26
1
mirror of https://github.com/processone/ejabberd.git synced 2025-01-03 18:02:28 +01:00
xmpp.chapril.org-ejabberd/doc/guide.html
Alexey Shchepin 0b4539caa1 * src/web/ejabberd_http.erl: Added options for enabling HTTP
polling and admin interface
* src/web/ejabberd_web.erl: Likewise
* src/ejabberd.cfg.example: Updated

* src/web/ejabberd_web_admin.erl: Updated

* doc/guide.tex: Updated

SVN Revision: 236
2004-05-22 19:48:35 +00:00

984 lines
36 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD><TITLE>Ejabberd Installation and Operation Guide</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=ISO8859-1">
<META name="GENERATOR" content="hevea 1.06">
</HEAD>
<BODY >
<!--HEVEA command line is: /usr/bin/hevea -charset ISO8859-1 guide.tex -->
<!--HTMLHEAD-->
<!--ENDHTML-->
<!--PREFIX <ARG ></ARG>-->
<!--CUT DEF section 1 -->
<H1 ALIGN=center>Ejabberd Installation and Operation Guide</H1>
<H3 ALIGN=center>Alexey Shchepin<BR>
<A HREF="mailto:alexey@sevcom.net"><TT>mailto:alexey@sevcom.net</TT></A><BR>
<A HREF="xmpp:aleksey@jabber.ru"><TT>xmpp:aleksey@jabber.ru</TT></A></H3>
<H3 ALIGN=center>May 8, 2004</H3><DIV ALIGN=center>
<IMG SRC="logo.png">
</DIV><BR>
<BR>
<!--TOC section Table of Contents-->
<H2>Table of Contents</H2><!--SEC END -->
<UL><LI>
<A HREF="#htoc1">1&nbsp;&nbsp;Introduction</A>
<LI><A HREF="#htoc2">2&nbsp;&nbsp;Installation</A>
<UL><LI>
<A HREF="#htoc3">2.1&nbsp;&nbsp;Installation Requirements</A>
<UL><LI>
<A HREF="#htoc4">2.1.1&nbsp;&nbsp;Unix</A>
<LI><A HREF="#htoc5">2.1.2&nbsp;&nbsp;Windows</A>
</UL>
<LI><A HREF="#htoc6">2.2&nbsp;&nbsp;Obtaining</A>
<LI><A HREF="#htoc7">2.3&nbsp;&nbsp;Compilation</A>
<UL><LI>
<A HREF="#htoc8">2.3.1&nbsp;&nbsp;Unix</A>
<LI><A HREF="#htoc9">2.3.2&nbsp;&nbsp;Windows</A>
</UL>
<LI><A HREF="#htoc10">2.4&nbsp;&nbsp;Starting</A>
</UL>
<LI><A HREF="#htoc11">3&nbsp;&nbsp;Configuration</A>
<UL><LI>
<A HREF="#htoc12">3.1&nbsp;&nbsp;Initial Configuration</A>
<UL><LI>
<A HREF="#htoc13">3.1.1&nbsp;&nbsp;Host Name</A>
<LI><A HREF="#htoc14">3.1.2&nbsp;&nbsp;Access Rules</A>
<LI><A HREF="#htoc15">3.1.3&nbsp;&nbsp;Shapers Configuration</A>
<LI><A HREF="#htoc16">3.1.4&nbsp;&nbsp;Listened Sockets</A>
<LI><A HREF="#htoc17">3.1.5&nbsp;&nbsp;Modules</A>
</UL>
<LI><A HREF="#htoc18">3.2&nbsp;&nbsp;Online Configuration and Monitoring</A>
<UL><LI>
<A HREF="#htoc19">3.2.1&nbsp;&nbsp;Node <TT>config</TT>: Global Configuration</A>
<LI><A HREF="#htoc20">3.2.2&nbsp;&nbsp;Node <TT>online users</TT>: List of Online Users</A>
<LI><A HREF="#htoc21">3.2.3&nbsp;&nbsp;Node <TT>all users</TT>: List of Registered Users</A>
<LI><A HREF="#htoc22">3.2.4&nbsp;&nbsp;Node <TT>outgoing s2s</TT>: List of Outgoing S2S connections</A>
<LI><A HREF="#htoc23">3.2.5&nbsp;&nbsp;Node <TT>running nodes</TT>: List of Running <TT>ejabberd</TT> Nodes</A>
<LI><A HREF="#htoc24">3.2.6&nbsp;&nbsp;Node <TT>stopped nodes</TT>: List of Stopped Nodes</A>
</UL>
</UL>
<LI><A HREF="#htoc25">4&nbsp;&nbsp;Distribution</A>
<UL><LI>
<A HREF="#htoc26">4.1&nbsp;&nbsp;How it works</A>
<UL><LI>
<A HREF="#htoc27">4.1.1&nbsp;&nbsp;Router</A>
<LI><A HREF="#htoc28">4.1.2&nbsp;&nbsp;Local Router</A>
<LI><A HREF="#htoc29">4.1.3&nbsp;&nbsp;Session Manager</A>
<LI><A HREF="#htoc30">4.1.4&nbsp;&nbsp;S2S Manager</A>
</UL>
</UL>
<LI><A HREF="#htoc31">A&nbsp;&nbsp;Built-in Modules</A>
<UL><LI>
<A HREF="#htoc32">A.1&nbsp;&nbsp;Common Options</A>
<UL><LI>
<A HREF="#htoc33">A.1.1&nbsp;&nbsp;Option <TT>iqdisc</TT></A>
<LI><A HREF="#htoc34">A.1.2&nbsp;&nbsp;Option <TT>host</TT></A>
</UL>
<LI><A HREF="#htoc35">A.2&nbsp;&nbsp;<TT>mod_register</TT></A>
<LI><A HREF="#htoc36">A.3&nbsp;&nbsp;<TT>mod_roster</TT></A>
<LI><A HREF="#htoc37">A.4&nbsp;&nbsp;<TT>mod_configure</TT></A>
<LI><A HREF="#htoc38">A.5&nbsp;&nbsp;<TT>mod_disco</TT></A>
<LI><A HREF="#htoc39">A.6&nbsp;&nbsp;<TT>mod_stats</TT></A>
<LI><A HREF="#htoc40">A.7&nbsp;&nbsp;<TT>mod_vcard</TT></A>
<LI><A HREF="#htoc41">A.8&nbsp;&nbsp;<TT>mod_offline</TT></A>
<LI><A HREF="#htoc42">A.9&nbsp;&nbsp;<TT>mod_echo</TT></A>
<LI><A HREF="#htoc43">A.10&nbsp;&nbsp;<TT>mod_private</TT></A>
<LI><A HREF="#htoc44">A.11&nbsp;&nbsp;<TT>mod_time</TT></A>
<LI><A HREF="#htoc45">A.12&nbsp;&nbsp;<TT>mod_version</TT></A>
</UL>
<LI><A HREF="#htoc46">B&nbsp;&nbsp;I18n/L10n</A>
</UL>
<!--TOC section Introduction-->
<H2><A NAME="htoc1">1</A>&nbsp;&nbsp;Introduction</H2><!--SEC END -->
<A NAME="sec:intro"></A>
<TT>ejabberd</TT> is a Free and Open Source fault-tolerant distributed Jabber
server. It is writen mostly in Erlang.<BR>
<BR>
The main features of <TT>ejabberd</TT> is:
<UL><LI>
Works on most of popular platforms: *nix (tested on Linux, FreeBSD and
NetBSD) and Win32
<LI>Distributed: You can run <TT>ejabberd</TT> on a cluster of machines and all of
them will serve one Jabber domain.
<LI>Fault-tolerance: You can setup an <TT>ejabberd</TT> cluster so that all the
information required for a properly working service will be stored
permanently on more than one node. This means that if one of the nodes
crashes, then the others will continue working without disruption.
You can also add or replace more nodes ``on the fly''.
<LI>Built-in <A HREF="http://www.jabber.org/jeps/jep-0045.html">Multi-User
Chat</A> service
<LI>Built-in IRC transport
<LI>Built-in
<A HREF="http://www.jabber.org/jeps/jep-0060.html">Publish-Subscribe</A>
service
<LI>Built-in Jabber Users Directory service based on users vCards
<LI>Built-in
<A HREF="http://www.jabber.org/jeps/jep-0025.html">HTTP Polling</A>
service
<LI>SSL support
<LI>Support for LDAP authentification
<LI>Ability to interface with external components (JIT, MSN-t, Yahoo-t, etc)
<LI>Migration from jabberd14 is possible
<LI>Mostly XMPP-compliant
<LI>Support for
<A HREF="http://www.jabber.org/jeps/jep-0030.html">JEP-0030</A>
(Service Discovery).
<LI>Support for
<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A>
(Statistics Gathering).
<LI>Support for <TT>xml:lang</TT>
</UL>
The misfeatures of <TT>ejabberd</TT> is:
<UL><LI>
No support for virtual domains
<LI>No support for STARTTLS
</UL>
<!--TOC section Installation-->
<H2><A NAME="htoc2">2</A>&nbsp;&nbsp;Installation</H2><!--SEC END -->
<A NAME="sec:installation"></A>
<!--TOC subsection Installation Requirements-->
<H3><A NAME="htoc3">2.1</A>&nbsp;&nbsp;Installation Requirements</H3><!--SEC END -->
<A NAME="sec:installreq"></A>
<!--TOC subsubsection Unix-->
<H4><A NAME="htoc4">2.1.1</A>&nbsp;&nbsp;Unix</H4><!--SEC END -->
<A NAME="sec:installrequnix"></A>
To compile <TT>ejabberd</TT>, you will need the following packages:
<UL><LI>
GNU Make;
<LI>GCC;
<LI>libexpat 1.95 or later;
<LI>Erlang/OTP R8B or later.
</UL>
<!--TOC subsubsection Windows-->
<H4><A NAME="htoc5">2.1.2</A>&nbsp;&nbsp;Windows</H4><!--SEC END -->
<A NAME="sec:installreqwin"></A>
To compile <TT>ejabberd</TT> in MS Windows environment, you will need the following
packages:
<UL><LI>
MS Visual C++&nbsp;6.0 Compiler
<LI><A HREF="http://www.erlang.org/download/otp_win32_R9C-0.exe">Erlang emulator version&nbsp;5.3</A>
<LI><A HREF="http://prdownloads.sourceforge.net/expat/expat_win32bin_1_95_7.exe?download">Expat&nbsp;1.95.7</A>
<LI><A HREF="http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.9.1.tar.gz">Iconv&nbsp;1.9.1</A>
(optional)
<LI><A HREF="http://www.slproweb.com/download/Win32OpenSSL-v0.9.7d.exe">Shining Light OpenSSL</A>
(to enable SSL connections)
</UL>
<!--TOC subsection Obtaining-->
<H3><A NAME="htoc6">2.2</A>&nbsp;&nbsp;Obtaining</H3><!--SEC END -->
<A NAME="sec:obtaining"></A>
Currently no stable version has been released.<BR>
<BR>
The latest alpha version can be retrieved from CVS.
<UL><LI>
<TT>export CVSROOT=:pserver:anonymous@jabberstudio.org:/home/cvs</TT>
<LI><TT>cvs login</TT>
<LI>Press Enter when asked for a password
<LI><TT>cvs -z3 co ejabberd</TT>
</UL>
<!--TOC subsection Compilation-->
<H3><A NAME="htoc7">2.3</A>&nbsp;&nbsp;Compilation</H3><!--SEC END -->
<A NAME="sec:compilation"></A>
<!--TOC subsubsection Unix-->
<H4><A NAME="htoc8">2.3.1</A>&nbsp;&nbsp;Unix</H4><!--SEC END -->
<A NAME="sec:compilationunix"></A>
<PRE>
./configure
make
</PRE>
TBD<BR>
<BR>
<!--TOC subsubsection Windows-->
<H4><A NAME="htoc9">2.3.2</A>&nbsp;&nbsp;Windows</H4><!--SEC END -->
<A NAME="sec:compilationwin"></A>
<OL type=1><LI>
Install Erlang emulator (for example, into <CODE>C:\Program Files\erl5.3</CODE>).
<LI>Install Expat library into <CODE>C:\Program Files\Expat-1.95.7</CODE>
directory. Copy file <CODE>C:\Program Files\Expat-1.95.7\Libs\libexpat.dll</CODE>
to your Windows system directory (for example, <CODE>C:\WINNT</CODE> or
<CODE>C:\WINNT\System32</CODE>)
<LI>Build and install Iconv library into <CODE>C:\Program Files\iconv-1.9.1</CODE> directory.
Copy file <CODE>C:\Program Files\iconv-1.9.1\bin\iconv.dll</CODE> to your
Windows system directory.<BR>
<BR>
Note: Instead of copying libexpat.dll and iconv.dll to Windows
directory, you can add directories
<CODE>C:\Program Files\Expat-1.95.7\Libs</CODE> and
<CODE>C:\Program Files\iconv-1.9.1\bin</CODE> to <CODE>PATH</CODE> environment
variable.
<LI>Being in <CODE>ejabberd\src</CODE> directory run:
<PRE>
configure
nmake -f Makefile.win32
</PRE><LI>Edit file <CODE>ejabberd\src\ejabberd.cfg</CODE> and run
<PRE>
werl -s ejabberd -name ejabberd
</PRE><LI>Enjoy!
</OL>
<!--TOC subsection Starting-->
<H3><A NAME="htoc10">2.4</A>&nbsp;&nbsp;Starting</H3><!--SEC END -->
<A NAME="sec:starting"></A>
To start <TT>ejabberd</TT>, use the following command:
<PRE>
erl -name ejabberd -s ejabberd
</PRE>or
<PRE>
erl -sname ejabberd -s ejabberd
</PRE>In second case Erlang node will be identified using only first part of host
name, i.&nbsp;e. other Erlang nodes not inside this domain can't contact this node.<BR>
<BR>
To specify path to config file, use command like this:
<PRE>
erl -sname ejabberd -s ejabberd -ejabberd config \"/etc/ejabberd/ejabberd.cfg\"
</PRE>
To use more than 1024 connections, you will need to set environment variable
<CODE>ERL_MAX_PORTS</CODE>:
<PRE>
export ERL_MAX_PORTS=32000
</PRE>Note that with this value <TT>ejabberd</TT> will use more memory (approximately 6MB
more).<BR>
<BR>
To reduce memory usage, you can set environment variable
<CODE>ERL_FULLSWEEP_AFTER</CODE>:
<PRE>
export ERL_FULLSWEEP_AFTER=0
</PRE>But in this case <TT>ejabberd</TT> can start to work slower.<BR>
<BR>
<!--TOC section Configuration-->
<H2><A NAME="htoc11">3</A>&nbsp;&nbsp;Configuration</H2><!--SEC END -->
<A NAME="sec:configuration"></A>
<!--TOC subsection Initial Configuration-->
<H3><A NAME="htoc12">3.1</A>&nbsp;&nbsp;Initial Configuration</H3><!--SEC END -->
<A NAME="sec:initconfig"></A>
The configuration file is initially loaded the first time <TT>ejabberd</TT> is
executed, when it is parsed and stored in a database. Subsiquently the
configuration is loaded from the database and any commands in the configuration
file are appended to the entries in the database. The configuration file
consists of a sequence of Erlang terms. Parts of lines after <TT>`%'</TT> sign
are ignored. Each term is tuple, where first element is name of option, and
other are option values. E.&nbsp;g. if this file does not contain a ``host''
definition, then old value stored in the database will be used.<BR>
<BR>
To override old values stored in the database the following lines can be added
in config:
<PRE>
override_global.
override_local.
override_acls.
</PRE>With this lines old global or local options or ACLs will be removed before
adding new ones.<BR>
<BR>
<!--TOC subsubsection Host Name-->
<H4><A NAME="htoc13">3.1.1</A>&nbsp;&nbsp;Host Name</H4><!--SEC END -->
<A NAME="sec:confighostname"></A>
Option <TT>hostname</TT> defines name of Jabber domain that <TT>ejabberd</TT>
serves. E.&nbsp;g. to use <TT>jabber.org</TT> domain add following line in config:
<PRE>
{host, "jabber.org"}.
</PRE>
<!--TOC subsubsection Access Rules-->
<H4><A NAME="htoc14">3.1.2</A>&nbsp;&nbsp;Access Rules</H4><!--SEC END -->
<A NAME="sec:configaccess"></A>
Access control in <TT>ejabberd</TT> is performed via Access Control Lists (ACL). The
declarations of ACL in config file have following syntax:
<PRE>
{acl, &lt;aclname&gt;, {&lt;acltype&gt;, ...}}.
</PRE>
<TT>&lt;acltype&gt;</TT> can be one of following:
<DL COMPACT=compact><DT>
<B><TT>all</TT></B><DD> Matches all JIDs. Example:
<PRE>
{acl, all, all}.
</PRE><DT><B><TT>{user, &lt;username&gt;}</TT></B><DD> Matches local user with name
<TT>&lt;username&gt;</TT>. Example:
<PRE>
{acl, admin, {user, "aleksey"}}.
</PRE><DT><B><TT>{user, &lt;username&gt;, &lt;server&gt;}</TT></B><DD> Matches user with JID
<TT>&lt;username&gt;@&lt;server&gt;</TT> and any resource. Example:
<PRE>
{acl, admin, {user, "aleksey", "jabber.ru"}}.
</PRE><DT><B><TT>{server, &lt;server&gt;}</TT></B><DD> Matches any JID from server
<TT>&lt;server&gt;</TT>. Example:
<PRE>
{acl, jabberorg, {server, "jabber.org"}}.
</PRE><DT><B><TT>{user_regexp, &lt;regexp&gt;}</TT></B><DD> Matches local user with name that
matches <TT>&lt;regexp&gt;</TT>. Example:
<PRE>
{acl, tests, {user, "^test[0-9]*$"}}.
</PRE><DT><B><TT>{user_regexp, &lt;regexp&gt;, &lt;server&gt;}</TT></B><DD> Matches user with name
that matches <TT>&lt;regexp&gt;</TT> and from server <TT>&lt;server&gt;</TT>. Example:
<PRE>
{acl, tests, {user, "^test", "localhost"}}.
</PRE><DT><B><TT>{server_regexp, &lt;regexp&gt;}</TT></B><DD> Matches any JID from server that
matches <TT>&lt;regexp&gt;</TT>. Example:
<PRE>
{acl, icq, {server, "^icq\\."}}.
</PRE><DT><B><TT>{node_regexp, &lt;user_regexp&gt;, &lt;server_regexp&gt;}</TT></B><DD> Matches user
with name that matches <TT>&lt;user_regexp&gt;</TT> and from server that matches
<TT>&lt;server_regexp&gt;</TT>. Example:
<PRE>
{acl, aleksey, {node_regexp, "^aleksey", "^jabber.(ru|org)$"}}.
</PRE><DT><B><TT>{user_glob, &lt;glob&gt;}</TT></B><DD>
<DT><B><TT>{user_glob, &lt;glob&gt;, &lt;server&gt;}</TT></B><DD>
<DT><B><TT>{server_glob, &lt;glob&gt;}</TT></B><DD>
<DT><B><TT>{node_glob, &lt;user_glob&gt;, &lt;server_glob&gt;}</TT></B><DD> This is same as
above, but uses shell glob patterns instead of regexp. These patterns can
have following special characters:
<DL COMPACT=compact><DT>
<B><TT>*</TT></B><DD> matches any string including the null string.
<DT><B><TT>?</TT></B><DD> matches any single character.
<DT><B><TT>[...]</TT></B><DD> matches any of the enclosed characters. Character
ranges are specified by a pair of characters separated by a <TT>`-'</TT>.
If the first character after <TT>`['</TT> is a <TT>`!'</TT>, then any
character not enclosed is matched.
</DL>
</DL>
The following ACLs pre-defined:
<DL COMPACT=compact><DT>
<B><TT>all</TT></B><DD> Matches all JIDs.
<DT><B><TT>none</TT></B><DD> Matches none JIDs.
</DL>
An entry allowing or denying different services would look similar to this:
<PRE>
{access, &lt;accessname&gt;, [{allow, &lt;aclname&gt;},
{deny, &lt;aclname&gt;},
...
]}.
</PRE>When a JID is checked to have access to <TT>&lt;accessname&gt;</TT>, the server
sequentially checks if this JID mathes one of the ACLs that are second elements
in each tuple in list. If it is matched, then the first element of matched
tuple is returned else ``<TT>deny</TT>'' is returned.<BR>
<BR>
Example:
<PRE>
{access, configure, [{allow, admin}]}.
{access, something, [{deny, badmans},
{allow, all}]}.
</PRE>
Following access rules pre-defined:
<DL COMPACT=compact><DT>
<B><TT>all</TT></B><DD> Always return ``<TT>allow</TT>''
<DT><B><TT>none</TT></B><DD> Always return ``<TT>deny</TT>''
</DL>
<!--TOC subsubsection Shapers Configuration-->
<H4><A NAME="htoc15">3.1.3</A>&nbsp;&nbsp;Shapers Configuration</H4><!--SEC END -->
<A NAME="sec:configshaper"></A>
With shapers is possible to bound connection traffic. The declarations of
shapers in config file have following syntax:
<PRE>
{shaper, &lt;shapername&gt;, &lt;kind&gt;}.
</PRE>Currently implemented only one kind of shaper: <TT>maxrate</TT>. It have
following syntax:
<PRE>
{maxrate, &lt;rate&gt;}
</PRE>where <TT>&lt;rate&gt;</TT> means maximum allowed incomig rate in bytes/second.
E.&nbsp;g. to define shaper with name ``<TT>normal</TT>'' and maximum allowed rate
1000&nbsp;bytes/s, add following line in config:
<PRE>
{shaper, normal, {maxrate, 1000}}.
</PRE>
<!--TOC subsubsection Listened Sockets-->
<H4><A NAME="htoc16">3.1.4</A>&nbsp;&nbsp;Listened Sockets</H4><!--SEC END -->
<A NAME="sec:configlistened"></A>
Option <TT>listen</TT> defines list of listened sockets and what services
runned on them. Each element of list is a tuple with following elements:
<UL><LI>
Port number;
<LI>Module that serves this port;
<LI>Options to this module.
</UL>
Currently three modules are implemented:
<DL COMPACT=compact><DT>
<CODE><B>ejabberd_c2s</B></CODE><DD> This module serves C2S connections.<BR>
<BR>
The following options are defined:
<DL COMPACT=compact><DT>
<CODE><B>{access, &lt;access rule&gt;}</B></CODE><DD> This option defines access of users
to this C2S port. Default value is ``<TT>all</TT>''.
<DT><CODE><B>{shaper, &lt;access rule&gt;}</B></CODE><DD> This option is like previous, but
use shapers instead of ``<TT>allow</TT>'' and ``<TT>deny</TT>''. Default
value is ``<TT>none</TT>''.
<DT><CODE><B>{ip, IPAddress}</B></CODE><DD> This option specifies which network interface to
listen on.
<DT><CODE><B>inet6</B></CODE><DD> Set up the socket for IPv6.
<DT><CODE><B>ssl</B></CODE><DD> This option specifies that traffic on this port will be
encrypted using SSL. You should also set ``<CODE>certfile</CODE>'' option.
<DT><CODE><B>{certfile, Path}</B></CODE><DD> Path to a file containing the SSL certificate.
</DL>
<DT><CODE><B>ejabberd_s2s_in</B></CODE><DD> This module serves incoming S2S connections.
<DT><CODE><B>ejabberd_service</B></CODE><DD> This module serves connections from Jabber
services (i.&nbsp;e. that use the <TT>jabber:component:accept</TT> namespace).
</DL>
For example, the following configuration defines that:
<UL><LI>
C2S connections are listened on port 5222 and 5223 (SSL) and denied for
user ``<TT>bad</TT>''
<LI>S2S connections are listened on port 5269
<LI>All users except admins have traffic limit 1000&nbsp;B/s
<LI>AIM service <TT>aim.example.org</TT> is connected to port 5233 with
password ``<TT>aimsecret</TT>''
<LI>JIT services <TT>icq.example.org</TT> and <TT>sms.example.org</TT> are
connected to port 5234 with password ``<TT>jitsecret</TT>''
<LI>MSN service <TT>msn.example.org</TT> is connected to port 5235 with
password ``<TT>msnsecret</TT>''
<LI>YAHOO service <TT>yahoo.example.org</TT> is connected to port 5236 with
password ``<TT>yahoosecret</TT>''
<LI>ILE service <TT>ile.example.org</TT> is connected to port 5237 with
password ``<TT>ilesecret</TT>''
</UL>
<PRE>
{acl, blocked, {user, "bad"}}.
{access, c2s, [{deny, blocked},
{allow, all}]}.
{shaper, normal, {maxrate, 1000}}.
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{listen,
[{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
{5223, ejabberd_c2s, [{access, c2s},
ssl, {certfile, "/path/to/ssl.pem"}]},
{5269, ejabberd_s2s_in, []},
{5233, ejabberd_service, [{host, "aim.example.org",
[{password, "aimsecret"}]}]},
{5234, ejabberd_service, [{hosts, ["icq.example.org", "sms.example.org"],
[{password, "jitsecret"}]}]},
{5235, ejabberd_service, [{host, "msn.example.org",
[{password, "msnsecret"}]}]},
{5236, ejabberd_service, [{host, "yahoo.example.org",
[{password, "yahoosecret"}]}]},
{5237, ejabberd_service, [{host, "gg.example.org",
[{password, "ggsecret"}]}]},
{5238, ejabberd_service, [{host, "ile.example.org",
[{password, "ilesecret"}]}]}
]
}.
</PRE>Note, that for jabberd14- or wpjabberd-based services you need to make the
transports log and do xdb by themselves:
<PRE>
&lt;!--
You need to add elogger and rlogger entries here when using ejabberd.
In this case the transport will do the logging.
--&gt;
&lt;log id='elogger'&gt;
&lt;host/&gt;
&lt;logtype/&gt;
&lt;format&gt;%d: [%t] (%h): %s&lt;/format&gt;
&lt;file&gt;/var/log/jabber/error/aim-t.log&lt;/file&gt;
&lt;/log&gt;
&lt;log id='rlogger'&gt;
&lt;host/&gt;
&lt;logtype&gt;record&lt;/logtype&gt;
&lt;format&gt;%d %h %s&lt;/format&gt;
&lt;file&gt;/var/log/jabber/record/aim-t.log&lt;/file&gt;
&lt;/log&gt;
&lt;!--
Some Jabber server implementations do not provide
XDB services (for example jabberd 2.0 and ejabberd).
AIM-t is loaded into handle all XDB requests.
--&gt;
&lt;xdb id="xdb"&gt;
&lt;host/&gt;
&lt;load&gt;
&lt;xdb_file&gt;/usr/lib/jabber/xdb_file.so&lt;/xdb_file&gt; &lt;!-- this is a lib of wpjabber or jabberd --&gt;
&lt;/load&gt;
&lt;xdb_file xmlns="jabber:config:xdb_file"&gt;
&lt;spool&gt;&lt;jabberd:cmdline flag='s'&gt;/var/spool/jabber&lt;/jabberd:cmdline&gt;&lt;/spool&gt;
&lt;/xdb_file&gt;
&lt;/xdb&gt;
</PRE>
<!--TOC subsubsection Modules-->
<H4><A NAME="htoc17">3.1.5</A>&nbsp;&nbsp;Modules</H4><!--SEC END -->
<A NAME="sec:configmodules"></A>
Option <TT>modules</TT> defines the list of modules that will be loaded after
<TT>ejabberd</TT> startup. Each list element is a tuple where first element is a
name of a module and second is list of options to this module. See
section&nbsp;<A HREF="#sec:modules">A</A> for detailed information on each module.<BR>
<BR>
Example:
<PRE>
{modules, [
{mod_register, []},
{mod_roster, []},
{mod_configure, []},
{mod_disco, []},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, [{host, "echo.localhost"}]},
{mod_private, []},
{mod_time, [{iqdisc, no_queue}]},
{mod_version, []}
]}.
</PRE>
<!--TOC subsection Online Configuration and Monitoring-->
<H3><A NAME="htoc18">3.2</A>&nbsp;&nbsp;Online Configuration and Monitoring</H3><!--SEC END -->
<A NAME="sec:onlineconfig"></A>
To perform online reconfiguration of <TT>ejabberd</TT> you will need to have
<TT>mod_configure</TT> loaded (see section&nbsp;<A HREF="#sec:modconfigure">A.4</A>). It is also highly
recommended to load <TT>mod_disco</TT> as well (see section&nbsp;<A HREF="#sec:moddisco">A.5</A>),
because <TT>mod_configure</TT> is highly integrated with it. Additionally it is
recommended to use a disco- and xdata-capable client such as
<A HREF="http://www.jabber.ru/projects/tkabber/index_en.html">Tkabber</A>
(which was developed synchronously with <TT>ejabberd</TT>, its CVS version
supports most of <TT>ejabberd</TT> features).<BR>
<BR>
On disco query <TT>ejabberd</TT> returns following items:
<UL><LI>
Identity of server.
<LI>List of features, including defined namespaces.
<LI>List of JIDs from route table.
<LI>List of disco-nodes described in following subsections.
</UL>
<BLOCKQUOTE><DIV ALIGN=center><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="disco.png">
<BR>
<DIV ALIGN=center>Figure 1: Tkabber Discovery window</DIV><BR>
<A NAME="fig:disco"></A>
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--TOC subsubsection Node <TT>config</TT>: Global Configuration-->
<H4><A NAME="htoc19">3.2.1</A>&nbsp;&nbsp;Node <TT>config</TT>: Global Configuration</H4><!--SEC END -->
Under this node the following nodes exists:<BR>
<BR>
<!--TOC paragraph Node <TT>config/hostname</TT>-->
<H5>Node <TT>config/hostname</TT></H5><!--SEC END -->
Via <TT>jabber:x:data</TT> queries to this node possible to change host name of
this <TT>ejabberd</TT> server. (See figure&nbsp;<A HREF="#fig:hostname">2</A>) (Currently this works
correctly only after a restart)
<BLOCKQUOTE><DIV ALIGN=center><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="confhostname.png">
<BR>
<DIV ALIGN=center>Figure 2: Editing of hostname</DIV><BR>
<A NAME="fig:hostname"></A>
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--TOC paragraph Node <TT>config/acls</TT>-->
<H5>Node <TT>config/acls</TT></H5><!--SEC END -->
Via <TT>jabber:x:data</TT> queries to this node it is possible to edit ACLs list.
(See figure&nbsp;<A HREF="#fig:acls">3</A>)
<BLOCKQUOTE><DIV ALIGN=center><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="confacls.png">
<BR>
<DIV ALIGN=center>Figure 3: Editing of ACLs</DIV><BR>
<A NAME="fig:acls"></A>
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--TOC paragraph Node <TT>config/access</TT>-->
<H5>Node <TT>config/access</TT></H5><!--SEC END -->
Via <TT>jabber:x:data</TT> queries to this node it is possible to edit access
rules.<BR>
<BR>
<!--TOC paragraph Node <TT>config/remusers</TT>-->
<H5>Node <TT>config/remusers</TT></H5><!--SEC END -->
Via <TT>jabber:x:data</TT> queries to this node it is possible to remove users. If
removed user is online, then he will be disconnected. Also user-related data
(e.g. his roster) is removed (but appropriate module must be loaded).<BR>
<BR>
<!--TOC subsubsection Node <TT>online users</TT>: List of Online Users-->
<H4><A NAME="htoc20">3.2.2</A>&nbsp;&nbsp;Node <TT>online users</TT>: List of Online Users</H4><!--SEC END -->
<!--TOC subsubsection Node <TT>all users</TT>: List of Registered Users-->
<H4><A NAME="htoc21">3.2.3</A>&nbsp;&nbsp;Node <TT>all users</TT>: List of Registered Users</H4><!--SEC END -->
<BLOCKQUOTE><DIV ALIGN=center><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="discoallusers.png">
<BR>
<DIV ALIGN=center>Figure 4: Discovery all users</DIV><BR>
<A NAME="fig:discoallusers"></A>
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--TOC subsubsection Node <TT>outgoing s2s</TT>: List of Outgoing S2S connections-->
<H4><A NAME="htoc22">3.2.4</A>&nbsp;&nbsp;Node <TT>outgoing s2s</TT>: List of Outgoing S2S connections</H4><!--SEC END -->
<!--TOC subsubsection Node <TT>running nodes</TT>: List of Running <TT>ejabberd</TT> Nodes-->
<H4><A NAME="htoc23">3.2.5</A>&nbsp;&nbsp;Node <TT>running nodes</TT>: List of Running <TT>ejabberd</TT> Nodes</H4><!--SEC END -->
<BLOCKQUOTE><DIV ALIGN=center><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="discorunnodes.png">
<BR>
<DIV ALIGN=center>Figure 5: Discovery running nodes</DIV><BR>
<A NAME="fig:discorunnodes"></A>
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--TOC subsubsection Node <TT>stopped nodes</TT>: List of Stopped Nodes-->
<H4><A NAME="htoc24">3.2.6</A>&nbsp;&nbsp;Node <TT>stopped nodes</TT>: List of Stopped Nodes</H4><!--SEC END -->
TBD<BR>
<BR>
<!--TOC section Distribution-->
<H2><A NAME="htoc25">4</A>&nbsp;&nbsp;Distribution</H2><!--SEC END -->
<A NAME="sec:distribution"></A>
<!--TOC subsection How it works-->
<H3><A NAME="htoc26">4.1</A>&nbsp;&nbsp;How it works</H3><!--SEC END -->
<A NAME="sec:howitworks"></A>
A Jabber domain is served by one or more <TT>ejabberd</TT> nodes. These nodes can
be run on different machines that are connected via a network. They all must
have the ability to connect to port 4369 of all another nodes, and must have
the same magic cookie (see Erlang/OTP documentation, in other words the file
<TT>~ejabberd/.erlang.cookie</TT> must be the same on all nodes). This is
needed because all nodes exchange information about connected users, S2S
connections, registered services, etc...<BR>
<BR>
Each <TT>ejabberd</TT> node have following modules:
<UL><LI>
router;
<LI>local router.
<LI>session manager;
<LI>S2S manager;
</UL>
<!--TOC subsubsection Router-->
<H4><A NAME="htoc27">4.1.1</A>&nbsp;&nbsp;Router</H4><!--SEC END -->
This module is the main router of Jabber packets on each node. It routes
them based on their destinations domains. It has two tables: local and global
routes. First, domain of packet destination searched in local table, and if it
found, then the packet is routed to appropriate process. If no, then it
searches in global table, and is routed to the appropriate <TT>ejabberd</TT> node or
process. If it does not exists in either tables, then it sent to the S2S
manager.<BR>
<BR>
<!--TOC subsubsection Local Router-->
<H4><A NAME="htoc28">4.1.2</A>&nbsp;&nbsp;Local Router</H4><!--SEC END -->
This module routes packets which have a destination domain equal to this server
name. If destination JID has a non-empty user part, then it routed to the
session manager, else it is processed depending on it's content.<BR>
<BR>
<!--TOC subsubsection Session Manager-->
<H4><A NAME="htoc29">4.1.3</A>&nbsp;&nbsp;Session Manager</H4><!--SEC END -->
This module routes packets to local users. It searches for what user resource
packet must be sended via presence table. If this resource is connected to
this node, it is routed to C2S process, if it connected via another node, then
the packet is sent to session manager on that node.<BR>
<BR>
<!--TOC subsubsection S2S Manager-->
<H4><A NAME="htoc30">4.1.4</A>&nbsp;&nbsp;S2S Manager</H4><!--SEC END -->
This module routes packets to other Jabber servers. First, it checks if an
open S2S connection from the domain of the packet source to the domain of
packet destination already exists. If it is open on another node, then it
routes the packet to S2S manager on that node, if it is open on this node, then
it is routed to the process that serves this connection, and if a connection
does not exist, then it is opened and registered.<BR>
<BR>
<!--TOC section Built-in Modules-->
<H2><A NAME="htoc31">A</A>&nbsp;&nbsp;Built-in Modules</H2><!--SEC END -->
<A NAME="sec:modules"></A>
<!--TOC subsection Common Options-->
<H3><A NAME="htoc32">A.1</A>&nbsp;&nbsp;Common Options</H3><!--SEC END -->
<A NAME="sec:modcommonopts"></A>
The following options are used by many modules, so they are described in
separate section.<BR>
<BR>
<!--TOC subsubsection Option <TT>iqdisc</TT>-->
<H4><A NAME="htoc33">A.1.1</A>&nbsp;&nbsp;Option <TT>iqdisc</TT></H4><!--SEC END -->
Many modules define handlers for processing IQ queries of different namespaces
to this server or to user (e.&nbsp;g. to <TT>example.org</TT> or to
<TT>user@example.org</TT>). This option defines processing discipline of
these queries. Possible values are:
<DL COMPACT=compact><DT>
<B><TT>no_queue</TT></B><DD> All queries of namespace with this processing
discipline processed immediately. This also means that no other packets can
be processed until finished this. Hence this discipline is not recommended
if processing of query can take relative many time.
<DT><B><TT>one_queue</TT></B><DD> In this case created separate queue for processing
of IQ queries of namespace with this discipline, and processing of this queue
is done in parallel with processing of other packets. This discipline is most
recommended.
<DT><B><TT>parallel</TT></B><DD> In this case for all packets with this discipline
spawned separate Erlang process, so all these packets processed in parallel.
Although spawning of Erlang process have relatively low cost, this can broke
server normal work, because Erlang emulator have limit on number of processes
(32000 by default).
</DL>
Example:
<PRE>
{modules, [
...
{mod_time, [{iqdisc, no_queue}]},
...
]}.
</PRE>
<!--TOC subsubsection Option <TT>host</TT>-->
<H4><A NAME="htoc34">A.1.2</A>&nbsp;&nbsp;Option <TT>host</TT></H4><!--SEC END -->
Some modules may act as services, and wants to have different domain name.
This option explicitly defines this name.<BR>
<BR>
Example:
<PRE>
{modules, [
...
{mod_echo, [{host, "echo.example.org"}]},
...
]}.
</PRE>
<!--TOC subsection <TT>mod_register</TT>-->
<H3><A NAME="htoc35">A.2</A>&nbsp;&nbsp;<TT>mod_register</TT></H3><!--SEC END -->
<A NAME="sec:modregister"></A>
This module adds support for
<A HREF="http://www.jabber.org/jeps/jep-0077.html">JEP-0077</A> (In-Band
Registration). There is possible to restrict registration via ``register''
access rule. If this rule returns ``deny'' on requested user name, then
registration is not allowed for it.<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:register</TT> IQ queries processing
discipline.
</DL>
Example:
<PRE>
% Deny registration for users with too short name
{acl, shortname, {user_glob, "?"}}.
{acl, shortname, {user_glob, "??"}}.
% Another variant: {acl, shortname, {user_regexp, "^..?$"}}.
{access, register, [{deny, shortname},
{allow, all}]}.
{modules, [
...
{mod_register, []},
...
]}.
</PRE>
<!--TOC subsection <TT>mod_roster</TT>-->
<H3><A NAME="htoc36">A.3</A>&nbsp;&nbsp;<TT>mod_roster</TT></H3><!--SEC END -->
<A NAME="sec:modroster"></A>
<!--TOC subsection <TT>mod_configure</TT>-->
<H3><A NAME="htoc37">A.4</A>&nbsp;&nbsp;<TT>mod_configure</TT></H3><!--SEC END -->
<A NAME="sec:modconfigure"></A>
<!--TOC subsection <TT>mod_disco</TT>-->
<H3><A NAME="htoc38">A.5</A>&nbsp;&nbsp;<TT>mod_disco</TT></H3><!--SEC END -->
<A NAME="sec:moddisco"></A>
This module adds support for
<A HREF="http://www.jabber.org/jeps/jep-0030.html">JEP-0030</A> (Service
Discovery).<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>http://jabber.org/protocol/disco#items</TT> and
<TT>http://jabber.org/protocol/disco#info</TT> IQ queries processing discipline.
<DT><B><TT>extra_domains</TT></B><DD> List of domains that will be added to server
items reply
</DL>
Example:
<PRE>
{modules, [
...
{mod_disco, [{extra_domains, ["jit.example.com",
"etc.example.com"]}]},
...
]}.
</PRE>
<!--TOC subsection <TT>mod_stats</TT>-->
<H3><A NAME="htoc39">A.6</A>&nbsp;&nbsp;<TT>mod_stats</TT></H3><!--SEC END -->
<A NAME="sec:modstats"></A>
This module adds support for
<A HREF="http://www.jabber.org/jeps/jep-0039.html">JEP-0039</A> (Statistics
Gathering).<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>http://jabber.org/protocol/stats</TT> IQ queries
processing discipline.
</DL>
TBD about access.<BR>
<BR>
<!--TOC subsection <TT>mod_vcard</TT>-->
<H3><A NAME="htoc40">A.7</A>&nbsp;&nbsp;<TT>mod_vcard</TT></H3><!--SEC END -->
<A NAME="sec:modvcard"></A>
<!--TOC subsection <TT>mod_offline</TT>-->
<H3><A NAME="htoc41">A.8</A>&nbsp;&nbsp;<TT>mod_offline</TT></H3><!--SEC END -->
<A NAME="sec:modoffline"></A>
<!--TOC subsection <TT>mod_echo</TT>-->
<H3><A NAME="htoc42">A.9</A>&nbsp;&nbsp;<TT>mod_echo</TT></H3><!--SEC END -->
<A NAME="sec:modecho"></A>
<!--TOC subsection <TT>mod_private</TT>-->
<H3><A NAME="htoc43">A.10</A>&nbsp;&nbsp;<TT>mod_private</TT></H3><!--SEC END -->
<A NAME="sec:modprivate"></A>
This module adds support of
<A HREF="http://www.jabber.org/jeps/jep-0049.html">JEP-0049</A> (Private XML
Storage).<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:private</TT> IQ queries processing discipline.
</DL>
<!--TOC subsection <TT>mod_time</TT>-->
<H3><A NAME="htoc44">A.11</A>&nbsp;&nbsp;<TT>mod_time</TT></H3><!--SEC END -->
<A NAME="sec:modtime"></A>
This module answers UTC time on <TT>jabber:iq:time</TT> queries.<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:time</TT> IQ queries processing discipline.
</DL>
<!--TOC subsection <TT>mod_version</TT>-->
<H3><A NAME="htoc45">A.12</A>&nbsp;&nbsp;<TT>mod_version</TT></H3><!--SEC END -->
<A NAME="sec:modversion"></A>
This module answers <TT>ejabberd</TT> version on <TT>jabber:iq:version</TT> queries.<BR>
<BR>
Options:
<DL COMPACT=compact><DT>
<B><TT>iqdisc</TT></B><DD> <TT>jabber:iq:version</TT> IQ queries processing discipline.
</DL>
<!--TOC section I18n/L10n-->
<H2><A NAME="htoc46">B</A>&nbsp;&nbsp;I18n/L10n</H2><!--SEC END -->
<A NAME="sec:i18nl10n"></A>
Many modules supports <TT>xml:lang</TT> attribute inside IQ queries. E.&nbsp;g.
on figure&nbsp;<A HREF="#fig:discorus">6</A> (compare it with figure&nbsp;<A HREF="#fig:disco">1</A>) showed
reply on following query:
<PRE>
&lt;iq id='5'
to='e.localhost'
type='get'&gt;
&lt;query xmlns='http://jabber.org/protocol/disco#items'
xml:lang='ru'/&gt;
&lt;/iq&gt;
</PRE>
<BLOCKQUOTE><DIV ALIGN=center><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
<IMG SRC="discorus.png">
<BR>
<DIV ALIGN=center>Figure 6: Discovery result when <TT>xml:lang='ru'</TT></DIV><BR>
<A NAME="fig:discorus"></A>
<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE>
<!--HTMLFOOT-->
<!--ENDHTML-->
<!--FOOTER-->
<HR SIZE=2>
<BLOCKQUOTE><EM>This document was translated from L<sup>A</sup>T<sub>E</sub>X by
</EM><A HREF="http://pauillac.inria.fr/~maranget/hevea/index.html"><EM>H<FONT SIZE=2><sup>E</sup></FONT>V<FONT SIZE=2><sup>E</sup></FONT>A</EM></A><EM>.
</EM></BLOCKQUOTE>
</BODY>
</HTML>