Chapril/xmpp.chapril.org-ejabberd
24
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-06-12 21:52:07 +02:00
Code Releases Activity

* doc/guide.tex: Document new ejabberdctl option. New section that

Browse Source 
documents AccessCommands. (EJAB-910)
* doc/guide.html: Likewise

SVN Revision: 2025
This commit is contained in:
Badlop 2009-04-17 13:53:20 +00:00
parent fd967d6976
commit 554a9a72f1
3 changed files with 382 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,5 +1,9 @@
2009-04-17 Badlop <badlop@process-one.net>
* doc/guide.tex: Document new ejabberdctl option. New section that
documents AccessCommands. (EJAB-910)
* doc/guide.html: Likewise
* src/ejabberd_ctl.erl: New option to require auth in ejabberdctl
and restrict what commands and arguments can execute (EJAB-910)
* src/ejabberd_config.erl: Likewise

306
doc/guide.html
View File

@ -165,48 +165,53 @@ BLOCKQUOTE.figure DIV.center DIV.center HR{display:none;}
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc61">4.1&#XA0;&#XA0;<TT>ejabberdctl</TT></A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc62">4.1.1&#XA0;&#XA0;Commands</A>
<A HREF="#htoc62">4.1.1&#XA0;&#XA0;ejabberdctl Commands</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc63">4.1.2&#XA0;&#XA0;Erlang Runtime System</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc64">4.2&#XA0;&#XA0;Web Admin</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc65">4.3&#XA0;&#XA0;Ad-hoc Commands</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc66">4.4&#XA0;&#XA0;Change Computer Hostname</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc67">Chapter&#XA0;5&#XA0;&#XA0;Securing <TT>ejabberd</TT></A>
</LI><LI CLASS="li-toc"><A HREF="#htoc64">4.2&#XA0;&#XA0;<TT>ejabberd</TT> Commands</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc68">5.1&#XA0;&#XA0;Firewall Settings</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc69">5.2&#XA0;&#XA0;epmd</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc70">5.3&#XA0;&#XA0;Erlang Cookie</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc71">5.4&#XA0;&#XA0;Erlang Node Name</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc72">5.5&#XA0;&#XA0;Securing Sensible Files</A>
<A HREF="#htoc65">4.2.1&#XA0;&#XA0;List of ejabberd Commands</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc66">4.2.2&#XA0;&#XA0;Restrict Execution with AccessCommands</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc73">Chapter&#XA0;6&#XA0;&#XA0;Clustering</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc67">4.3&#XA0;&#XA0;Web Admin</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc68">4.4&#XA0;&#XA0;Ad-hoc Commands</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc69">4.5&#XA0;&#XA0;Change Computer Hostname</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc70">Chapter&#XA0;5&#XA0;&#XA0;Securing <TT>ejabberd</TT></A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc74">6.1&#XA0;&#XA0;How it Works</A>
<A HREF="#htoc71">5.1&#XA0;&#XA0;Firewall Settings</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc72">5.2&#XA0;&#XA0;epmd</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc73">5.3&#XA0;&#XA0;Erlang Cookie</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc74">5.4&#XA0;&#XA0;Erlang Node Name</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc75">5.5&#XA0;&#XA0;Securing Sensible Files</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc76">Chapter&#XA0;6&#XA0;&#XA0;Clustering</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc75">6.1.1&#XA0;&#XA0;Router</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc76">6.1.2&#XA0;&#XA0;Local Router</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc77">6.1.3&#XA0;&#XA0;Session Manager</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc78">6.1.4&#XA0;&#XA0;s2s Manager</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc79">6.2&#XA0;&#XA0;Clustering Setup</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc80">6.3&#XA0;&#XA0;Service Load-Balancing</A>
<A HREF="#htoc77">6.1&#XA0;&#XA0;How it Works</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc81">6.3.1&#XA0;&#XA0;Components Load-Balancing</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc82">6.3.2&#XA0;&#XA0;Domain Load-Balancing Algorithm</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc83">6.3.3&#XA0;&#XA0;Load-Balancing Buckets</A>
<A HREF="#htoc78">6.1.1&#XA0;&#XA0;Router</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc79">6.1.2&#XA0;&#XA0;Local Router</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc80">6.1.3&#XA0;&#XA0;Session Manager</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc81">6.1.4&#XA0;&#XA0;s2s Manager</A>
</LI></UL>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc84">Chapter&#XA0;7&#XA0;&#XA0;Debugging</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc82">6.2&#XA0;&#XA0;Clustering Setup</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc83">6.3&#XA0;&#XA0;Service Load-Balancing</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc85">7.1&#XA0;&#XA0;Log Files</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc86">7.2&#XA0;&#XA0;Debug Console</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc87">7.3&#XA0;&#XA0;Watchdog Alerts</A>
<A HREF="#htoc84">6.3.1&#XA0;&#XA0;Components Load-Balancing</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc85">6.3.2&#XA0;&#XA0;Domain Load-Balancing Algorithm</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc86">6.3.3&#XA0;&#XA0;Load-Balancing Buckets</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc88">Appendix&#XA0;A&#XA0;&#XA0;Internationalization and Localization</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc89">Appendix&#XA0;B&#XA0;&#XA0;Release Notes</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc90">Appendix&#XA0;C&#XA0;&#XA0;Acknowledgements</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc91">Appendix&#XA0;D&#XA0;&#XA0;Copyright Information</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc87">Chapter&#XA0;7&#XA0;&#XA0;Debugging</A>
<UL CLASS="toc"><LI CLASS="li-toc">
<A HREF="#htoc88">7.1&#XA0;&#XA0;Log Files</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc89">7.2&#XA0;&#XA0;Debug Console</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc90">7.3&#XA0;&#XA0;Watchdog Alerts</A>
</LI></UL>
</LI><LI CLASS="li-toc"><A HREF="#htoc91">Appendix&#XA0;A&#XA0;&#XA0;Internationalization and Localization</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc92">Appendix&#XA0;B&#XA0;&#XA0;Release Notes</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc93">Appendix&#XA0;C&#XA0;&#XA0;Acknowledgements</A>
</LI><LI CLASS="li-toc"><A HREF="#htoc94">Appendix&#XA0;D&#XA0;&#XA0;Copyright Information</A>
</LI></UL><!--TOC chapter Introduction-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc1">Chapter&#XA0;1</A>&#XA0;&#XA0;Introduction</H1><!--SEC END --><P>
<A NAME="intro"></A></P><P><TT>ejabberd</TT> is a free and open source instant messaging server written in <A HREF="http://www.erlang.org/">Erlang</A>.</P><P><TT>ejabberd</TT> is cross-platform, distributed, fault-tolerant, and based on open standards to achieve real-time communication.</P><P><TT>ejabberd</TT> is designed to be a rock-solid and feature rich XMPP server.</P><P><TT>ejabberd</TT> is suitable for small deployments, whether they need to be scalable or not, as well as extremely big deployments.</P><!--TOC section Key Features-->
@ -795,7 +800,7 @@ and also allows plain connections for old clients.
</LI><LI CLASS="li-itemize">Port 5269 listens for s2s connections with STARTTLS. The socket is set for IPv6 instead of IPv4.
</LI><LI CLASS="li-itemize">Port 5280 listens for HTTP requests, and serves the HTTP Poll service.
</LI><LI CLASS="li-itemize">Port 5281 listens for HTTP requests, and serves the Web Admin using HTTPS as explained in
section&#XA0;<A HREF="#webadmin">4.2</A>. The socket only listens connections to the IP address 127.0.0.1.
section&#XA0;<A HREF="#webadmin">4.3</A>. The socket only listens connections to the IP address 127.0.0.1.
</LI></UL><PRE CLASS="verbatim">{hosts, ["example.com", "example.org", "example.net"]}.
{listen,
[
@ -839,7 +844,7 @@ only two servers can connect: "jabber.example.org" and "example.com".
</LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service
in all the IPv4 addresses. Note
that it is also possible to serve them on different ports. The second
example in section&#XA0;<A HREF="#webadmin">4.2</A> shows how exactly this can be done.
example in section&#XA0;<A HREF="#webadmin">4.3</A> shows how exactly this can be done.
</LI><LI CLASS="li-itemize">All users except for the administrators have a traffic of limit
1,000&#XA0;Bytes/second
</LI><LI CLASS="li-itemize">The
@ -2953,9 +2958,19 @@ The default value is <TT>true</TT>.
the processing discipline for Software Version (<TT>jabber:iq:version</TT>) IQ queries (see section&#XA0;<A HREF="#modiqdiscoption">3.3.2</A>).
</DD></DL><P> <A NAME="manage"></A> </P><!--TOC chapter Managing an <TT>ejabberd</TT> Server-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc60">Chapter&#XA0;4</A>&#XA0;&#XA0;<A HREF="#manage">Managing an <TT>ejabberd</TT> Server</A></H1><!--SEC END --><P> <A NAME="manage"></A> </P><P> <A NAME="ejabberdctl"></A> </P><!--TOC section <TT>ejabberdctl</TT>-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc61">4.1</A>&#XA0;&#XA0;<A HREF="#ejabberdctl"><TT>ejabberdctl</TT></A></H2><!--SEC END --><P> <A NAME="ejabberdctl"></A> </P><P> <A NAME="commands"></A> </P><!--TOC subsection Commands-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc62">4.1.1</A>&#XA0;&#XA0;<A HREF="#commands">Commands</A></H3><!--SEC END --><P> <A NAME="commands"></A> </P><P>The <TT>ejabberdctl</TT> command line administration script allows to start, stop and perform
many other administrative tasks in a local or remote <TT>ejabberd</TT> server.</P><P>When <TT>ejabberdctl</TT> is executed without any parameter,
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc61">4.1</A>&#XA0;&#XA0;<A HREF="#ejabberdctl"><TT>ejabberdctl</TT></A></H2><!--SEC END --><P> <A NAME="ejabberdctl"></A> </P><P>With the <TT>ejabberdctl</TT> command line administration script
you can execute <TT>ejabberdctl commands</TT> (described in the next section, <A HREF="#ectl-commands">4.1.1</A>)
and also many general <TT>ejabberd commands</TT> (described in section <A HREF="#eja-commands">4.2</A>).
This means you can start, stop and perform many other administrative tasks
in a local or remote <TT>ejabberd</TT> server (by providing the argument <TT>--node NODENAME</TT>).</P><P>The <TT>ejabberdctl</TT> script can be configured in the file <TT>ejabberdctl.cfg</TT>.
This file includes detailed information about each configurable option. See section <A HREF="#erlangconfiguration">4.1.2</A>.</P><P>The <TT>ejabberdctl</TT> script returns a numerical status code.
Success is represented by <TT>0</TT>,
error is represented by <TT>1</TT>,
and other codes may be used for specific results.
This can be used by other scripts to determine automatically
if a command succeeded or failed,
for example using: <TT>echo $?</TT></P><P> <A NAME="ectl-commands"></A> </P><!--TOC subsection ejabberdctl Commands-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc62">4.1.1</A>&#XA0;&#XA0;<A HREF="#ectl-commands">ejabberdctl Commands</A></H3><!--SEC END --><P> <A NAME="ectl-commands"></A> </P><P>When <TT>ejabberdctl</TT> is executed without any parameter,
it displays the available options. If there isn&#X2019;t an <TT>ejabberd</TT> server running,
the available parameters are:
</P><DL CLASS="description"><DT CLASS="dt-description">
@ -2963,45 +2978,34 @@ the available parameters are:
</DD><DT CLASS="dt-description"><B><TT>debug</TT></B></DT><DD CLASS="dd-description"> Attach an Erlang shell to an already existing <TT>ejabberd</TT> server. This allows to execute commands interactively in the <TT>ejabberd</TT> server.
</DD><DT CLASS="dt-description"><B><TT>live</TT></B></DT><DD CLASS="dd-description"> Start <TT>ejabberd</TT> in live mode: the shell keeps attached to the started server, showing log messages and allowing to execute interactive commands.
</DD></DL><P>If there is an <TT>ejabberd</TT> server running in the system,
<TT>ejabberdctl</TT> shows all the available commands in that server.
The more interesting ones are:
<TT>ejabberdctl</TT> shows the <TT>ejabberdctl commands</TT> described bellow
and all the <TT>ejabberd commands</TT> available in that server (see <A HREF="#list-eja-commands">4.2.1</A>).</P><P>The <TT>ejabberdctl commands</TT> are:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>help</TT></B></DT><DD CLASS="dd-description"> Get help about ejabberdctl or any available command. Try <TT>ejabberdctl help help</TT>.
</DD><DT CLASS="dt-description"><B><TT>status</TT></B></DT><DD CLASS="dd-description"> Check the status of the <TT>ejabberd</TT> server.
</DD><DT CLASS="dt-description"><B><TT>stop</TT></B></DT><DD CLASS="dd-description"> Stop the <TT>ejabberd</TT> server which is running in the machine.
</DD><DT CLASS="dt-description"><B><TT>reopen-log</TT></B></DT><DD CLASS="dd-description"> Reopen the log files after they were renamed.
If the old files were not renamed before calling this command,
they are automatically renamed to <TT>"*-old.log"</TT>. See section <A HREF="#logfiles">7.1</A>.
</DD><DT CLASS="dt-description"><B><TT>backup ejabberd.backup</TT></B></DT><DD CLASS="dd-description">
Store internal Mnesia database to a binary backup file.
</DD><DT CLASS="dt-description"><B><TT>restore ejabberd.backup</TT></B></DT><DD CLASS="dd-description">
Restore immediately from a binary backup file the internal Mnesia database.
This will consume quite some memory for big servers.
</DD><DT CLASS="dt-description"><B><TT>install-fallback ejabberd.backup</TT></B></DT><DD CLASS="dd-description">
The binary backup file is installed as fallback:
it will be used to restore the database at the next ejabberd start.
Similar to <TT>restore</TT>, but requires less memory.
</DD><DT CLASS="dt-description"><B><TT>dump ejabberd.dump</TT></B></DT><DD CLASS="dd-description">
Dump internal Mnesia database to a text file dump.
</DD><DT CLASS="dt-description"><B><TT>load ejabberd.dump</TT></B></DT><DD CLASS="dd-description">
Restore immediately from a text file dump.
This is not recommended for big databases, as it will consume much time,
memory and processor. In that case it&#X2019;s preferable to use <TT>backup</TT> and <TT>install-fallback</TT>.
</DD><DT CLASS="dt-description"><B><TT>import-file, import-dir</TT></B></DT><DD CLASS="dd-description">
These options can be used to migrate from other Jabber/XMPP servers. There
exist tutorials to <A HREF="http://www.ejabberd.im/migrate-to-ejabberd">migrate from other software to ejabberd</A>.
</DD><DT CLASS="dt-description"><B><TT>delete-expired-messages</TT></B></DT><DD CLASS="dd-description"> This option can be used to delete old messages
in offline storage. This might be useful when the number of offline messages
is very high.
</DD></DL><P>The <TT>ejabberdctl</TT> script also allows the argument <TT>--node NODENAME</TT>.
This allows to administer a remote node.</P><P>The <TT>ejabberdctl</TT> script can be configured in the file <TT>ejabberdctl.cfg</TT>.
This file includes detailed information about each configurable option.</P><P>The <TT>ejabberdctl</TT> script returns a numerical status code.
Success is represented by <TT>0</TT>,
error is represented by <TT>1</TT>,
and other codes may be used for specific results.
This can be used by other scripts to determine automatically
if a command succeeded or failed,
for example using: <TT>echo $?</TT></P><P> <A NAME="erlangconfiguration"></A> </P><!--TOC subsection Erlang Runtime System-->
</DD><DT CLASS="dt-description"><B><TT>stop</TT></B></DT><DD CLASS="dd-description"> Stop the <TT>ejabberd</TT> server.
</DD><DT CLASS="dt-description"><B><TT>restart</TT></B></DT><DD CLASS="dd-description"> Restart the <TT>ejabberd</TT> server.
</DD><DT CLASS="dt-description"><B><TT>mnesia</TT></B></DT><DD CLASS="dd-description"> Get information about the Mnesia database.
</DD></DL><P>The <TT>ejabberdctl</TT> script can be restricted to require authentication
and execute some <TT>ejabberd commands</TT>; see <A HREF="#accesscommands">4.2.2</A>.
Add the option to the file <TT>ejabberd.cfg</TT>.
In this example there is no restriction:
</P><PRE CLASS="verbatim">{ejabberdctl_access_commands, []}.
</PRE><P>If account <TT>robot1@example.org</TT> is registered in <TT>ejabberd</TT> with password <TT>abcdef</TT>
(which MD5 is E8B501798950FC58AAD83C8C14978E),
and <TT>ejabberd.cfg</TT> contains this setting:
</P><PRE CLASS="verbatim">{hosts, ["example.org"]}.
{acl, bots, {user, "robot1", "example.org"}}.
{access, ctlaccess, [{allow, bots}]}.
{ejabberdctl_access_commands, [ {ctlaccess, [registered_users, register], []} ]}.
</PRE><P>then you can do this in the shell:
</P><PRE CLASS="verbatim">$ ejabberdctl registered_users example.org
Error: no_auth_provided
$ ejabberdctl --auth robot1 example.org E8B501798950FC58AAD83C8C14978E registered_users example.org
robot1
testuser1
testuser2
</PRE><P> <A NAME="erlangconfiguration"></A> </P><!--TOC subsection Erlang Runtime System-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc63">4.1.2</A>&#XA0;&#XA0;<A HREF="#erlangconfiguration">Erlang Runtime System</A></H3><!--SEC END --><P> <A NAME="erlangconfiguration"></A> </P><P><TT>ejabberd</TT> is an Erlang/OTP application that runs inside an Erlang runtime system.
This system is configured using environment variables and command line parameters.
The <TT>ejabberdctl</TT> administration script uses many of those possibilities.
@ -3070,8 +3074,102 @@ Starts the Erlang system detached from the system console.
Open an Erlang shell in a remote Erlang node.
</DD></DL><P>
Note that some characters need to be escaped when used in shell scripts, for instance <CODE>"</CODE> and <CODE>{}</CODE>.
You can find other options in the Erlang manual page (<TT>erl -man erl</TT>).</P><P> <A NAME="webadmin"></A> </P><!--TOC section Web Admin-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc64">4.2</A>&#XA0;&#XA0;<A HREF="#webadmin">Web Admin</A></H2><!--SEC END --><P> <A NAME="webadmin"></A>
You can find other options in the Erlang manual page (<TT>erl -man erl</TT>).</P><P> <A NAME="eja-commands"></A> </P><!--TOC section <TT>ejabberd</TT> Commands-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc64">4.2</A>&#XA0;&#XA0;<A HREF="#eja-commands"><TT>ejabberd</TT> Commands</A></H2><!--SEC END --><P> <A NAME="eja-commands"></A> </P><P>An <TT>ejabberd command</TT> is an abstract function identified by a name,
with a defined number and type of calling arguments and type of result
that is registered in the <TT>ejabberd_commands</TT> service.
Those commands can be defined in any Erlang module and executed using any valid frontend.</P><P><TT>ejabberd</TT> includes a frontend to execute <TT>ejabberd commands</TT>: the script <TT>ejabberdctl</TT>.
Other known frontends that can be installed to execute ejabberd commands in different ways are:
<TT>ejabberd_xmlrpc</TT> (XML-RPC service),
<TT>mod_rest</TT> (HTTP POST service),
<TT>mod_shcommands</TT> (ejabberd WebAdmin page).</P><P> <A NAME="list-eja-commands"></A> </P><!--TOC subsection List of ejabberd Commands-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc65">4.2.1</A>&#XA0;&#XA0;<A HREF="#list-eja-commands">List of ejabberd Commands</A></H3><!--SEC END --><P> <A NAME="list-eja-commands"></A> </P><P><TT>ejabberd</TT> includes a few ejabberd Commands by default.
When more modules are installed, new commands may be available in the frontends.</P><P>The easiest way to get a list of the available commands, and get help for them is to use
the ejabberdctl script:
</P><PRE CLASS="verbatim">$ ejabberdctl help
Usage: ejabberdctl [--node nodename] [--auth user host password] command [options]
Available commands in this ejabberd node:
backup file Store the database to backup file
connected_users List all established sessions
connected_users_number Get the number of established sessions
delete_expired_messages Delete expired offline messages from database
delete_old_messages days Delete offline messages older than DAYS
...
</PRE><P>The more interesting ones are:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>reopen-log</TT></B></DT><DD CLASS="dd-description"> Reopen the log files after they were renamed.
If the old files were not renamed before calling this command,
they are automatically renamed to <TT>"*-old.log"</TT>. See section <A HREF="#logfiles">7.1</A>.
</DD><DT CLASS="dt-description"><B><TT>backup ejabberd.backup</TT></B></DT><DD CLASS="dd-description">
Store internal Mnesia database to a binary backup file.
</DD><DT CLASS="dt-description"><B><TT>restore ejabberd.backup</TT></B></DT><DD CLASS="dd-description">
Restore immediately from a binary backup file the internal Mnesia database.
This will consume quite some memory for big servers.
</DD><DT CLASS="dt-description"><B><TT>install-fallback ejabberd.backup</TT></B></DT><DD CLASS="dd-description">
The binary backup file is installed as fallback:
it will be used to restore the database at the next ejabberd start.
Similar to <TT>restore</TT>, but requires less memory.
</DD><DT CLASS="dt-description"><B><TT>dump ejabberd.dump</TT></B></DT><DD CLASS="dd-description">
Dump internal Mnesia database to a text file dump.
</DD><DT CLASS="dt-description"><B><TT>load ejabberd.dump</TT></B></DT><DD CLASS="dd-description">
Restore immediately from a text file dump.
This is not recommended for big databases, as it will consume much time,
memory and processor. In that case it&#X2019;s preferable to use <TT>backup</TT> and <TT>install-fallback</TT>.
</DD><DT CLASS="dt-description"><B><TT>import-file, import-dir</TT></B></DT><DD CLASS="dd-description">
These options can be used to migrate from other Jabber/XMPP servers. There
exist tutorials to <A HREF="http://www.ejabberd.im/migrate-to-ejabberd">migrate from other software to ejabberd</A>.
</DD><DT CLASS="dt-description"><B><TT>delete-expired-messages</TT></B></DT><DD CLASS="dd-description"> This option can be used to delete old messages
in offline storage. This might be useful when the number of offline messages
is very high.
</DD></DL><P> <A NAME="accesscommands"></A> </P><!--TOC subsection Restrict Execution with AccessCommands-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc66">4.2.2</A>&#XA0;&#XA0;<A HREF="#accesscommands">Restrict Execution with AccessCommands</A></H3><!--SEC END --><P> <A NAME="accesscommands"></A> </P><P>The frontends can be configured to restrict access to certain commands.
In that case, authentication information must be provided.
In each frontend the <TT>AccessCommands</TT> option is defined
in a different place. But in all cases the option syntax is the same:
</P><PRE CLASS="verbatim">AccessCommands = [ {Access, CommandNames, Arguments} ]
Access = atom()
CommandNames = all | [CommandName]
CommandName = atom()
Arguments = [{ArgumentName, ArgumentValue}]
ArgumentName = atom()
ArgumentValue = any()
</PRE><P>The default value is to not define any restriction: <TT>[]</TT>.
If at least one restriction is defined, then the frontend expects
that authentication information is provided when executing a command.
The authentication information is Username, Hostname and Password of a local Jabber account
that has permission to execute the corresponding command.
This means that the account must be registered in the local ejabberd,
because the information will be verified.
It is possible to provide the plaintext password or its MD5 sum.</P><P>When one or several access restrictions are defined and the
authentication information is provided,
each restriction is verified until one matches completely:
the account matches the Access rule,
the command name is listed in CommandNames,
and the provided arguments do not contradict Arguments.</P><P>As an example to understand the syntax, let&#X2019;s suppose those options:
</P><PRE CLASS="verbatim">{hosts, ["example.org"]}.
{acl, bots, {user, "robot1", "example.org"}}.
{access, commaccess, [{allow, bots}]}.
</PRE><P>This list of access restrictions allows only <TT>robot1@example.org</TT> to execute all commands:
</P><PRE CLASS="verbatim">[{commaccess, all, []}]
</PRE><P>See another list of restrictions (the corresponding ACL and ACCESS are not shown):
</P><PRE CLASS="verbatim">[
%% This bot can execute all commands:
{bot, all, []},
%% This bot can only execute the command 'dump'. No argument restriction:
{bot_backups, [dump], []}
%% This bot can execute all commands,
%% but if a 'host' argument is provided, it must be "example.org":
{bot_all_example, all, [{host, "example.org"}]},
%% This bot can only execute the command 'register',
%% and if argument 'host' is provided, it must be "example.org":
{bot_reg_example, [register], [{host, "example.org"}]},
%% This bot can execute the commands 'register' and 'unregister',
%% if argument host is provided, it must be "test.org":
{_bot_reg_test, [register, unregister], [{host, "test.org"}]}
]
</PRE><P> <A NAME="webadmin"></A> </P><!--TOC section Web Admin-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc67">4.3</A>&#XA0;&#XA0;<A HREF="#webadmin">Web Admin</A></H2><!--SEC END --><P> <A NAME="webadmin"></A>
</P><P>The <TT>ejabberd</TT> Web Admin allows to administer most of <TT>ejabberd</TT> using a web browser.</P><P>This feature is enabled by default:
a <TT>ejabberd_http</TT> listener with the option <TT>web_admin</TT> (see
section&#XA0;<A HREF="#listened">3.1.3</A>) is included in the listening ports. Then you can open
@ -3143,13 +3241,13 @@ The file is searched by default in
The directory of the documentation can be specified in
the environment variable <TT>EJABBERD_DOC_PATH</TT>.
See section <A HREF="#erlangconfiguration">4.1.2</A>.</P><P> <A NAME="adhoccommands"></A> </P><!--TOC section Ad-hoc Commands-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc65">4.3</A>&#XA0;&#XA0;<A HREF="#adhoccommands">Ad-hoc Commands</A></H2><!--SEC END --><P> <A NAME="adhoccommands"></A> </P><P>If you enable <TT>mod_configure</TT> and <TT>mod_adhoc</TT>,
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc68">4.4</A>&#XA0;&#XA0;<A HREF="#adhoccommands">Ad-hoc Commands</A></H2><!--SEC END --><P> <A NAME="adhoccommands"></A> </P><P>If you enable <TT>mod_configure</TT> and <TT>mod_adhoc</TT>,
you can perform several administrative tasks in <TT>ejabberd</TT>
with a Jabber client.
The client must support Ad-Hoc Commands (<A HREF="http://www.xmpp.org/extensions/xep-0050.html">XEP-0050</A>),
and you must login in the Jabber server with
an account with proper privileges.</P><P> <A NAME="changeerlangnodename"></A> </P><!--TOC section Change Computer Hostname-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc66">4.4</A>&#XA0;&#XA0;<A HREF="#changeerlangnodename">Change Computer Hostname</A></H2><!--SEC END --><P> <A NAME="changeerlangnodename"></A> </P><P><TT>ejabberd</TT> uses the distributed Mnesia database.
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc69">4.5</A>&#XA0;&#XA0;<A HREF="#changeerlangnodename">Change Computer Hostname</A></H2><!--SEC END --><P> <A NAME="changeerlangnodename"></A> </P><P><TT>ejabberd</TT> uses the distributed Mnesia database.
Being distributed, Mnesia enforces consistency of its file,
so it stores the name of the Erlang node in it (see section <A HREF="#nodename">5.4</A>).
The name of an Erlang node includes the hostname of the computer.
@ -3165,8 +3263,8 @@ you must follow these instructions:
For example:
<PRE CLASS="verbatim">ejabberdctl restore /tmp/ejabberd-oldhost.backup
</PRE></LI></OL><P> <A NAME="secure"></A> </P><!--TOC chapter Securing <TT>ejabberd</TT>-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc67">Chapter&#XA0;5</A>&#XA0;&#XA0;<A HREF="#secure">Securing <TT>ejabberd</TT></A></H1><!--SEC END --><P> <A NAME="secure"></A> </P><P> <A NAME="firewall"></A> </P><!--TOC section Firewall Settings-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc68">5.1</A>&#XA0;&#XA0;<A HREF="#firewall">Firewall Settings</A></H2><!--SEC END --><P> <A NAME="firewall"></A>
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc70">Chapter&#XA0;5</A>&#XA0;&#XA0;<A HREF="#secure">Securing <TT>ejabberd</TT></A></H1><!--SEC END --><P> <A NAME="secure"></A> </P><P> <A NAME="firewall"></A> </P><!--TOC section Firewall Settings-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc71">5.1</A>&#XA0;&#XA0;<A HREF="#firewall">Firewall Settings</A></H2><!--SEC END --><P> <A NAME="firewall"></A>
</P><P>You need to take the following TCP ports in mind when configuring your firewall:
</P><BLOCKQUOTE CLASS="table"><DIV CLASS="center"><DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV>
<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1><TR><TD ALIGN=left NOWRAP><B>Port</B></TD><TD ALIGN=left NOWRAP><B>Description</B></TD></TR>
@ -3177,7 +3275,7 @@ you must follow these instructions:
<TR><TD ALIGN=left NOWRAP>port range</TD><TD ALIGN=left NOWRAP>Used for connections between Erlang nodes. This range is configurable (see section <A HREF="#epmd">5.2</A>).</TD></TR>
</TABLE>
<DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE><P> <A NAME="epmd"></A> </P><!--TOC section epmd-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc69">5.2</A>&#XA0;&#XA0;<A HREF="#epmd">epmd</A></H2><!--SEC END --><P> <A NAME="epmd"></A> </P><P><A HREF="http://www.erlang.org/doc/man/epmd.html">epmd (Erlang Port Mapper Daemon)</A>
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc72">5.2</A>&#XA0;&#XA0;<A HREF="#epmd">epmd</A></H2><!--SEC END --><P> <A NAME="epmd"></A> </P><P><A HREF="http://www.erlang.org/doc/man/epmd.html">epmd (Erlang Port Mapper Daemon)</A>
is a small name server included in Erlang/OTP
and used by Erlang programs when establishing distributed Erlang communications.
<TT>ejabberd</TT> needs <TT>epmd</TT> to use <TT>ejabberdctl</TT> and also when clustering <TT>ejabberd</TT> nodes.
@ -3202,7 +3300,7 @@ but can be configured in the file <TT>ejabberdctl.cfg</TT>.
The Erlang command-line parameter used internally is, for example:
</P><PRE CLASS="verbatim">erl ... -kernel inet_dist_listen_min 4370 inet_dist_listen_max 4375
</PRE><P> <A NAME="cookie"></A> </P><!--TOC section Erlang Cookie-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc70">5.3</A>&#XA0;&#XA0;<A HREF="#cookie">Erlang Cookie</A></H2><!--SEC END --><P> <A NAME="cookie"></A> </P><P>The Erlang cookie is a string with numbers and letters.
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc73">5.3</A>&#XA0;&#XA0;<A HREF="#cookie">Erlang Cookie</A></H2><!--SEC END --><P> <A NAME="cookie"></A> </P><P>The Erlang cookie is a string with numbers and letters.
An Erlang node reads the cookie at startup from the command-line parameter <TT>-setcookie</TT>.
If not indicated, the cookie is read from the cookie file <TT>$HOME/.erlang.cookie</TT>.
If this file does not exist, it is created immediately with a random cookie.
@ -3216,7 +3314,7 @@ to prevent unauthorized access or intrusion to an Erlang node.
The communication between Erlang nodes are not encrypted,
so the cookie could be read sniffing the traffic on the network.
The recommended way to secure the Erlang node is to block the port 4369.</P><P> <A NAME="nodename"></A> </P><!--TOC section Erlang Node Name-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc71">5.4</A>&#XA0;&#XA0;<A HREF="#nodename">Erlang Node Name</A></H2><!--SEC END --><P> <A NAME="nodename"></A> </P><P>An Erlang node may have a node name.
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc74">5.4</A>&#XA0;&#XA0;<A HREF="#nodename">Erlang Node Name</A></H2><!--SEC END --><P> <A NAME="nodename"></A> </P><P>An Erlang node may have a node name.
The name can be short (if indicated with the command-line parameter <TT>-sname</TT>)
or long (if indicated with the parameter <TT>-name</TT>).
Starting an Erlang node with -sname limits the communication between Erlang nodes to the LAN.</P><P>Using the option <TT>-sname</TT> instead of <TT>-name</TT> is a simple method
@ -3225,7 +3323,7 @@ However, it is not ultimately effective to prevent access to the Erlang node,
because it may be possible to fake the fact that you are on another network
using a modified version of Erlang <TT>epmd</TT>.
The recommended way to secure the Erlang node is to block the port 4369.</P><P> <A NAME="secure-files"></A> </P><!--TOC section Securing Sensible Files-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc72">5.5</A>&#XA0;&#XA0;<A HREF="#secure-files">Securing Sensible Files</A></H2><!--SEC END --><P> <A NAME="secure-files"></A> </P><P><TT>ejabberd</TT> stores sensible data in the file system either in plain text or binary files.
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc75">5.5</A>&#XA0;&#XA0;<A HREF="#secure-files">Securing Sensible Files</A></H2><!--SEC END --><P> <A NAME="secure-files"></A> </P><P><TT>ejabberd</TT> stores sensible data in the file system either in plain text or binary files.
The file system permissions should be set to only allow the proper user to read,
write and execute those files and directories.</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>ejabberd configuration file: /etc/ejabberd/ejabberd.cfg</TT></B></DT><DD CLASS="dd-description">
@ -3245,9 +3343,9 @@ so it is preferable to secure the whole <TT>/var/lib/ejabberd/</TT> directory.
</DD><DT CLASS="dt-description"><B><TT>Erlang cookie file: /var/lib/ejabberd/.erlang.cookie</TT></B></DT><DD CLASS="dd-description">
See section <A HREF="#cookie">5.3</A>.
</DD></DL><P> <A NAME="clustering"></A> </P><!--TOC chapter Clustering-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc73">Chapter&#XA0;6</A>&#XA0;&#XA0;<A HREF="#clustering">Clustering</A></H1><!--SEC END --><P> <A NAME="clustering"></A>
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc76">Chapter&#XA0;6</A>&#XA0;&#XA0;<A HREF="#clustering">Clustering</A></H1><!--SEC END --><P> <A NAME="clustering"></A>
</P><P> <A NAME="howitworks"></A> </P><!--TOC section How it Works-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc74">6.1</A>&#XA0;&#XA0;<A HREF="#howitworks">How it Works</A></H2><!--SEC END --><P> <A NAME="howitworks"></A>
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc77">6.1</A>&#XA0;&#XA0;<A HREF="#howitworks">How it Works</A></H2><!--SEC END --><P> <A NAME="howitworks"></A>
</P><P>A Jabber domain is served by one or more <TT>ejabberd</TT> nodes. These nodes can
be run on different machines that are connected via a network. They all
must have the ability to connect to port 4369 of all another nodes, and must
@ -3261,29 +3359,29 @@ router,
</LI><LI CLASS="li-itemize">session manager,
</LI><LI CLASS="li-itemize">s2s manager.
</LI></UL><P> <A NAME="router"></A> </P><!--TOC subsection Router-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc75">6.1.1</A>&#XA0;&#XA0;<A HREF="#router">Router</A></H3><!--SEC END --><P> <A NAME="router"></A>
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc78">6.1.1</A>&#XA0;&#XA0;<A HREF="#router">Router</A></H3><!--SEC END --><P> <A NAME="router"></A>
</P><P>This module is the main router of Jabber packets on each node. It
routes them based on their destination&#X2019;s domains. It uses a global
routing table. The domain of the packet&#X2019;s destination is searched in the
routing table, and if it is found, the packet is routed to the
appropriate process. If not, it is sent to the s2s manager.</P><P> <A NAME="localrouter"></A> </P><!--TOC subsection Local Router-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc76">6.1.2</A>&#XA0;&#XA0;<A HREF="#localrouter">Local Router</A></H3><!--SEC END --><P> <A NAME="localrouter"></A>
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc79">6.1.2</A>&#XA0;&#XA0;<A HREF="#localrouter">Local Router</A></H3><!--SEC END --><P> <A NAME="localrouter"></A>
</P><P>This module routes packets which have a destination domain equal to
one of this server&#X2019;s host names. If the destination JID has a non-empty user
part, it is routed to the session manager, otherwise it is processed depending
on its content.</P><P> <A NAME="sessionmanager"></A> </P><!--TOC subsection Session Manager-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc77">6.1.3</A>&#XA0;&#XA0;<A HREF="#sessionmanager">Session Manager</A></H3><!--SEC END --><P> <A NAME="sessionmanager"></A>
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc80">6.1.3</A>&#XA0;&#XA0;<A HREF="#sessionmanager">Session Manager</A></H3><!--SEC END --><P> <A NAME="sessionmanager"></A>
</P><P>This module routes packets to local users. It looks up to which user
resource a packet must be sent via a presence table. Then the packet is
either routed to the appropriate c2s process, or stored in offline
storage, or bounced back.</P><P> <A NAME="s2smanager"></A> </P><!--TOC subsection s2s Manager-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc78">6.1.4</A>&#XA0;&#XA0;<A HREF="#s2smanager">s2s Manager</A></H3><!--SEC END --><P> <A NAME="s2smanager"></A>
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc81">6.1.4</A>&#XA0;&#XA0;<A HREF="#s2smanager">s2s Manager</A></H3><!--SEC END --><P> <A NAME="s2smanager"></A>
</P><P>This module routes packets to other Jabber servers. First, it
checks if an opened s2s connection from the domain of the packet&#X2019;s
source to the domain of the packet&#X2019;s destination exists. If that is the case,
the s2s manager routes the packet to the process
serving this connection, otherwise a new connection is opened.</P><P> <A NAME="cluster"></A> </P><!--TOC section Clustering Setup-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc79">6.2</A>&#XA0;&#XA0;<A HREF="#cluster">Clustering Setup</A></H2><!--SEC END --><P> <A NAME="cluster"></A>
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc82">6.2</A>&#XA0;&#XA0;<A HREF="#cluster">Clustering Setup</A></H2><!--SEC END --><P> <A NAME="cluster"></A>
</P><P>Suppose you already configured <TT>ejabberd</TT> on one machine named (<TT>first</TT>),
and you need to setup another one to make an <TT>ejabberd</TT> cluster. Then do
following steps:</P><OL CLASS="enumerate" type=1><LI CLASS="li-enumerate">
@ -3321,10 +3419,10 @@ and &#X2018;<CODE>access</CODE>&#X2019; options because they will be taken from
enabled only on one machine in the cluster.
</LI></OL><P>You can repeat these steps for other machines supposed to serve this
domain.</P><P> <A NAME="servicelb"></A> </P><!--TOC section Service Load-Balancing-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc80">6.3</A>&#XA0;&#XA0;<A HREF="#servicelb">Service Load-Balancing</A></H2><!--SEC END --><P> <A NAME="servicelb"></A>
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc83">6.3</A>&#XA0;&#XA0;<A HREF="#servicelb">Service Load-Balancing</A></H2><!--SEC END --><P> <A NAME="servicelb"></A>
</P><P> <A NAME="componentlb"></A> </P><!--TOC subsection Components Load-Balancing-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc81">6.3.1</A>&#XA0;&#XA0;<A HREF="#componentlb">Components Load-Balancing</A></H3><!--SEC END --><P> <A NAME="componentlb"></A> </P><P> <A NAME="domainlb"></A> </P><!--TOC subsection Domain Load-Balancing Algorithm-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc82">6.3.2</A>&#XA0;&#XA0;<A HREF="#domainlb">Domain Load-Balancing Algorithm</A></H3><!--SEC END --><P> <A NAME="domainlb"></A>
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc84">6.3.1</A>&#XA0;&#XA0;<A HREF="#componentlb">Components Load-Balancing</A></H3><!--SEC END --><P> <A NAME="componentlb"></A> </P><P> <A NAME="domainlb"></A> </P><!--TOC subsection Domain Load-Balancing Algorithm-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc85">6.3.2</A>&#XA0;&#XA0;<A HREF="#domainlb">Domain Load-Balancing Algorithm</A></H3><!--SEC END --><P> <A NAME="domainlb"></A>
</P><P><TT>ejabberd</TT> includes an algorithm to load balance the components that are plugged on an <TT>ejabberd</TT> cluster. It means that you can plug one or several instances of the same component on each <TT>ejabberd</TT> cluster and that the traffic will be automatically distributed.</P><P>The default distribution algorithm try to deliver to a local instance of a component. If several local instances are available, one instance is chosen randomly. If no instance is available locally, one instance is chosen randomly among the remote component instances.</P><P>If you need a different behaviour, you can change the load balancing behaviour with the option <TT>domain_balancing</TT>. The syntax of the option is the following:</P><PRE CLASS="verbatim">{domain_balancing, "component.example.com", &lt;balancing_criterium&gt;}.
</PRE><P>Several balancing criteria are available:
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
@ -3333,13 +3431,13 @@ domain.</P><P> <A NAME="servicelb"></A> </P><!--TOC section Service Load-Balanci
</LI><LI CLASS="li-itemize"><TT>bare_destination</TT>: the bare JID (without resource) of the packet <TT>to</TT> attribute is used.
</LI><LI CLASS="li-itemize"><TT>bare_source</TT>: the bare JID (without resource) of the packet <TT>from</TT> attribute is used.
</LI></UL><P>If the value corresponding to the criteria is the same, the same component instance in the cluster will be used.</P><P> <A NAME="lbbuckets"></A> </P><!--TOC subsection Load-Balancing Buckets-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc83">6.3.3</A>&#XA0;&#XA0;<A HREF="#lbbuckets">Load-Balancing Buckets</A></H3><!--SEC END --><P> <A NAME="lbbuckets"></A>
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc86">6.3.3</A>&#XA0;&#XA0;<A HREF="#lbbuckets">Load-Balancing Buckets</A></H3><!--SEC END --><P> <A NAME="lbbuckets"></A>
</P><P>When there is a risk of failure for a given component, domain balancing can cause service trouble. If one component is failing the service will not work correctly unless the sessions are rebalanced.</P><P>In this case, it is best to limit the problem to the sessions handled by the failing component. This is what the <TT>domain_balancing_component_number</TT> option does, making the load balancing algorithm not dynamic, but sticky on a fix number of component instances.</P><P>The syntax is the following:
</P><PRE CLASS="verbatim">{domain_balancing_component_number, "component.example.com", N}
</PRE><P> <A NAME="debugging"></A> </P><!--TOC chapter Debugging-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc84">Chapter&#XA0;7</A>&#XA0;&#XA0;<A HREF="#debugging">Debugging</A></H1><!--SEC END --><P> <A NAME="debugging"></A>
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc87">Chapter&#XA0;7</A>&#XA0;&#XA0;<A HREF="#debugging">Debugging</A></H1><!--SEC END --><P> <A NAME="debugging"></A>
</P><P> <A NAME="logfiles"></A> </P><!--TOC section Log Files-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc85">7.1</A>&#XA0;&#XA0;<A HREF="#logfiles">Log Files</A></H2><!--SEC END --><P> <A NAME="logfiles"></A> </P><P>An <TT>ejabberd</TT> node writes two log files:
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc88">7.1</A>&#XA0;&#XA0;<A HREF="#logfiles">Log Files</A></H2><!--SEC END --><P> <A NAME="logfiles"></A> </P><P>An <TT>ejabberd</TT> node writes two log files:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>ejabberd.log</TT></B></DT><DD CLASS="dd-description"> is the ejabberd service log, with the messages reported by <TT>ejabberd</TT> code
</DD><DT CLASS="dt-description"><B><TT>sasl.log</TT></B></DT><DD CLASS="dd-description"> is the Erlang/OTP system log, with the messages reported by Erlang/OTP using SASL (System Architecture Support Libraries)
@ -3357,16 +3455,16 @@ For example, the default configuration is:
</P><PRE CLASS="verbatim">{loglevel, 4}.
</PRE><P>The log files grow continually, so it is recommended to rotate them periodically.
To rotate the log files, rename the files and then reopen them.
The ejabberd command <TT>reopen-log</TT>
(please refer to section <A HREF="#commands">4.1.1</A>)
The ejabberdctl command <TT>reopen-log</TT>
(please refer to section <A HREF="#ectl-commands">4.1.1</A>)
reopens the log files,
and also renames the old ones if you didn&#X2019;t rename them.</P><P> <A NAME="debugconsole"></A> </P><!--TOC section Debug Console-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc86">7.2</A>&#XA0;&#XA0;<A HREF="#debugconsole">Debug Console</A></H2><!--SEC END --><P> <A NAME="debugconsole"></A> </P><P>The Debug Console is an Erlang shell attached to an already running <TT>ejabberd</TT> server.
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc89">7.2</A>&#XA0;&#XA0;<A HREF="#debugconsole">Debug Console</A></H2><!--SEC END --><P> <A NAME="debugconsole"></A> </P><P>The Debug Console is an Erlang shell attached to an already running <TT>ejabberd</TT> server.
With this Erlang shell, an experienced administrator can perform complex tasks.</P><P>This shell gives complete control over the <TT>ejabberd</TT> server,
so it is important to use it with extremely care.
There are some simple and safe examples in the article
<A HREF="http://www.ejabberd.im/interconnect-erl-nodes">Interconnecting Erlang Nodes</A></P><P>To exit the shell, close the window or press the keys: control+c control+c.</P><P> <A NAME="watchdog"></A> </P><!--TOC section Watchdog Alerts-->
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc87">7.3</A>&#XA0;&#XA0;<A HREF="#watchdog">Watchdog Alerts</A></H2><!--SEC END --><P> <A NAME="watchdog"></A>
<H2 CLASS="section"><!--SEC ANCHOR --><A NAME="htoc90">7.3</A>&#XA0;&#XA0;<A HREF="#watchdog">Watchdog Alerts</A></H2><!--SEC END --><P> <A NAME="watchdog"></A>
</P><P><TT>ejabberd</TT> includes a watchdog mechanism that may be useful to developers
when troubleshooting a problem related to memory usage.
If a process in the <TT>ejabberd</TT> server consumes more memory than the configured threshold,
@ -3384,7 +3482,7 @@ or in a conversation with the watchdog alert bot.</P><P>Example configuration:
To remove all watchdog admins, set the option with an empty list:
</P><PRE CLASS="verbatim">{watchdog_admins, []}.
</PRE><P> <A NAME="i18ni10n"></A> </P><!--TOC chapter Internationalization and Localization-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc88">Appendix&#XA0;A</A>&#XA0;&#XA0;<A HREF="#i18ni10n">Internationalization and Localization</A></H1><!--SEC END --><P> <A NAME="i18ni10n"></A>
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc91">Appendix&#XA0;A</A>&#XA0;&#XA0;<A HREF="#i18ni10n">Internationalization and Localization</A></H1><!--SEC END --><P> <A NAME="i18ni10n"></A>
</P><P>The source code of <TT>ejabberd</TT> supports localization.
The translators can edit the
<A HREF="http://www.gnu.org/software/gettext/">gettext</A> .po files
@ -3419,9 +3517,9 @@ HTTP header &#X2018;Accept-Language: ru&#X2019;</TD></TR>
</TABLE></DIV>
<A NAME="fig:webadmmainru"></A>
<DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE><P> <A NAME="releasenotes"></A> </P><!--TOC chapter Release Notes-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc89">Appendix&#XA0;B</A>&#XA0;&#XA0;<A HREF="#releasenotes">Release Notes</A></H1><!--SEC END --><P> <A NAME="releasenotes"></A>
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc92">Appendix&#XA0;B</A>&#XA0;&#XA0;<A HREF="#releasenotes">Release Notes</A></H1><!--SEC END --><P> <A NAME="releasenotes"></A>
</P><P>Release notes are available from <A HREF="http://www.process-one.net/en/ejabberd/release_notes/">ejabberd Home Page</A></P><P> <A NAME="acknowledgements"></A> </P><!--TOC chapter Acknowledgements-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc90">Appendix&#XA0;C</A>&#XA0;&#XA0;<A HREF="#acknowledgements">Acknowledgements</A></H1><!--SEC END --><P> <A NAME="acknowledgements"></A> </P><P>Thanks to all people who contributed to this guide:
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc93">Appendix&#XA0;C</A>&#XA0;&#XA0;<A HREF="#acknowledgements">Acknowledgements</A></H1><!--SEC END --><P> <A NAME="acknowledgements"></A> </P><P>Thanks to all people who contributed to this guide:
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
Alexey Shchepin (<A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT></A>)
</LI><LI CLASS="li-itemize">Badlop (<A HREF="xmpp:badlop@jabberes.org"><TT>xmpp:badlop@jabberes.org</TT></A>)
@ -3433,7 +3531,7 @@ Alexey Shchepin (<A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT
</LI><LI CLASS="li-itemize">Sergei Golovan (<A HREF="xmpp:sgolovan@nes.ru"><TT>xmpp:sgolovan@nes.ru</TT></A>)
</LI><LI CLASS="li-itemize">Vsevolod Pelipas (<A HREF="xmpp:vsevoload@jabber.ru"><TT>xmpp:vsevoload@jabber.ru</TT></A>)
</LI></UL><P> <A NAME="copyright"></A> </P><!--TOC chapter Copyright Information-->
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc91">Appendix&#XA0;D</A>&#XA0;&#XA0;<A HREF="#copyright">Copyright Information</A></H1><!--SEC END --><P> <A NAME="copyright"></A> </P><P>Ejabberd Installation and Operation Guide.<BR>
<H1 CLASS="chapter"><!--SEC ANCHOR --><A NAME="htoc94">Appendix&#XA0;D</A>&#XA0;&#XA0;<A HREF="#copyright">Copyright Information</A></H1><!--SEC END --><P> <A NAME="copyright"></A> </P><P>Ejabberd Installation and Operation Guide.<BR>
Copyright &#XA9; 2003 &#X2014; 2009 ProcessOne</P><P>This document is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2

222
doc/guide.tex
View File

@ -3809,10 +3809,24 @@ Options:
\makesection{ejabberdctl}{\term{ejabberdctl}}
\makesubsection{commands}{Commands}
With the \term{ejabberdctl} command line administration script
you can execute \term{ejabberdctl commands} (described in the next section, \ref{ectl-commands})
and also many general \term{ejabberd commands} (described in section \ref{eja-commands}).
This means you can start, stop and perform many other administrative tasks
in a local or remote \ejabberd{} server (by providing the argument \term{--node NODENAME}).
The \term{ejabberdctl} command line administration script allows to start, stop and perform
many other administrative tasks in a local or remote \ejabberd{} server.
The \term{ejabberdctl} script can be configured in the file \term{ejabberdctl.cfg}.
This file includes detailed information about each configurable option. See section \ref{erlangconfiguration}.
The \term{ejabberdctl} script returns a numerical status code.
Success is represented by \term{0},
error is represented by \term{1},
and other codes may be used for specific results.
This can be used by other scripts to determine automatically
if a command succeeded or failed,
for example using: \term{echo \$?}
\makesubsection{ectl-commands}{ejabberdctl Commands}
When \term{ejabberdctl} is executed without any parameter,
it displays the available options. If there isn't an \ejabberd{} server running,
@ -3824,53 +3838,44 @@ the available parameters are:
\end{description}
If there is an \ejabberd{} server running in the system,
\term{ejabberdctl} shows all the available commands in that server.
The more interesting ones are:
\term{ejabberdctl} shows the \term{ejabberdctl commands} described bellow
and all the \term{ejabberd commands} available in that server (see \ref{list-eja-commands}).
The \term{ejabberdctl commands} are:
\begin{description}
\titem{help} Get help about ejabberdctl or any available command. Try \term{ejabberdctl help help}.
\titem{status} Check the status of the \ejabberd{} server.
\titem{stop} Stop the \ejabberd{} server which is running in the machine.
\titem{reopen-log} Reopen the log files after they were renamed.
If the old files were not renamed before calling this command,
they are automatically renamed to \term{"*-old.log"}. See section \ref{logfiles}.
\titem {backup ejabberd.backup}
Store internal Mnesia database to a binary backup file.
\titem {restore ejabberd.backup}
Restore immediately from a binary backup file the internal Mnesia database.
This will consume quite some memory for big servers.
\titem {install-fallback ejabberd.backup}
The binary backup file is installed as fallback:
it will be used to restore the database at the next ejabberd start.
Similar to \term{restore}, but requires less memory.
\titem {dump ejabberd.dump}
Dump internal Mnesia database to a text file dump.
\titem {load ejabberd.dump}
Restore immediately from a text file dump.
This is not recommended for big databases, as it will consume much time,
memory and processor. In that case it's preferable to use \term{backup} and \term{install-fallback}.
%%More information about backuping can
%% be found in section~\ref{backup}.
\titem{import-file, import-dir} \ind{migration from other software}
These options can be used to migrate from other \Jabber{}/XMPP servers. There
exist tutorials to \footahref{http://www.ejabberd.im/migrate-to-ejabberd}{migrate from other software to ejabberd}.
\titem{delete-expired-messages} This option can be used to delete old messages
in offline storage. This might be useful when the number of offline messages
is very high.
\titem{stop} Stop the \ejabberd{} server.
\titem{restart} Restart the \ejabberd{} server.
\titem{mnesia} Get information about the Mnesia database.
\end{description}
The \term{ejabberdctl} script also allows the argument \term{--node NODENAME}.
This allows to administer a remote node.
The \term{ejabberdctl} script can be restricted to require authentication
and execute some \term{ejabberd commands}; see \ref{accesscommands}.
Add the option to the file \term{ejabberd.cfg}.
In this example there is no restriction:
\begin{verbatim}
{ejabberdctl_access_commands, []}.
\end{verbatim}
The \term{ejabberdctl} script can be configured in the file \term{ejabberdctl.cfg}.
This file includes detailed information about each configurable option.
The \term{ejabberdctl} script returns a numerical status code.
Success is represented by \term{0},
error is represented by \term{1},
and other codes may be used for specific results.
This can be used by other scripts to determine automatically
if a command succeeded or failed,
for example using: \term{echo \$?}
If account \term{robot1@example.org} is registered in \ejabberd{} with password \term{abcdef}
(which MD5 is E8B501798950FC58AAD83C8C14978E),
and \term{ejabberd.cfg} contains this setting:
\begin{verbatim}
{hosts, ["example.org"]}.
{acl, bots, {user, "robot1", "example.org"}}.
{access, ctlaccess, [{allow, bots}]}.
{ejabberdctl_access_commands, [ {ctlaccess, [registered_users, register], []} ]}.
\end{verbatim}
then you can do this in the shell:
\begin{verbatim}
$ ejabberdctl registered_users example.org
Error: no_auth_provided
$ ejabberdctl --auth robot1 example.org E8B501798950FC58AAD83C8C14978E registered_users example.org
robot1
testuser1
testuser2
\end{verbatim}
\makesubsection{erlangconfiguration}{Erlang Runtime System}
@ -3949,6 +3954,131 @@ The command line parameters:
Note that some characters need to be escaped when used in shell scripts, for instance \verb|"| and \verb|{}|.
You can find other options in the Erlang manual page (\shell{erl -man erl}).
\makesection{eja-commands}{\ejabberd{} Commands}
An \term{ejabberd command} is an abstract function identified by a name,
with a defined number and type of calling arguments and type of result
that is registered in the \term{ejabberd\_commands} service.
Those commands can be defined in any Erlang module and executed using any valid frontend.
\ejabberd{} includes a frontend to execute \term{ejabberd commands}: the script \term{ejabberdctl}.
Other known frontends that can be installed to execute ejabberd commands in different ways are:
\term{ejabberd\_xmlrpc} (XML-RPC service),
\term{mod\_rest} (HTTP POST service),
\term{mod\_shcommands} (ejabberd WebAdmin page).
\makesubsection{list-eja-commands}{List of ejabberd Commands}
\ejabberd{} includes a few ejabberd Commands by default.
When more modules are installed, new commands may be available in the frontends.
The easiest way to get a list of the available commands, and get help for them is to use
the ejabberdctl script:
\begin{verbatim}
$ ejabberdctl help
Usage: ejabberdctl [--node nodename] [--auth user host password] command [options]
Available commands in this ejabberd node:
backup file Store the database to backup file
connected_users List all established sessions
connected_users_number Get the number of established sessions
delete_expired_messages Delete expired offline messages from database
delete_old_messages days Delete offline messages older than DAYS
...
\end{verbatim}
The more interesting ones are:
\begin{description}
\titem{reopen-log} Reopen the log files after they were renamed.
If the old files were not renamed before calling this command,
they are automatically renamed to \term{"*-old.log"}. See section \ref{logfiles}.
\titem {backup ejabberd.backup}
Store internal Mnesia database to a binary backup file.
\titem {restore ejabberd.backup}
Restore immediately from a binary backup file the internal Mnesia database.
This will consume quite some memory for big servers.
\titem {install-fallback ejabberd.backup}
The binary backup file is installed as fallback:
it will be used to restore the database at the next ejabberd start.
Similar to \term{restore}, but requires less memory.
\titem {dump ejabberd.dump}
Dump internal Mnesia database to a text file dump.
\titem {load ejabberd.dump}
Restore immediately from a text file dump.
This is not recommended for big databases, as it will consume much time,
memory and processor. In that case it's preferable to use \term{backup} and \term{install-fallback}.
%%More information about backuping can
%% be found in section~\ref{backup}.
\titem{import-file, import-dir} \ind{migration from other software}
These options can be used to migrate from other \Jabber{}/XMPP servers. There
exist tutorials to \footahref{http://www.ejabberd.im/migrate-to-ejabberd}{migrate from other software to ejabberd}.
\titem{delete-expired-messages} This option can be used to delete old messages
in offline storage. This might be useful when the number of offline messages
is very high.
\end{description}
\makesubsection{accesscommands}{Restrict Execution with AccessCommands}
The frontends can be configured to restrict access to certain commands.
In that case, authentication information must be provided.
In each frontend the \term{AccessCommands} option is defined
in a different place. But in all cases the option syntax is the same:
\begin{verbatim}
AccessCommands = [ {Access, CommandNames, Arguments} ]
Access = atom()
CommandNames = all | [CommandName]
CommandName = atom()
Arguments = [{ArgumentName, ArgumentValue}]
ArgumentName = atom()
ArgumentValue = any()
\end{verbatim}
The default value is to not define any restriction: \term{[]}.
If at least one restriction is defined, then the frontend expects
that authentication information is provided when executing a command.
The authentication information is Username, Hostname and Password of a local Jabber account
that has permission to execute the corresponding command.
This means that the account must be registered in the local ejabberd,
because the information will be verified.
It is possible to provide the plaintext password or its MD5 sum.
When one or several access restrictions are defined and the
authentication information is provided,
each restriction is verified until one matches completely:
the account matches the Access rule,
the command name is listed in CommandNames,
and the provided arguments do not contradict Arguments.
As an example to understand the syntax, let's suppose those options:
\begin{verbatim}
{hosts, ["example.org"]}.
{acl, bots, {user, "robot1", "example.org"}}.
{access, commaccess, [{allow, bots}]}.
\end{verbatim}
This list of access restrictions allows only \term{robot1@example.org} to execute all commands:
\begin{verbatim}
[{commaccess, all, []}]
\end{verbatim}
See another list of restrictions (the corresponding ACL and ACCESS are not shown):
\begin{verbatim}
[
%% This bot can execute all commands:
{bot, all, []},
%% This bot can only execute the command 'dump'. No argument restriction:
{bot_backups, [dump], []}
%% This bot can execute all commands,
%% but if a 'host' argument is provided, it must be "example.org":
{bot_all_example, all, [{host, "example.org"}]},
%% This bot can only execute the command 'register',
%% and if argument 'host' is provided, it must be "example.org":
{bot_reg_example, [register], [{host, "example.org"}]},
%% This bot can execute the commands 'register' and 'unregister',
%% if argument host is provided, it must be "test.org":
{_bot_reg_test, [register, unregister], [{host, "test.org"}]}
]
\end{verbatim}
\makesection{webadmin}{Web Admin}
\ind{web admin}
@ -4408,8 +4538,8 @@ For example, the default configuration is:
The log files grow continually, so it is recommended to rotate them periodically.
To rotate the log files, rename the files and then reopen them.
The ejabberd command \term{reopen-log}
(please refer to section \ref{commands})
The ejabberdctl command \term{reopen-log}
(please refer to section \ref{ectl-commands})
reopens the log files,
and also renames the old ones if you didn't rename them.