[ejabberd] Seeking information for building a modular ansible role

André Rodier andre at rodier.me
Wed May 15 16:13:15 MSK 2019


On 2019-05-15 12:31, Hartmut Goebel wrote:
> Hello,
> 
> I'm working on a modular ansible role to be included in the debops role
> collection (https://debops.org/). The idea is to allow the admin to
> easily enable and disable features without in-deep knowledge of 
> ejabberd
> configuration. E.g. if an admin says: "I want muc, upload, but no
> registration and no BOCH", the ansible role will create an appropriate
> config file using reasonable defaults. This would enable more people to
> run a xmpp server on their own.
> 
> I've searched the internet for examples and explanations already, but
> did not find the answers for some of my questions. As you can see, I
> have a lot :-)
> 
> Any answer is appreciated, also pointers to online documentation. 
> thanks
> in advance!
> 
> For the following questions, assume JID "user at my-club.org" shell be
> server by a state-of-the-art XMPP server running on a system with FQDN
> "some.server.net". DNS SRV records shall be set up as required.
> 
> Basic:
> 
> 1) What are the features required to run a state-of-the-art XMPP 
> server?
> (E.g. Is file upload, pubsub, proxy65, muc, or bosh required,
> recommended or optional?)
> 
> Hostnames and TLS certificates
> 
> 2a) Regarding hostnames: Are different hostnames required for upload,
> proxy, pubsub (as [1] sec. 3.3 shows), or can this be the same hostname
> as the "base" XMPP server ("my-club.org")?
> 
> 2b) If any, which of these hostnames are to be read or typed in be user
> and which can be just meaningless (ajkdfha.my-club.org)
> 
> 3a) Regarding TLS certificates: I assume the TLS certificates need to
> cover all the hostnames 8as in question 2). Is this correct?
> 
> 3b) Let's assume I have a SRV record for "my-club.org" pointing to "...
> some.server.net". Does the certificate need to include "my-club.org" or
> "some.server.net" or both?
> 
> Configuration:
> 
> 4) Which are the modules to be activated for a state-of-the-art XMPP 
> server?
> 
> 5) If you have a basic XMPP server, what has to be changed/added in
> configuration options to activate for each of  muc, in-band
> registration, registration via web, file upload, pubsub, proxy65, muc,
> bosh, etc. I need this information to allow enabling or disable 
> features
> as described at the top of this posting.
> 
> DNS:
> 
> 6a) Regarding DNS: Which SRV records are required to be set up? I
> assume  {_xmpp,_xmpps}.{_client,_server}.my-club.org.
> 
> 6b) Are there any SRV records required for other hostnames (according 
> to
> in question 2)? Of course A/AAAA/CNAME records need to be defined for
> all of theses hostnames.
> 
> Again: Any answer is appreciated, also pointers to online 
> documentation.
> thanks in advance!
> 
> [1]
> https://www.kuketz-blog.de/ejabberd-installation-und-betrieb-eines-xmpp-servers/

Hello Hartmut,

This one is pretty monolithic, but you may find useful information:

https://github.com/progmaticltd/homebox/tree/master/install/playbooks/roles/ejabberd

The role deploys eJabberd with C2S and S2S, plus files downloading 
functions. It works perfectly so far, I am using it every day to 
exchange files and send messages using conversations on Android.

I have added some AppArmor rules as well, have a look if you are 
interested.

Kind regards,
André


More information about the ejabberd mailing list