parent
2929f5b5bc
commit
5a01b5f1fc
@ -0,0 +1,3 @@
|
||||
.git
|
||||
.win32
|
||||
.examples
|
@ -0,0 +1,25 @@
|
||||
FROM debian:jessie
|
||||
MAINTAINER Rafael Römhild <rafael@roemhild.de>
|
||||
|
||||
ENV XMPP_DOMAIN=localhost \
|
||||
EJABBERD_HOME=/opt/ejabberd \
|
||||
PATH=/opt/ejabberd/bin:/usr/sbin:/usr/bin:/sbin:/bin \
|
||||
LC_ALL=C.UTF-8 \
|
||||
LANG=en_US.UTF-8 \
|
||||
LANGUAGE=en_US.UTF-8
|
||||
|
||||
# bootstrap
|
||||
COPY . /tmp/ejabberd
|
||||
RUN /tmp/ejabberd/docker/bootstrap.sh
|
||||
|
||||
# Continue as user
|
||||
USER ejabberd
|
||||
|
||||
# Set workdir to ejabberd root
|
||||
WORKDIR /opt/ejabberd
|
||||
|
||||
VOLUME ["/opt/ejabberd/conf", "/opt/ejabberd/database", "/opt/ejabberd/ssl", "/opt/ejabberd/backup", "/opt/ejabberd/upload", "/opt/ejabberd/modules"]
|
||||
|
||||
EXPOSE 4560 5222 5269 5280 5443
|
||||
|
||||
ENTRYPOINT ["/opt/ejabberd/docker/start.sh"]
|
@ -0,0 +1,75 @@
|
||||
#!/bin/sh
|
||||
set -ex
|
||||
|
||||
export DEBIAN_FRONTEND="noninteractive"
|
||||
|
||||
readonly buildDeps='
|
||||
git-core
|
||||
build-essential
|
||||
automake
|
||||
libssl-dev
|
||||
zlib1g-dev
|
||||
libexpat-dev
|
||||
libyaml-dev
|
||||
libsqlite3-dev
|
||||
erlang-src erlang-dev'
|
||||
|
||||
readonly requiredAptPackages='
|
||||
locales
|
||||
ldnsutils
|
||||
python2.7
|
||||
python-jinja2
|
||||
ca-certificates
|
||||
libyaml-0-2
|
||||
erlang-base erlang-snmp erlang-ssl erlang-ssh erlang-webtool
|
||||
erlang-tools erlang-xmerl erlang-corba erlang-diameter erlang-eldap
|
||||
erlang-eunit erlang-ic erlang-odbc erlang-os-mon
|
||||
erlang-parsetools erlang-percept erlang-typer
|
||||
python-mysqldb
|
||||
imagemagick'
|
||||
|
||||
apt-key adv \
|
||||
--keyserver keys.gnupg.net \
|
||||
--recv-keys 434975BD900CCBE4F7EE1B1ED208507CA14F4FCA
|
||||
|
||||
apt-get update
|
||||
apt-get install -y $buildDeps $requiredAptPackages --no-install-recommends
|
||||
dpkg-reconfigure locales && locale-gen C.UTF-8
|
||||
/usr/sbin/update-locale LANG=C.UTF-8
|
||||
echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen
|
||||
locale-gen
|
||||
|
||||
# add ejabberd user
|
||||
useradd --home $EJABBERD_HOME -M --system ejabberd
|
||||
mkdir $EJABBERD_HOME
|
||||
|
||||
cd /tmp/ejabberd
|
||||
chmod +x ./autogen.sh
|
||||
./autogen.sh
|
||||
./configure --enable-user=ejabberd \
|
||||
--enable-all \
|
||||
--disable-tools \
|
||||
--disable-pam
|
||||
|
||||
make debug=$EJABBERD_DEBUG_MODE
|
||||
make install
|
||||
|
||||
cd $EJABBERD_HOME
|
||||
mkdir -p logs ssl backup upload module_source modules/conf
|
||||
mv /tmp/ejabberd/docker $EJABBERD_HOME
|
||||
|
||||
# Move config to homedir
|
||||
mv /etc/ejabberd conf
|
||||
ln -s $EJABBERD_HOME/conf /etc/ejabberd
|
||||
|
||||
# rename original configs
|
||||
mv conf/ejabberd.yml conf/ejabberd.yml.orig
|
||||
mv conf/ejabberdctl.cfg conf/ejabberdctl.cfg.orig
|
||||
|
||||
# clean up
|
||||
rm -rf /tmp/ejabberd
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get purge -y --auto-remove $buildDeps
|
||||
|
||||
# change owner for ejabberd home
|
||||
chown -R ejabberd $EJABBERD_HOME
|
@ -0,0 +1,434 @@
|
||||
###
|
||||
### ejabberd configuration file
|
||||
###
|
||||
###
|
||||
|
||||
### The parameters used in this configuration file are explained in more detail
|
||||
### in the ejabberd Installation and Operation Guide.
|
||||
### Please consult the Guide in case of doubts, it is included with
|
||||
### your copy of ejabberd, and is also available online at
|
||||
### http://www.process-one.net/en/ejabberd/docs/
|
||||
|
||||
### =======
|
||||
### LOGGING
|
||||
|
||||
loglevel: {{ env['EJABBERD_LOGLEVEL'] or 4 }}
|
||||
log_rotate_size: 10485760
|
||||
log_rotate_count: 0
|
||||
log_rate_limit: 100
|
||||
|
||||
## watchdog_admins:
|
||||
## - "bob@example.com"
|
||||
|
||||
### ================
|
||||
### SERVED HOSTNAMES
|
||||
|
||||
hosts:
|
||||
{%- for xmpp_domain in env['XMPP_DOMAIN'].split() %}
|
||||
- "{{ xmpp_domain }}"
|
||||
{%- endfor %}
|
||||
|
||||
##
|
||||
## route_subdomains: Delegate subdomains to other XMPP servers.
|
||||
## For example, if this ejabberd serves example.org and you want
|
||||
## to allow communication with an XMPP server called im.example.org.
|
||||
##
|
||||
## route_subdomains: s2s
|
||||
|
||||
### ===============
|
||||
### LISTENING PORTS
|
||||
|
||||
listen:
|
||||
-
|
||||
port: 5222
|
||||
module: ejabberd_c2s
|
||||
{%- if env['EJABBERD_STARTTLS'] == "true" %}
|
||||
starttls_required: true
|
||||
{%- endif %}
|
||||
protocol_options:
|
||||
- "no_sslv3"
|
||||
{%- if env.get('EJABBERD_PROTOCOL_OPTIONS_TLSV1', "false") == "false" %}
|
||||
- "no_tlsv1"
|
||||
{%- endif %}
|
||||
{%- if env.get('EJABBERD_PROTOCOL_OPTIONS_TLSV1_1', "true") == "false" %}
|
||||
- "no_tlsv1_1"
|
||||
{%- endif %}
|
||||
max_stanza_size: 65536
|
||||
shaper: c2s_shaper
|
||||
access: c2s
|
||||
ciphers: "{{ env.get('EJABBERD_CIPHERS', 'HIGH:!aNULL:!3DES') }}"
|
||||
{%- if env.get('EJABBERD_DHPARAM', false) == "true" %}
|
||||
dhfile: "/opt/ejabberd/ssl/dh.pem"
|
||||
{%- endif %}
|
||||
-
|
||||
port: 5269
|
||||
module: ejabberd_s2s_in
|
||||
-
|
||||
port: 4560
|
||||
module: ejabberd_xmlrpc
|
||||
access_commands:
|
||||
configure:
|
||||
all: []
|
||||
|
||||
-
|
||||
port: 5280
|
||||
module: ejabberd_http
|
||||
request_handlers:
|
||||
"/websocket": ejabberd_http_ws
|
||||
## "/pub/archive": mod_http_fileserver
|
||||
web_admin: true
|
||||
http_bind: true
|
||||
## register: true
|
||||
captcha: true
|
||||
{%- if env['EJABBERD_HTTPS'] == "true" %}
|
||||
tls: true
|
||||
certfile: "/opt/ejabberd/ssl/host.pem"
|
||||
{% endif %}
|
||||
-
|
||||
port: 5443
|
||||
module: ejabberd_http
|
||||
request_handlers:
|
||||
"": mod_http_upload
|
||||
{%- if env['EJABBERD_HTTPS'] == "true" %}
|
||||
tls: true
|
||||
certfile: "/opt/ejabberd/ssl/host.pem"
|
||||
{% endif %}
|
||||
|
||||
|
||||
### SERVER TO SERVER
|
||||
### ================
|
||||
|
||||
{%- if env['EJABBERD_S2S_SSL'] == "true" %}
|
||||
s2s_use_starttls: required
|
||||
s2s_certfile: "/opt/ejabberd/ssl/host.pem"
|
||||
s2s_protocol_options:
|
||||
- "no_sslv3"
|
||||
{%- if env.get('EJABBERD_PROTOCOL_OPTIONS_TLSV1', "false") == "false" %}
|
||||
- "no_tlsv1"
|
||||
{%- endif %}
|
||||
{%- if env.get('EJABBERD_PROTOCOL_OPTIONS_TLSV1_1', "true") == "false" %}
|
||||
- "no_tlsv1_1"
|
||||
{%- endif %}
|
||||
s2s_ciphers: "{{ env.get('EJABBERD_CIPHERS', 'HIGH:!aNULL:!3DES') }}"
|
||||
{%- if env.get('EJABBERD_DHPARAM', false) == "true" %}
|
||||
s2s_dhfile: "/opt/ejabberd/ssl/dh.pem"
|
||||
{%- endif %}
|
||||
{% endif %}
|
||||
|
||||
### ==============
|
||||
### AUTHENTICATION
|
||||
|
||||
auth_method:
|
||||
{%- for auth_method in env.get('EJABBERD_AUTH_METHOD', 'internal').split() %}
|
||||
- {{ auth_method }}
|
||||
{%- endfor %}
|
||||
|
||||
{%- if 'anonymous' in env.get('EJABBERD_AUTH_METHOD', 'internal').split() %}
|
||||
anonymous_protocol: login_anon
|
||||
allow_multiple_connections: true
|
||||
{%- endif %}
|
||||
|
||||
|
||||
## LDAP authentication
|
||||
|
||||
{%- if 'ldap' in env.get('EJABBERD_AUTH_METHOD', 'internal').split() %}
|
||||
|
||||
ldap_servers:
|
||||
{%- for ldap_server in env.get('EJABBERD_LDAP_SERVERS', 'internal').split() %}
|
||||
- "{{ ldap_server }}"
|
||||
{%- endfor %}
|
||||
|
||||
ldap_encrypt: {{ env.get('EJABBERD_LDAP_ENCRYPT', 'none') }}
|
||||
ldap_tls_verify: {{ env.get('EJABBERD_LDAP_TLS_VERIFY', 'false') }}
|
||||
|
||||
{%- if env['EJABBERD_LDAP_TLS_CACERTFILE'] %}
|
||||
ldap_tls_cacertfile: "{{ env['EJABBERD_LDAP_TLS_CACERTFILE'] }}"
|
||||
{%- endif %}
|
||||
|
||||
ldap_tls_depth: {{ env.get('EJABBERD_LDAP_TLS_DEPTH', 1) }}
|
||||
|
||||
{%- if env['EJABBERD_LDAP_PORT'] %}
|
||||
ldap_port: {{ env['EJABBERD_LDAP_PORT'] }}
|
||||
{%- endif %}
|
||||
|
||||
{%- if env['EJABBERD_LDAP_ROOTDN'] %}
|
||||
ldap_rootdn: "{{ env['EJABBERD_LDAP_ROOTDN'] }}"
|
||||
{%- endif %}
|
||||
|
||||
{%- if env['EJABBERD_LDAP_PASSWORD'] %}
|
||||
ldap_password: "{{ env['EJABBERD_LDAP_PASSWORD'] }}"
|
||||
{%- endif %}
|
||||
|
||||
ldap_deref_aliases: {{ env.get('EJABBERD_LDAP_DEREF_ALIASES', 'never') }}
|
||||
ldap_base: "{{ env['EJABBERD_LDAP_BASE'] }}"
|
||||
|
||||
{%- if env['EJABBERD_LDAP_UIDS'] %}
|
||||
ldap_uids:
|
||||
{%- for ldap_uid in env['EJABBERD_LDAP_UIDS'].split() %}
|
||||
"{{ ldap_uid.split(':')[0] }}": "{{ ldap_uid.split(':')[1] }}"
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
{%- if env['EJABBERD_LDAP_FILTER'] %}
|
||||
ldap_filter: "{{ env['EJABBERD_LDAP_FILTER'] }}"
|
||||
{%- endif %}
|
||||
|
||||
{%- if env['EJABBERD_LDAP_DN_FILTER'] %}
|
||||
ldap_dn_filter:
|
||||
{%- for dn_filter in env['EJABBERD_LDAP_DN_FILTER'].split() %}
|
||||
"{{ dn_filter.split(':')[0] }}": ["{{ dn_filter.split(':')[1] }}"]
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
{%- endif %}
|
||||
|
||||
{%- if 'external' in env.get('EJABBERD_AUTH_METHOD', 'internal').split() %}
|
||||
{%- if env['EJABBERD_EXTAUTH_PROGRAM'] %}
|
||||
extauth_program: "{{ env['EJABBERD_EXTAUTH_PROGRAM'] }}"
|
||||
{%- endif %}
|
||||
{%- if env['EJABBERD_EXTAUTH_INSTANCES'] %}
|
||||
extauth_instances: {{ env['EJABBERD_EXTAUTH_INSTANCES'] }}
|
||||
{%- endif %}
|
||||
{%- if 'internal' in env.get('EJABBERD_AUTH_METHOD').split() %}
|
||||
extauth_cache: false
|
||||
{%- elif env['EJABBERD_EXTAUTH_CACHE'] %}
|
||||
extauth_cache: {{ env['EJABBERD_EXTAUTH_CACHE'] }}
|
||||
{%- endif %}
|
||||
{% endif %}
|
||||
|
||||
### ===============
|
||||
### TRAFFIC SHAPERS
|
||||
|
||||
shaper:
|
||||
normal: 1000
|
||||
fast: 50000
|
||||
max_fsm_queue: 1000
|
||||
|
||||
### ====================
|
||||
### ACCESS CONTROL LISTS
|
||||
|
||||
acl:
|
||||
admin:
|
||||
user:
|
||||
{%- if env['EJABBERD_ADMINS'] %}
|
||||
{%- for admin in env['EJABBERD_ADMINS'].split() %}
|
||||
- "{{ admin.split('@')[0] }}": "{{ admin.split('@')[1] }}"
|
||||
{%- endfor %}
|
||||
{%- else %}
|
||||
- "admin": "{{ env['XMPP_DOMAIN'].split()[0] }}"
|
||||
{%- endif %}
|
||||
local:
|
||||
user_regexp: ""
|
||||
|
||||
### ============
|
||||
### ACCESS RULES
|
||||
|
||||
access:
|
||||
## Maximum number of simultaneous sessions allowed for a single user:
|
||||
max_user_sessions:
|
||||
all: 10
|
||||
## Maximum number of offline messages that users can have:
|
||||
max_user_offline_messages:
|
||||
admin: 5000
|
||||
all: 100
|
||||
## This rule allows access only for local users:
|
||||
local:
|
||||
local: allow
|
||||
## Only non-blocked users can use c2s connections:
|
||||
c2s:
|
||||
blocked: deny
|
||||
all: allow
|
||||
## For C2S connections, all users except admins use the "normal" shaper
|
||||
c2s_shaper:
|
||||
admin: none
|
||||
all: normal
|
||||
## All S2S connections use the "fast" shaper
|
||||
s2s_shaper:
|
||||
all: fast
|
||||
## Only admins can send announcement messages:
|
||||
announce:
|
||||
admin: allow
|
||||
## Only admins can use the configuration interface:
|
||||
configure:
|
||||
admin: allow
|
||||
## Admins of this server are also admins of the MUC service:
|
||||
muc_admin:
|
||||
admin: allow
|
||||
## Only accounts of the local ejabberd server, or only admins can create rooms, depending on environment variable:
|
||||
muc_create:
|
||||
{%- if env['EJABBERD_MUC_CREATE_ADMIN_ONLY'] == "true" %}
|
||||
admin: allow
|
||||
{% else %}
|
||||
local: allow
|
||||
{% endif %}
|
||||
## All users are allowed to use the MUC service:
|
||||
muc:
|
||||
all: allow
|
||||
## Only accounts on the local ejabberd server can create Pubsub nodes:
|
||||
pubsub_createnode:
|
||||
local: allow
|
||||
## In-band registration allows registration of any possible username.
|
||||
register:
|
||||
{%- if env['EJABBERD_REGISTER_ADMIN_ONLY'] == "true" %}
|
||||
all: deny
|
||||
admin: allow
|
||||
{% else %}
|
||||
all: allow
|
||||
{% endif %}
|
||||
## Only allow to register from localhost
|
||||
trusted_network:
|
||||
loopback: allow
|
||||
soft_upload_quota:
|
||||
all: 400 # MiB
|
||||
hard_upload_quota:
|
||||
all: 500 # MiB
|
||||
|
||||
|
||||
language: "en"
|
||||
|
||||
### =======
|
||||
### MODULES
|
||||
|
||||
modules:
|
||||
mod_adhoc: {}
|
||||
{%- if env['EJABBERD_MOD_ADMIN_EXTRA'] == "true" %}
|
||||
mod_admin_extra: {}
|
||||
{% endif %}
|
||||
mod_announce: # recommends mod_adhoc
|
||||
access: announce
|
||||
mod_blocking: {} # requires mod_privacy
|
||||
mod_caps: {}
|
||||
mod_carboncopy: {}
|
||||
mod_client_state:
|
||||
drop_chat_states: true
|
||||
queue_presence: false
|
||||
mod_configure: {} # requires mod_adhoc
|
||||
mod_disco: {}
|
||||
## mod_echo: {}
|
||||
mod_irc: {}
|
||||
mod_http_bind: {}
|
||||
## mod_http_fileserver:
|
||||
## docroot: "/var/www"
|
||||
## accesslog: "/var/log/ejabberd/access.log"
|
||||
mod_last: {}
|
||||
mod_muc:
|
||||
host: "conference.@HOST@"
|
||||
access: muc
|
||||
access_create: muc_create
|
||||
access_persistent: muc_create
|
||||
access_admin: muc_admin
|
||||
history_size: 50
|
||||
default_room_options:
|
||||
persistent: true
|
||||
{%- if env['EJABBERD_MOD_MUC_ADMIN'] == "true" %}
|
||||
mod_muc_admin: {}
|
||||
{% endif %}
|
||||
## mod_muc_log: {}
|
||||
## mod_multicast: {}
|
||||
mod_offline:
|
||||
access_max_user_messages: max_user_offline_messages
|
||||
mod_ping: {}
|
||||
## mod_pres_counter:
|
||||
## count: 5
|
||||
## interval: 60
|
||||
mod_privacy: {}
|
||||
mod_private: {}
|
||||
## mod_proxy65: {}
|
||||
mod_pubsub:
|
||||
access_createnode: pubsub_createnode
|
||||
## reduces resource comsumption, but XEP incompliant
|
||||
ignore_pep_from_offline: true
|
||||
## XEP compliant, but increases resource comsumption
|
||||
## ignore_pep_from_offline: false
|
||||
last_item_cache: false
|
||||
plugins:
|
||||
- "flat"
|
||||
- "hometree"
|
||||
- "pep" # pep requires mod_caps
|
||||
mod_register:
|
||||
##
|
||||
## Protect In-Band account registrations with CAPTCHA.
|
||||
##
|
||||
## captcha_protected: true
|
||||
|
||||
##
|
||||
## Set the minimum informational entropy for passwords.
|
||||
##
|
||||
## password_strength: 32
|
||||
|
||||
##
|
||||
## After successful registration, the user receives
|
||||
## a message with this subject and body.
|
||||
##
|
||||
welcome_message:
|
||||
subject: "Welcome!"
|
||||
body: |-
|
||||
Hi.
|
||||
Welcome to this XMPP server.
|
||||
|
||||
##
|
||||
## Only clients in the server machine can register accounts
|
||||
##
|
||||
{%- if env['EJABBERD_REGISTER_TRUSTED_NETWORK_ONLY'] == "true" %}
|
||||
ip_access: trusted_network
|
||||
{% endif %}
|
||||
|
||||
access: register
|
||||
mod_roster: {}
|
||||
mod_shared_roster: {}
|
||||
mod_stats: {}
|
||||
mod_time: {}
|
||||
mod_vcard: {}
|
||||
{% if env.get('EJABBERD_MOD_VERSION', true) == "true" %}
|
||||
mod_version: {}
|
||||
{% endif %}
|
||||
mod_http_upload:
|
||||
docroot: "/opt/ejabberd/upload"
|
||||
{%- if env['EJABBERD_HTTPS'] == "true" %}
|
||||
put_url: "https://@HOST@:5443"
|
||||
{%- else %}
|
||||
put_url: "http://@HOST@:5443"
|
||||
{% endif %}
|
||||
mod_http_upload_quota:
|
||||
max_days: 10
|
||||
|
||||
### ============
|
||||
### HOST CONFIG
|
||||
|
||||
host_config:
|
||||
{%- for xmpp_domain in env['XMPP_DOMAIN'].split() %}
|
||||
"{{ xmpp_domain }}":
|
||||
domain_certfile: "/opt/ejabberd/ssl/{{ xmpp_domain }}.pem"
|
||||
{%- endfor %}
|
||||
|
||||
{%- if env['EJABBERD_CONFIGURE_ODBC'] == "true" %}
|
||||
### ====================
|
||||
### ODBC DATABASE CONFIG
|
||||
odbc_type: {{ env['EJABBERD_ODBC_TYPE'] }}
|
||||
odbc_server: {{ env['EJABBERD_ODBC_SERVER'] }}
|
||||
odbc_database: {{ env['EJABBERD_ODBC_DATABASE'] }}
|
||||
odbc_username: {{ env['EJABBERD_ODBC_USERNAME'] }}
|
||||
odbc_password: {{ env['EJABBERD_ODBC_PASSWORD'] }}
|
||||
odbc_pool_size: {{ env['EJABBERD_ODBC_POOL_SIZE'] }}
|
||||
{% endif %}
|
||||
|
||||
{%- if env['EJABBERD_DEFAULT_DB'] is defined %}
|
||||
default_db: {{ env['EJABBERD_DEFAULT_DB'] }}
|
||||
{% endif %}
|
||||
|
||||
### =====================
|
||||
### SESSION MANAGEMENT DB
|
||||
sm_db_type: {{ env['EJABBERD_SESSION_DB'] or "mnesia" }}
|
||||
|
||||
{%- if env['EJABBERD_CONFIGURE_REDIS'] == "true" %}
|
||||
### ====================
|
||||
### REDIS DATABASE CONFIG
|
||||
redis_server: {{ env['EJABBERD_REDIS_SERVER'] or "localhost" }}
|
||||
redis_port: {{ env['EJABBERD_REDIS_PORT'] or 6379 }}
|
||||
{%- if env['EJABBERD_REDIS_PASSWORD'] is defined %}
|
||||
redis_password: {{ env['EJABBERD_REDIS_PASSWORD'] }}
|
||||
{% endif %}
|
||||
redis_db: {{ env['EJABBERD_REDIS_DB'] or 0}}
|
||||
redis_reconnect_timeout: {{ env['EJABBERD_REDIS_RECONNECT_TIMEOUT'] or 1 }}
|
||||
redis_connect_timeout: {{ env['EJABBERD_REDIS_CONNECT_TIMEOUT'] or 1 }}
|
||||
{% endif %}
|
@ -0,0 +1,199 @@
|
||||
#
|
||||
# In this file you can configure options that are passed by ejabberdctl
|
||||
# to the erlang runtime system when starting ejabberd
|
||||
#
|
||||
|
||||
#' POLL: Kernel polling ([true|false])
|
||||
#
|
||||
# The kernel polling option requires support in the kernel.
|
||||
# Additionally, you need to enable this feature while compiling Erlang.
|
||||
#
|
||||
# Default: true
|
||||
#
|
||||
POLL={{ env['POLL'] or 'true' }}
|
||||
|
||||
#.
|
||||
#' SMP: SMP support ([enable|auto|disable])
|
||||
#
|
||||
# Explanation in Erlang/OTP documentation:
|
||||
# enable: starts the Erlang runtime system with SMP support enabled.
|
||||
# This may fail if no runtime system with SMP support is available.
|
||||
# auto: starts the Erlang runtime system with SMP support enabled if it
|
||||
# is available and more than one logical processor are detected.
|
||||
# disable: starts a runtime system without SMP support.
|
||||
#
|
||||
# Default: auto
|
||||
#
|
||||
SMP={{ env['SMP'] or 'auto' }}
|
||||
|
||||
#.
|
||||
#' ERL_MAX_PORTS: Maximum number of simultaneously open Erlang ports
|
||||
#
|
||||
# ejabberd consumes two or three ports for every connection, either
|
||||
# from a client or from another Jabber server. So take this into
|
||||
# account when setting this limit.
|
||||
#
|
||||
# Default: 32000
|
||||
# Maximum: 268435456
|
||||
#
|
||||
ERL_MAX_PORTS={{ env['ERL_MAX_PORTS'] or '32000' }}
|
||||
|
||||
#.
|
||||
#' FIREWALL_WINDOW: Range of allowed ports to pass through a firewall
|
||||
#
|
||||
# If Ejabberd is configured to run in cluster, and a firewall is blocking ports,
|
||||
# it's possible to make Erlang use a defined range of port (instead of dynamic
|
||||
# ports) for node communication.
|
||||
#
|
||||
# Default: not defined
|
||||
# Example: 4200-4210
|
||||
#
|
||||
{%- if env['FIREWALL_WINDOW'] %}
|
||||
FIREWALL_WINDOW={{ env['FIREWALL_WINDOW'] }}
|
||||
{%- endif %}
|
||||
|
||||
#.
|
||||
#' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes
|
||||
#
|
||||
# This communication is used by ejabberdctl command line tool,
|
||||
# and in a cluster of several ejabberd nodes.
|
||||
#
|
||||
# Default: 0.0.0.0
|
||||
#
|
||||
{%- if env['INET_DIST_INTERFACE'] %}
|
||||
INET_DIST_INTERFACE={{ env['INET_DIST_INTERFACE'] }}
|
||||
{%- endif %}
|
||||
|
||||
#.
|
||||
#' ERL_EPMD_ADDRESS: IP addresses where epmd listens for connections
|
||||
#
|
||||
# IMPORTANT: This option works only in Erlang/OTP R14B03 and newer.
|
||||
#
|
||||
# This environment variable may be set to a comma-separated
|
||||
# list of IP addresses, in which case the epmd daemon
|
||||
# will listen only on the specified address(es) and on the
|
||||
# loopback address (which is implicitly added to the list if it
|
||||
# has not been specified). The default behaviour is to listen on
|
||||
# all available IP addresses.
|
||||
#
|
||||
# Default: 0.0.0.0
|
||||
#
|
||||
{%- if env['ERL_EPMD_ADDRESS'] %}
|
||||
ERL_EPMD_ADDRESS={{ env['ERL_EPMD_ADDRESS'] }}
|
||||
{%- endif %}
|
||||
|
||||
#.
|
||||
#' ERL_PROCESSES: Maximum number of Erlang processes
|
||||
#
|
||||
# Erlang consumes a lot of lightweight processes. If there is a lot of activity
|
||||
# on ejabberd so that the maximum number of processes is reached, people will
|
||||
# experience greater latency times. As these processes are implemented in
|
||||
# Erlang, and therefore not related to the operating system processes, you do
|
||||
# not have to worry about allowing a huge number of them.
|
||||
#
|
||||
# Default: 250000
|
||||
# Maximum: 268435456
|
||||
#
|
||||
ERL_PROCESSES={{ env['ERL_PROCESSES'] or '250000' }}
|
||||
|
||||
#.
|
||||
#' ERL_MAX_ETS_TABLES: Maximum number of ETS and Mnesia tables
|
||||
#
|
||||
# The number of concurrent ETS and Mnesia tables is limited. When the limit is
|
||||
# reached, errors will appear in the logs:
|
||||
# ** Too many db tables **
|
||||
# You can safely increase this limit when starting ejabberd. It impacts memory
|
||||
# consumption but the difference will be quite small.
|
||||
#
|
||||
# Default: 1400
|
||||
#
|
||||
ERL_MAX_ETS_TABLES={{ env['ERL_MAX_ETS_TABLES'] or '1400' }}
|
||||
|
||||
#.
|
||||
#' ERL_OPTIONS: Additional Erlang options
|
||||
#
|
||||
# The next variable allows to specify additional options passed to erlang while
|
||||
# starting ejabberd. Some useful options are -noshell, -detached, -heart. When
|
||||
# ejabberd is started from an init.d script options -noshell and -detached are
|
||||
# added implicitly. See erl(1) for more info.
|
||||
#
|
||||
# It might be useful to add "-pa /usr/local/lib/ejabberd/ebin" if you
|
||||
# want to add local modules in this path.
|
||||
#
|
||||
# Default: ""
|
||||
#
|
||||
ERL_OPTIONS="{{ env['ERL_OPTIONS'] or '-noshell' }}"
|
||||
|
||||
#.
|
||||
#' ERLANG_NODE: Erlang node name
|
||||
#
|
||||
# The next variable allows to explicitly specify erlang node for ejabberd
|
||||
# It can be given in different formats:
|
||||
# ERLANG_NODE=ejabberd
|
||||
# Lets erlang add hostname to the node (ejabberd uses short name in this case)
|
||||
# ERLANG_NODE=ejabberd@hostname
|
||||
# Erlang uses node name as is (so make sure that hostname is a real
|
||||
# machine hostname or you'll not be able to control ejabberd)
|
||||
# ERLANG_NODE=ejabberd@hostname.domainname
|
||||
# The same as previous, but erlang will use long hostname
|
||||
# (see erl (1) manual for details)
|
||||
#
|
||||
# Default: ejabberd@localhost
|
||||
#
|
||||
ERLANG_NODE={{ env['ERLANG_NODE'] or 'ejabberd@localhost' }}
|
||||
|
||||
#.
|
||||
#' EJABBERD_PID_PATH: ejabberd PID file
|
||||
#
|
||||
# Indicate the full path to the ejabberd Process identifier (PID) file.
|
||||
# If this variable is defined, ejabberd writes the PID file when starts,
|
||||
# and deletes it when stops.
|
||||
# Remember to create the directory and grant write permission to ejabberd.
|
||||
#
|
||||
# Default: don't write PID file
|
||||
#
|
||||
#EJABBERD_PID_PATH=/var/run/ejabberd/ejabberd.pid
|
||||
|
||||
#.
|
||||
#' EJABBERD_CONFIG_PATH: ejabberd configuration file
|
||||
#
|
||||
# Specify the full path to the ejabberd configuration file. If the file name has
|
||||
# yml or yaml extension, it is parsed as a YAML file; otherwise, Erlang syntax is
|
||||
# expected.
|
||||
#
|
||||
# Default: $ETC_DIR/ejabberd.yml
|
||||
#
|
||||
EJABBERD_CONFIG_PATH={{ env['EJABBERD_CONFIG_PATH'] or '/opt/ejabberd/conf/ejabberd.yml' }}
|
||||
|
||||
#.
|
||||
#' CONTRIB_MODULES_PATH: contributed ejabberd modules path
|
||||
#
|
||||
# Specify the full path to the contributed ejabberd modules. If the path is not
|
||||
# defined, ejabberd will use ~/.ejabberd-modules in home of user running ejabberd.
|
||||
#
|
||||
# Default: $HOME/.ejabberd-modules
|
||||
#
|
||||
CONTRIB_MODULES_PATH={{ env['CONTRIB_MODULES_PATH'] or '/opt/ejabberd/modules' }}
|
||||
|
||||
#.
|
||||
#' CONTRIB_MODULES_CONF_DIR: configuration directory for contributed modules
|
||||
#
|
||||
# Specify the full path to the configuration directory for contributed ejabberd
|
||||
# modules. In order to configure a module named mod_foo, a mod_foo.yml file can
|
||||
# be created in this directory. This file will then be used instead of the
|
||||
# default configuration file provided with the module.
|
||||
#
|
||||
# Default: $CONTRIB_MODULES_PATH/conf
|
||||
#
|
||||
CONTRIB_MODULES_CONF_DIR={{ env['CONTRIB_MODULES_CONF_DIR'] or '/opt/ejabberd/modules/conf' }}
|
||||
|
||||
#.
|
||||
#' EJABBERD_BYPASS_WARNINGS: Bypass LIVE warning
|
||||
#
|
||||
# Default: don't bypass the warning
|
||||
#
|
||||
EJABBERD_BYPASS_WARNINGS=true
|
||||
|
||||
#.
|
||||
#'
|
||||
# vim: foldmarker=#',#. foldmethod=marker:
|
@ -0,0 +1,22 @@
|
||||
readonly HOSTIP=$(hostname -i)
|
||||
readonly HOSTNAME=$(hostname -f)
|
||||
readonly DOMAINNAME=$(hostname -d)
|
||||
|
||||
readonly DOCKER_LIB="${EJABBERD_HOME}/docker/lib"
|
||||
readonly ERLANGCOOKIEFILE="${EJABBERD_HOME}/.erlang.cookie"
|
||||
readonly EJABBERDCTL="/sbin/ejabberdctl"
|
||||
readonly CONFIGDIR="${EJABBERD_HOME}/conf"
|
||||
readonly CONFIGTMPDIR="${EJABBERD_HOME}/docker/conf"
|
||||
readonly SSLCERTDIR="${EJABBERD_HOME}/ssl"
|
||||
readonly SSLCERTHOST="${SSLCERTDIR}/host.pem"
|
||||
readonly LOGDIR="/var/log/ejabberd"
|
||||
readonly FIRST_START_DONE_FILE="${EJABBERD_HOME}/first-start-done"
|
||||
readonly CLUSTER_NODE_FILE="${EJABBERD_HOME}/cluster-done"
|
||||
|
||||
readonly PYTHON_JINJA2="import os;
|
||||
import sys;
|
||||
import jinja2;
|
||||
sys.stdout.write(
|
||||
jinja2.Template
|
||||
(sys.stdin.read()
|
||||
).render(env=os.environ))"
|
@ -0,0 +1,72 @@
|
||||
is_set() {
|
||||
local var=$1
|
||||
|
||||
[[ -n $var ]]
|
||||
}
|
||||
|
||||
|
||||
is_zero() {
|
||||
local var=$1
|
||||
|
||||
[[ -z $var ]]
|
||||
}
|
||||
|
||||
|
||||
file_exist() {
|
||||
local file=$1
|
||||
|
||||
[[ -e $file ]]
|
||||
}
|
||||
|
||||
|
||||
is_true() {
|
||||
local var=${1,,}
|
||||
local choices=("yes" "1" "y" "true")
|
||||
for ((i=0;i < ${#choices[@]};i++)) {
|
||||
[[ "${choices[i]}" == $var ]] && return 0
|
||||
}
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
log() {
|
||||
local message=$1
|
||||
echo $message
|
||||
}
|
||||
|
||||
|
||||
# overwrite this function to get hostname from other sources
|
||||
# like dns or etcd
|
||||
get_nodename() {
|
||||
log ${HOSTNAME}
|
||||
}
|
||||
|
||||
|
||||
join_cluster() {
|
||||
local cluster_node=$1
|
||||
|
||||
is_zero ${cluster_node} \
|
||||
&& exit 0
|
||||
|
||||
log "Join cluster..."
|
||||
|
||||
local erlang_node_name=${ERLANG_NODE%@*}
|
||||
local erlang_cluster_node="${erlang_node_name}@${cluster_node}"
|
||||
|
||||
response=$(${EJABBERDCTL} ping ${erlang_cluster_node})
|
||||
while [ "$response" != "pong" ]; do
|
||||
log "Waiting for ${erlang_cluster_node}..."
|
||||
sleep 2
|
||||
response=$(${EJABBERDCTL} ping ${erlang_cluster_node})
|
||||
done
|
||||
|
||||
log "Join cluster at ${erlang_cluster_node}... "
|
||||
NO_WARNINGS=true ${EJABBERDCTL} join_cluster $erlang_cluster_node
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
touch ${CLUSTER_NODE_FILE}
|
||||
else
|
||||
log "cloud not join cluster"
|
||||
exit 1
|
||||
fi
|
||||
}
|
@ -0,0 +1 @@
|
||||
# Overridable file
|
@ -0,0 +1 @@
|
||||
# Overridable file
|
@ -0,0 +1,24 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Updates the known modules as to be found in https://github.com/processone/ejabberd-contrib
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
|
||||
run_modules_update_specs() {
|
||||
log "Updating module specs... "
|
||||
${EJABBERDCTL} modules_update_specs
|
||||
}
|
||||
|
||||
|
||||
is_true ${EJABBERD_SKIP_MODULES_UPDATE} \
|
||||
&& exit 0
|
||||
|
||||
run_modules_update_specs
|
||||
|
||||
|
||||
exit 0
|
@ -0,0 +1,144 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Installs modules as defined in environment variables
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
|
||||
install_module_from_source() {
|
||||
local module_name=$1
|
||||
local module_source_path=${EJABBERD_HOME}/module_source/${module_name}
|
||||
local module_install_folder=${EJABBERD_HOME}/.ejabberd-modules/sources/${module_name}
|
||||
|
||||
log "Analyzing module ${module_name} for installation"
|
||||
# Make sure that the module exists in the source folder before attempting a copy
|
||||
|
||||
if [ ! -d ${module_source_path} ]; then
|
||||
log "Error: Module ${module_name} not found in ${EJABBERD_HOME}/module_source"
|
||||
log "Please use a shared volume to populate your module in ${EJABBERD_HOME}/module_source"
|
||||
return 1;
|
||||
fi
|
||||
|
||||
# Check to see if the module is already installed
|
||||
local install_count=$(${EJABBERDCTL} modules_installed | grep -ce "^${module_name}[[:space:]]")
|
||||
if [ $install_count -gt 0 ]; then
|
||||
log "Error: Module already installed: ${module_name}"
|
||||
return 1;
|
||||
fi
|
||||
|
||||
# Copy the module into the shared folder
|
||||
log "Copying module to ejabberd folder ${module_install_folder}"
|
||||
mkdir -p ${module_install_folder}
|
||||
cp -R ${module_source_path} ${module_install_folder}
|
||||
|
||||
# Run the ejabberdctl module_check on the module
|
||||
log "Running module_check on ${module_name}"
|
||||
${EJABBERDCTL} module_check ${module_name}
|
||||
if [ $? -ne 0 ]; then
|
||||
log "Module check failed for ${module_name}"
|
||||
return 1;
|
||||
fi
|
||||
log "Module check succeeded for ${module_name}"
|
||||
|
||||
# Install the module
|
||||
log "Running module_install on ${module_name}"
|
||||
${EJABBERDCTL} module_install ${module_name}
|
||||
if [ $? -ne 0 ]; then
|
||||
log "Module installation failed for ${module_name}"
|
||||
return 1;
|
||||
fi
|
||||
log "Module installation succeeded for ${module_name}"
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
install_module_from_ejabberd_contrib() {
|
||||
local module_name=$1
|
||||
|
||||
# Check to see if the module is already installed
|
||||
local install_count=$(${EJABBERDCTL} modules_installed | grep -ce "^${module_name}[[:space:]]")
|
||||
if [ $install_count -gt 0 ]; then
|
||||
log "Error: Module already installed: ejabberd_contrib ${module_name}"
|
||||
return 1;
|
||||
fi
|
||||
|
||||
# Install the module
|
||||
log "Running module_install on ejabberd_contrib ${module_name}"
|
||||
${EJABBERDCTL} module_install ${module_name}
|
||||
if [ $? -ne 0 ]; then
|
||||
log "Module installation failed for ejabberd_contrib ${module_name}"
|
||||
return 1;
|
||||
fi
|
||||
log "Module installation succeeded for ejabberd_contrib ${module_name}"
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
enable_custom_auth_module_override() {
|
||||
module_name=$1;
|
||||
# When using custom authentication modules, the module name must be
|
||||
# in the following pattern: ejabberd_auth_foo, where foo is the
|
||||
# value you will use for your auth_method yml configuration.
|
||||
required_prefix="ejabberd_auth_"
|
||||
|
||||
if [[ "${module_name}" != "${required_prefix}"* ]]; then
|
||||
log "Error: module_name must begin with ${required_prefix}"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
log "Checking custom auth module: ${module_name}"
|
||||
# Make sure the auth module is installed
|
||||
local install_count=$(${EJABBERDCTL} modules_installed | grep -ce "^${module_name}[[:space:]]")
|
||||
if [ $install_count -eq 0 ]; then
|
||||
log "Error: custom auth_module not installed: ${module_name}"
|
||||
return 1;
|
||||
fi
|
||||
|
||||
custom_auth_method=${module_name#$required_prefix}
|
||||
echo -e "\nauth_method: [${custom_auth_method}]" >> ${CONFIGFILE}
|
||||
log "Custom auth module ${module_name} configuration complete."
|
||||
}
|
||||
|
||||
file_exist ${FIRST_START_DONE_FILE} \
|
||||
&& exit 0
|
||||
|
||||
is_restart_needed=0;
|
||||
|
||||
if [ -n "${EJABBERD_SOURCE_MODULES}" ]; then
|
||||
for module_name in ${EJABBERD_SOURCE_MODULES} ; do
|
||||
install_module_from_source ${module_name}
|
||||
done
|
||||
is_restart_needed=1;
|
||||
fi
|
||||
|
||||
# Check the EJABBERD_CONTRIB_MODULES variable for any ejabberd_contrib modules
|
||||
if [ -n "${EJABBERD_CONTRIB_MODULES}" ]; then
|
||||
for module_name in ${EJABBERD_CONTRIB_MODULES} ; do
|
||||
install_module_from_ejabberd_contrib ${module_name}
|
||||
done
|
||||
is_restart_needed=1;
|
||||
fi
|
||||
|
||||
# If a custom module was defined for handling auth, we need to override
|
||||
# the pre-defined auth methods in the config.
|
||||
if [ -n "${EJABBERD_CUSTOM_AUTH_MODULE_OVERRIDE}" ]; then
|
||||
enable_custom_auth_module_override "${EJABBERD_CUSTOM_AUTH_MODULE_OVERRIDE}"
|
||||
is_restart_needed=1;
|
||||
fi
|
||||
|
||||
# If any modules were installed, restart the server, if the option is enabled
|
||||
if [ ${is_restart_needed} -eq 1 ]; then
|
||||
if is_true ${EJABBERD_RESTART_AFTER_MODULE_INSTALL} ; then
|
||||
log "Restarting ejabberd after successful module installation(s)"
|
||||
${EJABBERDCTL} restart
|
||||
child=$!
|
||||
${EJABBERDCTL} "started"
|
||||
wait $child
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
@ -0,0 +1,72 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
# Do not exit if users already registered
|
||||
set +e
|
||||
|
||||
randpw() {
|
||||
< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c ${1:-16};
|
||||
echo;
|
||||
}
|
||||
|
||||
|
||||
register_user() {
|
||||
local user=$1
|
||||
local domain=$2
|
||||
local password=$3
|
||||
|
||||
${EJABBERDCTL} register ${user} ${domain} ${password}
|
||||
return $?
|
||||
}
|
||||
|
||||
|
||||
register_all_users() {
|
||||
# register users from environment $EJABBERD_USERS with given
|
||||
# password or random password written to stout. Use whitespace
|
||||
# to seperate users.
|
||||
#
|
||||
# sample:
|
||||
# - add a user with an given password:
|
||||
# -e "EJABBERD_USERS=admin@example.com:adminSecret"
|
||||
# - add a user with a random password:
|
||||
# -e "EJABBERD_USERS=user@example.com"
|
||||
# - set password for admin and use random for user1:
|
||||
# -e "EJABBERD_USERS=admin@example.com:adminSecret user@example.com"
|
||||
|
||||
for user in ${EJABBERD_USERS} ; do
|
||||
local jid=${user%%:*}
|
||||
local password=${user#*:}
|
||||
|
||||
local username=${jid%%@*}
|
||||
local domain=${jid#*@}
|
||||
|
||||
[[ "${password}" == "${jid}" ]] \
|
||||
&& password=$(randpw)
|
||||
|
||||
register_user ${username} ${domain} ${password}
|
||||
local retval=$?
|
||||
|
||||
[[ ${retval} -eq 0 ]] \
|
||||
&& log "Password for user ${username}@${domain} is ${password}"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
file_exist ${FIRST_START_DONE_FILE} \
|
||||
&& exit 0
|
||||
|
||||
|
||||
file_exist ${CLUSTER_NODE_FILE} \
|
||||
&& exit 0
|
||||
|
||||
|
||||
is_set ${EJABBERD_USERS} \
|
||||
&& register_all_users
|
||||
|
||||
|
||||
exit 0
|
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Write a first-start-done file
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
|
||||
if [ ! -e "${FIRST_START_DONE_FILE}" ]; then
|
||||
touch ${FIRST_START_DONE_FILE}
|
||||
fi
|
||||
|
||||
|
||||
exit 0
|
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
# Instead of having to mount a direction, specify the ssl certs
|
||||
# via environment variables:
|
||||
# `EJABBERD_SSLCERT_HOST` and `EJABBERD_SSLCERT_{domain_name}`.
|
||||
# For example: `EJABBERD_SSLCERT_EXAMPLE_COM`.
|
||||
|
||||
write_file_from_env() {
|
||||
log "Writing $1 to $2"
|
||||
mkdir -p "$(dirname $2)"
|
||||
log "${!1}" > $2
|
||||
}
|
||||
|
||||
# Write the host certificate
|
||||
is_set ${EJABBERD_SSLCERT_HOST} \
|
||||
&& write_file_from_env "EJABBERD_SSLCERT_HOST" ${SSLCERTHOST}
|
||||
|
||||
# Write the domain certificates for each XMPP_DOMAIN
|
||||
for xmpp_domain in ${XMPP_DOMAIN} ; do
|
||||
var="EJABBERD_SSLCERT_$(echo $xmpp_domain | awk '{print toupper($0)}' | sed 's/\./_/g;s/-/_/g')"
|
||||
if is_set ${!var} ; then
|
||||
file_exist "${SSLCERTDIR}/${xmpp_domain}.pem" \
|
||||
|| write_file_from_env "$var" "${SSLCERTDIR}/${xmpp_domain}.pem"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
exit 0
|
@ -0,0 +1,75 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
|
||||
make_snakeoil_certificate() {
|
||||
local domain=$1
|
||||
local certfile=$2
|
||||
|
||||
openssl req -subj "/CN=${domain}" \
|
||||
-new \
|
||||
-newkey rsa:4096 \
|
||||
-days 365 \
|
||||
-nodes \
|
||||
-x509 \
|
||||
-keyout /tmp/selfsigned.key \
|
||||
-out /tmp/selfsigned.crt
|
||||
|
||||
log "Writing ssl cert and private key to '${certfile}'..."
|
||||
cat /tmp/selfsigned.crt /tmp/selfsigned.key > ${certfile}
|
||||
rm /tmp/selfsigned.crt /tmp/selfsigned.key
|
||||
}
|
||||
|
||||
|
||||
make_host_snakeoil_certificate() {
|
||||
local IFS=@
|
||||
local domain='localhost'
|
||||
local erlang_node=${ERLANG_NODE}
|
||||
|
||||
if is_true ${erlang_node} ; then
|
||||
domain=${HOSTNAME}
|
||||
elif is_set ${erlang_node} ; then
|
||||
set ${erlang_node}
|
||||
local nodehost=$2
|
||||
if is_zero ${nodehost} ; then
|
||||
domain=${HOSTNAME}
|
||||
else
|
||||
domain=${nodehost}
|
||||
fi
|
||||
fi
|
||||
|
||||
log "Generating snakeoil ssl cert for ${domain}..."
|
||||
|
||||
make_snakeoil_certificate ${domain} ${SSLCERTHOST}
|
||||
}
|
||||
|
||||
|
||||
make_domain_snakeoil_certificate() {
|
||||
local domain=$1
|
||||
local certfile=$2
|
||||
|
||||
log "Generating snakeoil ssl cert for ${domain}..."
|
||||
|
||||
make_snakeoil_certificate ${domain} ${certfile}
|
||||
}
|
||||
|
||||
|
||||
# generate host ssl cert if missing
|
||||
file_exist ${SSLCERTHOST} \
|
||||
|| make_host_snakeoil_certificate
|
||||
|
||||
|
||||
# generate xmmp domain ssl certificates if missing
|
||||
for xmpp_domain in ${XMPP_DOMAIN} ; do
|
||||
domain_certfile="${SSLCERTDIR}/${xmpp_domain}.pem"
|
||||
file_exist ${domain_certfile} \
|
||||
|| make_domain_snakeoil_certificate ${xmpp_domain} ${domain_certfile}
|
||||
done
|
||||
|
||||
|
||||
exit 0
|
@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
make_dhparam() {
|
||||
local dhfile=$1
|
||||
local bits=$2
|
||||
|
||||
log "Writing dh file to '${dhfile}'..."
|
||||
openssl dhparam -out ${dhfile} ${bits}
|
||||
}
|
||||
|
||||
if is_true ${EJABBERD_DHPARAM} ; then
|
||||
file_exist ${SSLDHPARAM} \
|
||||
|| make_dhparam ${SSLDHPARAM} 4096
|
||||
fi
|
||||
|
||||
exit 0
|
@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
|
||||
source "${EJABBERD_HOME}/docker/lib/base_config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/config.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/base_functions.sh"
|
||||
source "${EJABBERD_HOME}/docker/lib/functions.sh"
|
||||
|
||||
|
||||
set_erlang_cookie() {
|
||||
chmod 600 ${ERLANGCOOKIEFILE}
|
||||
log "Set erlang cookie to ${ERLANG_COOKIE}..."
|
||||
echo ${ERLANG_COOKIE} > ${ERLANGCOOKIEFILE}
|
||||
chmod 400 ${ERLANGCOOKIEFILE}
|
||||
}
|
||||
|
||||
|
||||
file_exist ${FIRST_START_DONE_FILE} \
|
||||
&& exit 0
|
||||
|
||||
|
||||
# set erlang cookie if ERLANG_COOKIE is set in environemt
|
||||
is_set ${ERLANG_COOKIE} \
|
||||
&& set_erlang_cookie
|
||||
|
||||
|
||||
exit 0
|