Jabber message
auditing service such as
Bandersnatch. All user
@@ -2837,7 +2908,7 @@ To log all end user packets to the Bandersnatch service running on
...
]}.
-
+
This module enables you to create shared roster groups. This means that you can
create groups of people that can see members from (other) groups in their
rosters. The big advantages of this feature are that end users do not need to
@@ -2912,8 +2983,8 @@ roster groups as shown in the following table:
-
-
This module adds support for Statistics Gathering (XEP-0039). This protocol
+
+
This module adds support for Statistics Gathering (XEP-0039). This protocol
allows you to retrieve next statistics from your ejabberd deployment:
-
Total number of registered users on the current virtual host (users/total).
@@ -2944,16 +3015,16 @@ by sending:
</query>
</iq>
-
-
This module features support for Entity Time (XEP-0202). By using this XEP,
+
+
This module features support for Entity Time (XEP-0202). By using this XEP,
you are able to discover the time at another entity’s location.
Options:
-
iqdisc
- This specifies
the processing discipline for Entity Time (jabber:iq:time) IQ queries (see section 3.3.2).
-
+
This module allows end users to store and retrieve their vCard, and to retrieve
-other users vCards, as defined in vcard-temp (XEP-0054). The module also
+other users vCards, as defined in vcard-temp (XEP-0054). The module also
implements an uncomplicated Jabber User Directory based on the vCards of
these users. Moreover, it enables the server to send its vCard when queried.
Options:
-
@@ -3006,7 +3077,7 @@ and that all virtual hosts will be searched instead of only the current one:
...
]}.
-
+
ejabberd can map LDAP attributes to vCard fields. This behaviour is
implemented in the mod_vcard_ldap module. This module does not depend on the
authentication method (see 3.2.5).
Note that ejabberd treats LDAP as a read-only storage:
@@ -3040,7 +3111,7 @@ all search results are reported. The default value is 30.
set the table that maps LDAP attributes to vCard fields. The format is:
[Name_of_vCard_field, Pattern, List_of_LDAP_attributes, ...].
Name_of_vcard_field is the type name of the vCard as defined in
-RFC 2426. Pattern is a
+RFC 2426. Pattern is a
string which contains pattern variables "%u", "%d" or
"%s". List_of_LDAP_attributes is the list containing LDAP
attributes. The pattern variables "%s" will be sequentially replaced
@@ -3182,8 +3253,8 @@ searching his info in LDAP.
- ldap_vcard_map
-
-
This module implements Software Version (XEP-0092). Consequently, it
+
+
This module implements Software Version (XEP-0092). Consequently, it
answers ejabberd’s version when queried.
Options:
-
show_os
- Should the operating system be revealed or not.
@@ -3191,8 +3262,8 @@ The default value is true.
- iqdisc
- This specifies
the processing discipline for Software Version (jabber:iq:version) IQ queries (see section 3.3.2).
-
-
With the ejabberdctl command line administration script
+
+
With the ejabberdctl command line administration script
you can execute ejabberdctl commands (described in the next section, 4.1.1)
and also many general ejabberd commands (described in section 4.2).
This means you can start, stop and perform many other administrative tasks
@@ -3204,7 +3275,7 @@ and other codes may be used for specific results.
This can be used by other scripts to determine automatically
if a command succeeded or failed,
for example using: echo $?
-
When ejabberdctl is executed without any parameter,
+
When ejabberdctl is executed without any parameter,
it displays the available options. If there isn’t an ejabberd server running,
the available parameters are:
-
@@ -3240,7 +3311,7 @@ robot1
testuser1
testuser2
-
ejabberd is an Erlang/OTP application that runs inside an Erlang runtime system.
+
ejabberd is an Erlang/OTP application that runs inside an Erlang runtime system.
This system is configured using environment variables and command line parameters.
The ejabberdctl administration script uses many of those possibilities.
You can configure some of them with the file ejabberdctl.cfg,
@@ -3313,7 +3384,7 @@ Starts the Erlang system detached from the system console.
Note that some characters need to be escaped when used in shell scripts, for instance " and {}.
You can find other options in the Erlang manual page (erl -man erl).
-
An ejabberd command is an abstract function identified by a name,
+
An ejabberd command is an abstract function identified by a name,
with a defined number and type of calling arguments and type of result
that is registered in the ejabberd_commands service.
Those commands can be defined in any Erlang module and executed using any valid frontend.
ejabberd includes a frontend to execute ejabberd commands: the script ejabberdctl.
@@ -3321,7 +3392,7 @@ Other known frontends that can be installed to execute ejabberd commands in diff
ejabberd_xmlrpc (XML-RPC service),
mod_rest (HTTP POST service),
mod_shcommands (ejabberd WebAdmin page).
-
ejabberd includes a few ejabberd Commands by default.
+
ejabberd includes a few ejabberd Commands by default.
When more modules are installed, new commands may be available in the frontends.
The easiest way to get a list of the available commands, and get help for them is to use
the ejabberdctl script:
$ ejabberdctl help
@@ -3356,7 +3427,7 @@ This is not recommended for big databases, as it will consume much time,
memory and processor. In that case it’s preferable to use backup and install_fallback.
- import_piefxis, export_piefxis, export_piefxis_host
-
These options can be used to migrate accounts
-using XEP-0227 formatted XML files
+using XEP-0227 formatted XML files
from/to other Jabber/XMPP servers
or move users of a vhost to another ejabberd installation.
See also
@@ -3371,7 +3442,7 @@ There exist tutorials to
in offline storage. This might be useful when the number of offline messages
is very high.
-
The frontends can be configured to restrict access to certain commands.
+
The frontends can be configured to restrict access to certain commands.
In that case, authentication information must be provided.
In each frontend the AccessCommands option is defined
in a different place. But in all cases the option syntax is the same:
@@ -3417,7 +3488,7 @@ and the provided arguments do not contradict Arguments.
As an example to u
{_bot_reg_test, [register, unregister], [{host, "test.org"}]}
]
-
+
The ejabberd Web Admin allows to administer most of ejabberd using a web browser.
This feature is enabled by default:
a ejabberd_http listener with the option web_admin (see
section 3.1.3) is included in the listening ports. Then you can open
@@ -3489,13 +3560,13 @@ The file is searched by default in
The directory of the documentation can be specified in
the environment variable EJABBERD_DOC_PATH.
See section 4.1.2.
-
If you enable mod_configure and mod_adhoc,
+
If you enable mod_configure and mod_adhoc,
you can perform several administrative tasks in ejabberd
with a Jabber client.
-The client must support Ad-Hoc Commands (XEP-0050),
+The client must support Ad-Hoc Commands (XEP-0050),
and you must login in the Jabber server with
an account with proper privileges.
-
ejabberd uses the distributed Mnesia database.
+
ejabberd uses the distributed Mnesia database.
Being distributed, Mnesia enforces consistency of its file,
so it stores the name of the Erlang node in it (see section 5.4).
The name of an Erlang node includes the hostname of the computer.
@@ -3532,8 +3603,8 @@ mv /var/lib/ejabberd/*.* /var/lib/ejabberd/oldfiles/
Check that the information of the old database is available: accounts, rosters...
After you finish, remember to delete the temporary backup files from public directories.
-
-
+
+
You need to take the following TCP ports in mind when configuring your firewall:
| Port | Description |
@@ -3544,7 +3615,7 @@ After you finish, remember to delete the temporary backup files from public dire
| port range | Used for connections between Erlang nodes. This range is configurable (see section 5.2). |
-
epmd (Erlang Port Mapper Daemon)
+
epmd (Erlang Port Mapper Daemon)
is a small name server included in Erlang/OTP
and used by Erlang programs when establishing distributed Erlang communications.
ejabberd needs epmd to use ejabberdctl and also when clustering ejabberd nodes.
@@ -3569,7 +3640,7 @@ but can be configured in the file ejabberdctl.cfg.
The Erlang command-line parameter used internally is, for example:
erl ... -kernel inet_dist_listen_min 4370 inet_dist_listen_max 4375
-
The Erlang cookie is a string with numbers and letters.
+
The Erlang cookie is a string with numbers and letters.
An Erlang node reads the cookie at startup from the command-line parameter -setcookie.
If not indicated, the cookie is read from the cookie file $HOME/.erlang.cookie.
If this file does not exist, it is created immediately with a random cookie.
@@ -3583,7 +3654,7 @@ to prevent unauthorized access or intrusion to an Erlang node.
The communication between Erlang nodes are not encrypted,
so the cookie could be read sniffing the traffic on the network.
The recommended way to secure the Erlang node is to block the port 4369.
-
An Erlang node may have a node name.
+
An Erlang node may have a node name.
The name can be short (if indicated with the command-line parameter -sname)
or long (if indicated with the parameter -name).
Starting an Erlang node with -sname limits the communication between Erlang nodes to the LAN.
Using the option -sname instead of -name is a simple method
@@ -3592,7 +3663,7 @@ However, it is not ultimately effective to prevent access to the Erlang node,
because it may be possible to fake the fact that you are on another network
using a modified version of Erlang epmd.
The recommended way to secure the Erlang node is to block the port 4369.
-
ejabberd stores sensible data in the file system either in plain text or binary files.
+
ejabberd stores sensible data in the file system either in plain text or binary files.
The file system permissions should be set to only allow the proper user to read,
write and execute those files and directories.
-
ejabberd configuration file: /etc/ejabberd/ejabberd.cfg
-
@@ -3612,9 +3683,9 @@ so it is preferable to secure the whole /var/lib/ejabberd/ directory.
- Erlang cookie file: /var/lib/ejabberd/.erlang.cookie
-
See section 5.3.
-
+
-
+
A Jabber domain is served by one or more ejabberd nodes. These nodes can
be run on different machines that are connected via a network. They all
must have the ability to connect to port 4369 of all another nodes, and must
@@ -3628,29 +3699,29 @@ router,
session manager,
s2s manager.
-
+
This module is the main router of Jabber packets on each node. It
routes them based on their destination’s domains. It uses a global
routing table. The domain of the packet’s destination is searched in the
routing table, and if it is found, the packet is routed to the
appropriate process. If not, it is sent to the s2s manager.
-
+
This module routes packets which have a destination domain equal to
one of this server’s host names. If the destination JID has a non-empty user
part, it is routed to the session manager, otherwise it is processed depending
on its content.
-
+
This module routes packets to local users. It looks up to which user
resource a packet must be sent via a presence table. Then the packet is
either routed to the appropriate c2s process, or stored in offline
storage, or bounced back.
-
+
This module routes packets to other Jabber servers. First, it
checks if an opened s2s connection from the domain of the packet’s
source to the domain of the packet’s destination exists. If that is the case,
the s2s manager routes the packet to the process
serving this connection, otherwise a new connection is opened.
-
+
Suppose you already configured ejabberd on one machine named (first),
and you need to setup another one to make an ejabberd cluster. Then do
following steps:
-
@@ -3684,14 +3755,14 @@ the Erlang shell. This probably can take some time if Mnesia has not yet
transfered and processed all data it needed from first.
- Now run ejabberd on second with a configuration similar as
on first: you probably do not need to duplicate ‘
acl’
and ‘access’ options because they will be taken from
-first. If you installed mod_irc, notice that it should be
+first; and mod_irc should be
enabled only on one machine in the cluster.
You can repeat these steps for other machines supposed to serve this
domain.
-
+
-
-
+
+
ejabberd includes an algorithm to load balance the components that are plugged on an ejabberd cluster. It means that you can plug one or several instances of the same component on each ejabberd cluster and that the traffic will be automatically distributed.
The default distribution algorithm try to deliver to a local instance of a component. If several local instances are available, one instance is chosen randomly. If no instance is available locally, one instance is chosen randomly among the remote component instances.
If you need a different behaviour, you can change the load balancing behaviour with the option domain_balancing. The syntax of the option is the following:
{domain_balancing, "component.example.com", <balancing_criterium>}.
Several balancing criteria are available:
-
@@ -3700,13 +3771,13 @@ domain.
-
+
When there is a risk of failure for a given component, domain balancing can cause service trouble. If one component is failing the service will not work correctly unless the sessions are rebalanced.
In this case, it is best to limit the problem to the sessions handled by the failing component. This is what the domain_balancing_component_number option does, making the load balancing algorithm not dynamic, but sticky on a fix number of component instances.
The syntax is the following:
{domain_balancing_component_number, "component.example.com", N}
-
+
-
An ejabberd node writes two log files:
+
An ejabberd node writes two log files:
-
ejabberd.log
- is the ejabberd service log, with the messages reported by ejabberd code
- sasl.log
- is the Erlang/OTP system log, with the messages reported by Erlang/OTP using SASL (System Architecture Support Libraries)
@@ -3728,12 +3799,12 @@ The ejabberdctl command reopen-log
(please refer to section 4.1.1)
reopens the log files,
and also renames the old ones if you didn’t rename them.
-
The Debug Console is an Erlang shell attached to an already running ejabberd server.
+
The Debug Console is an Erlang shell attached to an already running ejabberd server.
With this Erlang shell, an experienced administrator can perform complex tasks.
This shell gives complete control over the ejabberd server,
so it is important to use it with extremely care.
There are some simple and safe examples in the article
Interconnecting Erlang Nodes
To exit the shell, close the window or press the keys: control+c control+c.
-
+
ejabberd includes a watchdog mechanism that may be useful to developers
when troubleshooting a problem related to memory usage.
If a process in the ejabberd server consumes more memory than the configured threshold,
@@ -3751,7 +3822,7 @@ or in a conversation with the watchdog alert bot.
Example configuration:
To remove all watchdog admins, set the option with an empty list:
{watchdog_admins, []}.
-
+
The source code of ejabberd supports localization.
The translators can edit the
gettext .po files
@@ -3786,9 +3857,9 @@ HTTP header ‘Accept-Language: ru’
-
+
Release notes are available from ejabberd Home Page
-
Thanks to all people who contributed to this guide:
+
Thanks to all people who contributed to this guide:
-
Ejabberd Installation and Operation Guide.
+
Ejabberd Installation and Operation Guide.
Copyright © 2003 — 2009 ProcessOne
This document is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
diff --git a/doc/guide.tex b/doc/guide.tex
index cc703fccc..f21af0e4e 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -720,11 +720,11 @@ other different modules for some specific virtual hosts:
\makesubsection{listened}{Listening Ports}
\ind{options!listen}
-The option \option{listen} defines for which addresses and ports \ejabberd{}
+The option \option{listen} defines for which ports, addresses and network protocols \ejabberd{}
will listen and what services will be run on them. Each element of the list is a
tuple with the following elements:
\begin{itemize}
-\item Port number. Optionally also the IP address.
+\item Port number. Optionally also the IP address and/or a transport protocol.
\item Listening module that serves this port.
\item Options for the TCP socket and for the listening module.
\end{itemize}
@@ -742,10 +742,12 @@ With the basic syntax the ports will listen on all IPv4 network addresses:
It is possible to specify the IP address for a port using the full syntax:
\begin{verbatim}
{{, }, , []}
+ {{, }, , []}
+ {{, , }, , []}
\end{verbatim}
-\makesubsubsection{listened-port}{Port Number and IP Address}
+\makesubsubsection{listened-port}{Port Number, IP Address and Transport Protocol}
The port number defines which port to listen for incoming connections.
It can be a Jabber/XMPP standard port
@@ -769,6 +771,9 @@ Some example values for IP address:
\item \verb|{16#fdca, 16#8ab6, 16#a243, 16#75ef, 0, 0, 0, 1}| is the IPv6 address \verb|FDCA:8AB6:A243:75EF::1/128|
\end{itemize}
+The transport protocol can be \term{tcp} or \term{udp}.
+Default is \term{tcp}.
+
\makesubsubsection{listened-module}{Listening Module}
@@ -789,6 +794,10 @@ The available modules, their purpose and the options allowed by each one are:
(as defined in the Jabber Component Protocol (\xepref{0114}).\\
Options: \texttt{access}, \texttt{hosts},
\texttt{shaper}, \texttt{service\_check\_from}
+ \titem{\texttt{ejabberd\_stun}}
+ Handles STUN Binding requests as defined in
+ \footahref{http://tools.ietf.org/html/rfc5389}{RFC 5389}.\\
+ Options: \texttt{certfile}
\titem{\texttt{ejabberd\_http}}
Handles incoming HTTP connections.\\
Options: \texttt{captcha}, \texttt{certfile}, \texttt{http\_bind}, \texttt{http\_poll},
@@ -944,6 +953,7 @@ However, the c2s and s2s connections to the domain \term{example.com} use the fi
and also allows plain connections for old clients.
\item Port 5223 listens for c2s connections with the old SSL.
\item Port 5269 listens for s2s connections with STARTTLS. The socket is set for IPv6 instead of IPv4.
+\item Port 3478 listens for STUN requests over UDP.
\item Port 5280 listens for HTTP requests, and serves the HTTP Poll service.
\item Port 5281 listens for HTTP requests, and serves the Web Admin using HTTPS as explained in
section~\ref{webadmin}. The socket only listens connections to the IP address 127.0.0.1.
@@ -968,6 +978,7 @@ However, the c2s and s2s connections to the domain \term{example.com} use the fi
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
+ {{3478, udp}, ejabberd_stun, []},
{5280, ejabberd_http, [
http_poll
]},
@@ -1548,6 +1559,45 @@ Example configuration:
]}.
\end{verbatim}
+\makesubsection{stun}{STUN}
+\ind{options!stun}\ind{stun}
+
+\ejabberd{} is able to act as a stand-alone STUN server
+(\footahref{http://tools.ietf.org/html/rfc5389}{RFC 5389}). Currently only Binding usage
+is supported. In that role \ejabberd{} helps clients with Jingle ICE (\xepref{0176}) support to discover their external addresses and ports.
+
+You should configure \term{ejabberd\_stun} listening module as described in \ref{listened} section.
+If \option{certfile} option is defined, \ejabberd{} multiplexes TCP and
+TLS over TCP connections on the same port. Obviously, \option{certfile} option
+is defined for \term{tcp} only. Note however that TCP or TLS over TCP
+support is not required for Binding usage and is reserved for
+\footahref{http://tools.ietf.org/html/draft-ietf-behave-turn-16}{TURN}
+functionality. Feel free to configure \term{udp} transport only.
+
+Example configuration:
+\begin{verbatim}
+{listen,
+ [
+ ...
+ {{3478, udp}, ejabberd_stun, []},
+ {3478, ejabberd_stun, []},
+ {5349, ejabberd_stun, [{certfile, "/etc/ejabberd/server.pem"}]},
+ ...
+ ]
+}.
+\end{verbatim}
+
+You also need to configure DNS SRV records properly so clients can easily discover a
+STUN server serving your XMPP domain. Refer to section
+\footahref{http://tools.ietf.org/html/rfc5389\#section-9}{DNS Discovery of a Server}
+of \footahref{http://tools.ietf.org/html/rfc5389}{RFC 5389} for details.
+
+Example DNS SRV configuration:
+\begin{verbatim}
+_stun._udp IN SRV 0 0 3478 stun.example.com.
+_stun._tcp IN SRV 0 0 3478 stun.example.com.
+_stuns._tcp IN SRV 0 0 5349 stun.example.com.
+\end{verbatim}
\makesubsection{includeconfigfile}{Include Additional Configuration Files}
\ind{options!includeconfigfile}\ind{includeconfigfile}
diff --git a/src/ejabberd.cfg.example b/src/ejabberd.cfg.example
index a23b714be..a083613a1 100644
--- a/src/ejabberd.cfg.example
+++ b/src/ejabberd.cfg.example
@@ -149,6 +149,11 @@
%% }
%% ]},
+ %%
+ %% ejabberd_stun: Handles STUN Binding requests
+ %%
+ %%{{3478, udp}, ejabberd_stun, []},
+
{5280, ejabberd_http, [
%%{request_handlers,
%% [