gpt4 book ai didi

xmpp - 如何将ejabberd服务器公开

转载 作者:行者123 更新时间:2023-12-02 05:36:20 26 4
gpt4 key购买 nike

我最近在 Ubuntu 12.04 LTS 上安装了 ejabberd。我进行了必要的配置,并且能够使用 LAN ip 在另一台计算机上使用 xmpp 客户端 PSI 进行连接。现在我想让我的 ejabberd 服务器可以从公共(public) url 访问,但没有成功。我做了以下事情:

  • 假设我的公共(public)域是 example.domain.com,公共(public) IP 是 123.123.10.210
  • 打开端口 5222 5269 和 5280。

    iptables -A INPUT -p tcp --dport 5222 -j ACCEPT
    iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
    iptables -A INPUT -p tcp --dport 5280 -j ACCEPT
  • 将以下内容添加到我的主机文件中:

    123.123.10.210 example.domain.com
  • 允许 ubuntu 防火墙:

    须藤 ufw 允许 5222
    须藤 ufw 允许 5269
    sudo ufw 允许 5280
  • 这是我的 ejabberd.cfg:

  • %%%
    %%% Debian ejabberd configuration file
    %%% This config must be in UTF-8 encoding
    %%%
    %%% The parameters used in this configuration file are explained in more detail
    %%% in the ejabberd Installation and Operation Guide.
    %%% Please consult the Guide in case of doubts, it is available at
    %%% /usr/share/doc/ejabberd/guide.html

    %%% This configuration file contains Erlang terms.
    %%% In case you want to understand the syntax, here are the concepts:
    %%%
    %%% - The character to comment a line is %
    %%%
    %%% - Each term ends in a dot, for example:
    %%% override_global.
    %%%
    %%% - A tuple has a fixed definition, its elements are
    %%% enclosed in {}, and separated with commas:
    %%% {loglevel, 4}.
    %%%
    %%% - A list can have as many elements as you want,
    %%% and is enclosed in [], for example:
    %%% [http_poll, web_admin, tls]
    %%%
    %%% - A keyword of ejabberd is a word in lowercase.
    %%% The strings are enclosed in "" and can have spaces, dots...
    %%% {language, "en"}.
    %%% {ldap_rootdn, "dc=example,dc=com"}.
    %%%
    %%% - This term includes a tuple, a keyword, a list and two strings:
    %%% {hosts, ["jabber.example.net", "im.example.com"]}.
    %%%

    %%% ===================================
    %%% OVERRIDE OPTIONS STORED IN DATABASE

    %%
    %% Override global options (shared by all ejabberd nodes in a cluster).
    %%
    %%override_global.

    %%
    %% Override local options (specific for this particular ejabberd node).
    %%
    %%override_local.

    %%
    %% Remove the Access Control Lists before new ones are added.
    %%
    %%override_acls.


    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    %% Options which are set by Debconf and managed by ucf

    %% Admin user
    {acl, admin, {user, "admin", "localhost"}}.

    %% Hostname
    {hosts, ["localhost", "example.domain.com"]}.

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


    %%% =========
    %%% DEBUGGING

    %%
    %% loglevel: Verbosity of log files generated by ejabberd.
    %% 0: No ejabberd log at all (not recommended)
    %% 1: Critical
    %% 2: Error
    %% 3: Warning
    %% 4: Info
    %% 5: Debug
    %%
    {loglevel, 4}.

    %%
    %% watchdog_admins: If an ejabberd process consumes too much memory,
    %% send live notifications to those Jabber accounts.
    %%
    %%{watchdog_admins, ["bob@example.com"]}.


    %%% ================
    %%% SERVED HOSTNAMES

    %%
    %% hosts: Domains served by ejabberd.
    %% You can define one or several, for example:
    %% {hosts, ["example.net", "example.com", "example.org"]}.
    %%
    %% (This option is defined by debconf earlier)
    %% {hosts, ["localhost"]}.

    %%
    %% route_subdomains: Delegate subdomains to other Jabber server.
    %% For example, if this ejabberd serves example.org and you want
    %% to allow communication with a Jabber server called im.example.org.
    %%
    %%{route_subdomains, s2s}.


    %%% ===============
    %%% LISTENING PORTS

    %%
    %% listen: Which ports will ejabberd listen, which service handles it
    %% and what options to start it with.
    %%
    %5222
    {listen,
    [
    {5222, ejabberd_c2s, [
    {access, c2s},
    {access, register},
    {shaper, c2s_shaper},
    {max_stanza_size, 65536},
    %%zlib,
    starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
    ]},

    %%
    %% To enable the old SSL connection method (deprecated) in port 5223:
    %%
    %%{5223, ejabberd_c2s, [
    %% {access, c2s},
    %% {shaper, c2s_shaper},
    %% {max_stanza_size, 65536},
    %% zlib,
    %% tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
    %% ]},
    %5269
    {5269, ejabberd_s2s_in, [
    {shaper, s2s_shaper},
    {max_stanza_size, 131072}
    ]},

    %% External MUC jabber-muc
    %%{5554, ejabberd_service, [
    %% {ip, {127, 0, 0, 1}},
    %% {access, all},
    %% {shaper_rule, fast},
    %% {host, "muc.localhost", [{password, "secret"}]}
    %% ]},

    %% Jabber ICQ Transport
    %%{5555, ejabberd_service, [
    %% {ip, {127, 0, 0, 1}},
    %% {access, all},
    %% {shaper_rule, fast},
    %% {hosts, ["icq.localhost", "sms.localhost"],
    %% [{password, "secret"}]}
    %% ]},

    %% AIM Transport
    %%{5556, ejabberd_service, [
    %% {ip, {127, 0, 0, 1}},
    %% {access, all},
    %% {shaper_rule, fast},
    %% {host, "aim.localhost", [{password, "secret"}]}
    %% ]},

    %% MSN Transport
    %%{5557, ejabberd_service, [
    %% {ip, {127, 0, 0, 1}},
    %% {access, all},
    %% {shaper_rule, fast},
    %% {host, "msn.localhost", [{password, "secret"}]}
    %% ]},

    %% Yahoo! Transport
    %%{5558, ejabberd_service, [
    %% {ip, {127, 0, 0, 1}},
    %% {access, all},
    %% {shaper_rule, fast},
    %% {host, "yahoo.localhost", [{password, "secret"}]}
    %% ]},

    %% External JUD (internal is more powerful,
    %% but doesn't allow to register users from other servers)
    %%{5559, ejabberd_service, [
    %% {ip, {127, 0, 0, 1}},
    %% {access, all},
    %% {shaper_rule, fast},
    %% {host, "jud.localhost", [{password, "secret"}]}
    %% ]},
    %5280
    {5280, ejabberd_http, [
    %%{request_handlers,
    %% [
    %% {["pub", "archive"], mod_http_fileserver}
    %% ]},
    %%captcha,
    http_bind,
    http_poll,
    web_admin
    ]}

    ]}.

    %%
    %% max_fsm_queue: Enable limiting of lengths of "message queues"
    %% for outgoing connections. Roughly speaking, each message in such
    %% queues represents one XML stanza queued to be sent into
    %% an output stream it is serving.
    %% The default value is an atom 'undefined' which specifies no limiting.
    %%
    %% When specified globally, this option limits the message queue lengths
    %% for all ejabberd_c2s_in and ejabberd_service listeners,
    %% as well as for outgoing s2s connections.
    %%
    %% This option can also be specified as an option for ejabberd_c2s_in
    %% and ejabberd_service listeners, in wich case it will override
    %% the value of the global option.
    %%
    {max_fsm_queue, 1000}.

    %%
    %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
    %% Allowed values are: true or false.
    %% You must specify a certificate file.
    %%
    {s2s_use_starttls, true}.

    %%
    %% s2s_certfile: Specify a certificate file.
    %%
    {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.

    %%
    %% domain_certfile: Specify a different certificate for each served hostname.
    %%
    %%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
    %%{domain_certfile, "example.com", "/path/to/example_com.pem"}.

    %%
    %% S2S whitelist or blacklist
    %%
    %% Default s2s policy for undefined hosts.
    %%
    %%{s2s_default_policy, allow}.

    %%
    %% Allow or deny communication with specific servers.
    %%
    %%{{s2s_host, "goodhost.org"}, allow}.
    %%{{s2s_host, "badhost.org"}, deny}.

    %%
    %% The maximum allowed delay for retry to connect
    %% after a failed connection attempt to a remote server, in seconds.
    %% The default value is 300 seconds (5 minutes).
    %%
    %% The reconnection algorythm works like this: if connection fails,
    %% ejabberd makes an initial random delay between 1 and 15 seconds,
    %% then retries, and if this attempt fails, makes another delay,
    %% twice as long as previous. These attempts are performed either
    %% until a successful connection is made or until the next calculated
    %% delay is greated or equal than the value of s2s_max_retry_delay.
    %%
    %%{s2s_max_retry_delay, 300}.

    %%
    %% Outgoing S2S options
    %%
    %% Preferred address families (which to try first) and connect timeout
    %% in milliseconds.
    %%
    %%{outgoing_s2s_options, [ipv4, ipv6], 10000}.


    %%% ==============
    %%% AUTHENTICATION

    %%
    %% auth_method: Method used to authenticate the users.
    %% The default method is the internal.
    %% If you want to use a different method,
    %% comment this line and enable the correct ones.
    %%
    {auth_method, internal}.

    %%
    %% Authentication using external script
    %% Make sure the script is executable by ejabberd.
    %%
    %%{auth_method, external}.
    %%{extauth_program, "/path/to/authentication/script"}.

    %%
    %% Authentication using ODBC
    %% Remember to setup a database in the next section.
    %%
    %%{auth_method, odbc}.

    %%
    %% Authentication using PAM
    %%
    %%{auth_method, pam}.
    %%{pam_service, "pamservicename"}.

    %%
    %% Authentication using LDAP
    %%
    %%{auth_method, ldap}.
    %%
    %% List of LDAP servers:
    %%{ldap_servers, ["localhost"]}.
    %%
    %% Encryption of connection to LDAP servers (LDAPS):
    %%{ldap_encrypt, none}.
    %%{ldap_encrypt, tls}.
    %%
    %% Port connect to LDAP server:
    %%{ldap_port, 389}.
    %%{ldap_port, 636}.
    %%
    %% LDAP manager:
    %%{ldap_rootdn, "dc=example,dc=com"}.
    %%
    %% Password to LDAP manager:
    %%{ldap_password, "******"}.
    %%
    %% Search base of LDAP directory:
    %%{ldap_base, "dc=example,dc=com"}.
    %%
    %% LDAP attribute that holds user ID:
    %%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
    %%
    %% LDAP filter:
    %%{ldap_filter, "(objectClass=shadowAccount)"}.

    %%
    %% Anonymous login support:
    %% auth_method: anonymous
    %% anonymous_protocol: sasl_anon | login_anon | both
    %% allow_multiple_connections: true | false
    %%
    %%{host_config, "public.example.org", [{auth_method, anonymous},
    %% {allow_multiple_connections, false},
    %% {anonymous_protocol, sasl_anon}]}.
    %%
    %% To use both anonymous and internal authentication:
    %%
    %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.


    %%% ==============
    %%% DATABASE SETUP

    %% ejabberd uses by default the internal Mnesia database,
    %% so you can avoid this section.
    %% This section provides configuration examples in case
    %% you want to use other database backends.
    %% Please consult the ejabberd Guide for details about database creation.

    %% NOTE that ejabberd in Debian supports "out of the box"
    %% only mnesia (default) and ODBC storage backends.
    %% Working with MySQL and PostgreSQL DB backends requires
    %% building and installation of the corresponding Erlang modules,
    %% not distributed as a part of ejabberd.
    %% Refer to /usr/share/doc/ejabberd/README.Debian for details.

    %%
    %% MySQL server:
    %%
    %%{odbc_server, {mysql, "server", "database", "username", "password"}}.
    %%
    %% If you want to specify the port:
    %%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.

    %%
    %% PostgreSQL server:
    %%
    %%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
    %%
    %% If you want to specify the port:
    %%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
    %%
    %% If you use PostgreSQL, have a large database, and need a
    %% faster but inexact replacement for "select count(*) from users"
    %%
    %%{pgsql_users_number_estimate, true}.

    %%
    %% ODBC compatible or MSSQL server:
    %%
    %%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.

    %%
    %% Number of connections to open to the database for each virtual host
    %%
    %%{odbc_pool_size, 10}.

    %%
    %% Interval to make a dummy SQL request to keep alive the connections
    %% to the database. Specify in seconds: for example 28800 means 8 hours
    %%
    %%{odbc_keepalive_interval, undefined}.


    %%% ===============
    %%% TRAFFIC SHAPERS

    %%
    %% The "normal" shaper limits traffic speed to 1.000 B/s
    %%
    {shaper, normal, {maxrate, 1000}}.

    %%
    %% The "fast" shaper limits traffic speed to 50.000 B/s
    %%
    {shaper, fast, {maxrate, 50000}}.


    %%% ====================
    %%% ACCESS CONTROL LISTS

    %%
    %% The 'admin' ACL grants administrative privileges to Jabber accounts.
    %% You can put as many accounts as you want.
    %%
    %%{acl, admin, {user, "aleksey", "localhost"}}.
    %%{acl, admin, {user, "ermine", "example.org"}}.

    %%
    %% Blocked users
    %%
    %%{acl, blocked, {user, "baduser", "example.org"}}.
    %%{acl, blocked, {user, "test"}}.

    %%
    %% Local users: don't modify this line.
    %%
    {acl, local, {user_regexp, ""}}.

    %%
    %% More examples of ACLs
    %%
    %%{acl, jabberorg, {server, "jabber.org"}}.
    %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
    %%{acl, test, {user_regexp, "^test"}}.
    %%{acl, test, {user_glob, "test*"}}.

    %%
    %% Define specific ACLs in a virtual host.
    %%
    %%{host_config, "localhost",
    %% [
    %% {acl, admin, {user, "bob-local", "localhost"}}
    %% ]
    %%}.


    %%% ============
    %%% ACCESS RULES

    %% Define the maximum number of time a single user is allowed to connect:
    {access, max_user_sessions, [{10, all}]}.

    %% Maximum number of offline messages that users can have:
    {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.

    %% This rule allows access only for local users:
    {access, local, [{allow, local}]}.

    %% Only non-blocked users can use c2s connections:
    %{access, c2s, [{deny, blocked},
    % {allow, all}]}.

    % TODO: Testing. Allow all
    {access, c2s, [{allow, all}]}.

    %% For all users except admins used "normal" shaper
    {access, c2s_shaper, [{none, admin},
    {normal, all}]}.

    %% For all S2S connections used "fast" shaper
    {access, s2s_shaper, [{fast, all}]}.

    %% Only admins can send announcement messages:
    {access, announce, [{allow, admin}]}.

    %% Only admins can use configuration interface:
    {access, configure, [{allow, admin}]}.

    %% Admins of this server are also admins of MUC service:
    {access, muc_admin, [{allow, admin}]}.

    %% All users are allowed to use MUC service:
    {access, muc, [{allow, all}]}.

    %% No username can be registered via in-band registration:
    %% To enable in-band registration, replace 'deny' with 'allow'
    % (note that if you remove mod_register from modules list then users will not
    % be able to change their password as well as register).
    % This setting is default because it's more safe.
    %{access, register, [{deny, all}]}.
    %TODO: testing. allow registration
    {access, register, [{allow, all}]}.

    %% By default frequency of account registrations from the same IP
    %% is limited to 1 account every 10 minutes. To disable put: infinity
    %%{registration_timeout, 600}.

    %% Everybody can create pubsub nodes
    {access, pubsub_createnode, [{allow, all}]}.

    %%
    %% Define specific Access rules in a virtual host.
    %%
    %%{host_config, "localhost",
    %% [
    %% {access, c2s, [{allow, admin}, {deny, all}]},
    %% {access, register, [{deny, all}]}
    %% ]
    %%}.


    %%% ================
    %%% DEFAULT LANGUAGE

    %%
    %% language: Default language used for server messages.
    %%
    {language, "en"}.

    %%
    %% Set a different default language in a virtual host.
    %%
    %%{host_config, "localhost",
    %% [{language, "ru"}]
    %%}.


    %%% =======
    %%% CAPTCHA

    %%
    %% Full path to a script that generates the image.
    %% Note that this script must be made executable
    %% for the user ejabberd:ejabberd.
    %%
    %%{captcha_cmd, "/usr/lib/ejabberd/priv/bin/captcha.sh"}.

    %%
    %% Host part of the URL sent to the user.
    %% The port specified must be configured as the "ejabberd_http"
    %% listener which must have the "captcha" directive included
    %% in its configuration (see the "LISTENING PORTS" section above).
    %%
    %%{captcha_host, "localhost:5280"}.


    %%% =======
    %%% MODULES

    %%
    %% Modules enabled in all ejabberd virtual hosts.
    %%
    {modules,
    [
    {mod_adhoc, []},
    {mod_announce, [{access, announce}]}, % requires mod_adhoc
    {mod_caps, []},
    {mod_configure,[]}, % requires mod_adhoc
    {mod_admin_extra, []},
    {mod_disco, []},
    %%{mod_echo, [{host, "echo.localhost"}]},
    {mod_irc, []},
    %% NOTE that mod_http_fileserver must also be enabled in the
    %% "request_handlers" clause of the "ejabberd_http" listener
    %% configuration (see the "LISTENING PORTS" section above).
    %%{mod_http_fileserver, [
    %% {docroot, "/var/www"},
    %% {accesslog, "/var/log/ejabberd/access.log"}
    %% ]},
    {mod_last, []},
    {mod_muc, [
    %%{host, "conference.@HOST@"},
    {access, muc},
    {access_create, muc},
    {access_persistent, muc},
    {access_admin, muc_admin},
    {max_users, 500}
    ]},
    %%{mod_muc_log,[]},
    {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
    {mod_privacy, []},
    {mod_private, []},
    {mod_proxy65, [
    {access, local},
    {shaper, c2s_shaper}
    ]},
    {mod_pubsub, [ % requires mod_caps
    {access_createnode, pubsub_createnode},
    {pep_sendlast_offline, false},
    {last_item_cache, false},
    %%{plugins, ["default", "pep"]}
    {plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
    ]},
    {mod_register, [
    %%
    %% After successful registration, the user receives
    %% a message with this subject and body.
    %%
    {welcome_message, {"Welcome!",
    "Welcome to a Jabber service powered by Debian. "
    "For information about Jabber visit "
    "http://www.jabber.org"}},
    %% Replace it with 'none' if you don't want to send such message:
    %%{welcome_message, none},

    %%
    %% When a user registers, send a notification to
    %% these Jabber accounts.
    %%
    %%{registration_watchers, ["admin1@example.org"]},

    {access, register}
    ]},
    {mod_roster, []},
    %%{mod_service_log,[]},
    %%{mod_shared_roster,[]},
    {mod_stats, []},
    {mod_time, []},
    {mod_vcard, []},
    {mod_version, []}
    ]}.

    %%
    %% Enable modules with custom options in a specific virtual host
    %%
    %%{host_config, "localhost",
    %% [{{add, modules},
    %% [
    %% {mod_echo, [{host, "mirror.localhost"}]}
    %% ]
    %% }
    %% ]}.


    %%% $Id: ejabberd.cfg.example 2497 2009-08-17 20:27:28Z cromain $

    %%% Local Variables:
    %%% mode: erlang
    %%% End:
    %%% vim: set filetype=erlang tabstop=8:

    最佳答案

  • 验证连接是否真正通过服务器。

    在连接互联网的盒子上使用 telnet , nc或类似的命令来验证连接到服务器的知名端口是否有效。做
    $ telnet 123.123.10.210 5222

    然后输入一些乱码并按 Enter 发送它—您应该从服务器收到一个 XML 节,告诉您发送了一个格式错误的流并指示流关闭(要退出 telnet session ,请按 Crl-] 然后输入q 并按 Enter)。

    如果此命令挂起然后超时或完全失败,则说明您遇到了网络连接问题。

    当您检查时,拥有 tcpdump 的实例非常方便。运行以查看客户端数据包是否进入并回复:
    # tcpdump -n -i eth0 'tcp and (port 5222 or port 5269)'

    (替换您的 Internet 连接接口(interface)的名称而不是 eth0 )。
  • 您必须为您的 XMPP 域设置正确的 DNS。

    也就是说,如果您的用户在 example.domain.com 中有 JID ,互联网上的每个人都应该能够向他们的 DNS 服务器询问如何使用 XMPP 联系该域中具有 JID 的用户。这是使用 SRV 记录完成的。维护 example.domain.com 的 DNS 服务器必须有两条 DNS 记录:
  • _xmpp-client._tcp.example.domain.com指向接受客户端连接的服务器的主机和端口(因此它们应该是 123.123.10.2105222 )。
  • _xmpp-server._tcp.example.domain.com指向接受服务器连接的服务器的主机和端口(因此它们应该是 123.123.10.2105269 )。

  • 更多信息 here .


    $ host -t srv _xmpp-client._tcp.gmail.com
    $ host -t srv _xmpp-server._tcp.gmail.com

    了解它的外观。
    这里要注意的另一件事是,如果您的服务器位于 DMZ 中(不直接连接到 Internet,而是由 NAT 设备介导),则应该更多地涉及防火墙设置。但在深入研究之前,请按照上述说明检查连接性。

    关于xmpp - 如何将ejabberd服务器公开,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22101523/

    26 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com