We Keep Coding

ejabberd connecting to admin "missing server"

I'm trying to configure an ejabberd service that is working behind a public facing server.
The latter sends https requests to the former via nginx reverse-proxy.
When accessing https://xmpp.example.cyou:5443/admin/ I place the credentials for user admin, but cannot log in.
The log shows:
2021-07-27 12:12:12.548 [info] <0.396.0>#ejabberd_listener:accept:273 (<0.23212.0>) Accepted connection 44.44.55.55:57850 -> 192.168.7.5:5443
2021-07-27 12:12:12.592 [warning] <0.23212.0>#ejabberd_web_admin:process2:215 Access of <<"admin">> from <<"44.44.55.55">> failed with error: <<"missing-server">>
The ejabberd.yml configuration is:
hosts:
- "example.cyou"
captcha_cmd: "/usr/local/bin/captcha.sh"
captcha_url: "http://#HOST#:5280/captcha"
captcha_limit: 5
loglevel: 4
certfiles:
- "/usr/local/etc/ejabberd/certs/example.pem"
- "/usr/local/etc/ejabberd/certs/example.cyou.key"
listen:
-
port: 5222
ip: "192.168.7.5"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
tls: true
starttls: true
starttls_required: true
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
- "no_tlsv1_3"
ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
dhfile:
"/usr/local/etc/ejabberd/certs/c2s_dh2048.pem"
-
port: 5269
ip: "192.168.7.5"
module: ejabberd_s2s_in
max_stanza_size: 524288
dhfile:
"/usr/local/etc/ejabberd/certs/s2s_dh2048.pem"
-
port: 5443
ip: "192.168.7.5"
module: ejabberd_http
tls: true
request_handlers:
/admin: ejabberd_web_admin
/api: mod_http_api
/bosh: mod_bosh
/captcha: ejabberd_captcha
/upload: mod_http_upload
/ws: ejabberd_http_ws
-
port: 5280
ip: "192.168.7.5"
module: ejabberd_http
request_handlers:
/admin: ejabberd_web_admin
-
port: 3478
ip: "192.168.7.5"
transport: udp
module: ejabberd_stun
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
turn_ipv4_address: 22.33.44.55
-
port: 1883
ip: "192.168.7.5"
module: mod_mqtt
backlog: 1000
-
port: 5349
transport: tcp
module: ejabberd_stun
use_turn: true
tls: true
turn_min_port: 49152
turn_max_port: 65535
ip: 192.168.7.5
turn_ipv4_address: 22.33.44.55
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
admin:
user:
- "admin#example.cyou"
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
- acl: loopback
- acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal:
rate: 3000
burst_size: 20000
fast: 100000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
docroot: "/var/spool/ejabberd/upload"
put_url: "https://upload.#HOST#:5443"
max_size: 10000000 #10MB
file_mode: "0644"
dir_mode: "0744"
thumbnail: false
access: local
mod_last: {}
mod_mam:
assume_mam_usage: true
default: always
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
ip_access: all
captcha_protected: true
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_stun_disco:
credentials_lifetime: 12h
services:
-
host: 192.168.7.5
port: 3478
type: stun
transport: udp
restricted: false
-
host: 192.168.7.5
port: 3478
type: turn
transport: udp
restricted: true
-
host: example.cyou
port: 5349
type: stuns
transport: tcp
restricted: false
-
host: example.cyou
port: 5349
type: turns
transport: tcp
restricted: true
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
What is wrong? What is missing?

I place the credentials for user admin, but cannot log in.
Access of <<"admin">> from <<"44.44.55.55">> failed with error: <<"missing-server">>
You provided as account only "admin", and that is wrong.
As mentioned in https://docs.ejabberd.im/admin/guide/managing/#web-admin
You will be asked to enter the username (the full Jabber ID)
and password of an ejabberd user with administrator rights.
So, the credentials you must provide to login are: admin#example.cyou and the password.

Not able to register in ejabberd from a non-local ip

The ejabberd server in on LAN host on the 192.168.7.5 IP.
At the computer facing the Internet, the firewall redirects ports 5222, 5269, 5443, 5280, 3478, 5349, 49152:65535 to the ejabberd server.
I've read about spam in creating accounts, but I'm unsure about what to choose.
Thought of having trusted_network: loopback but allowing registration from all IPs (later will be restricted at the firewall basis) using a captcha service.
When trying to register from Gajim, the process seems to keep trying forever.
At the ejabberd's logs:
2021-07-27 16:53:42.970 [info] <0.383.0>#ejabberd_listener:accept:273 (<0.581.0>) Accepted connection 11.12.13.14:51267 -> 192.168.7.5:5222
Here's my ejabberd.yml:
hosts:
- "example.cyou"
captcha_cmd: "/usr/local/bin/captcha.sh"
captcha_url: "http://example.cyou:5280/captcha"
captcha_limit: 20
loglevel: 4
certfiles:
- "/usr/local/etc/ejabberd/certs/example.pem"
- "/usr/local/etc/ejabberd/certs/example.cyou.key"
listen:
-
port: 5222
ip: "192.168.7.5"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
tls: true
starttls: true
starttls_required: true
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
- "no_tlsv1_3"
ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
dhfile:
"/usr/local/etc/ejabberd/certs/c2s_dh2048.pem"
-
port: 5269
ip: "192.168.7.5"
module: ejabberd_s2s_in
max_stanza_size: 524288
dhfile:
"/usr/local/etc/ejabberd/certs/s2s_dh2048.pem"
-
port: 5443
ip: "192.168.7.5"
module: ejabberd_http
tls: true
request_handlers:
/admin: ejabberd_web_admin
/api: mod_http_api
/bosh: mod_bosh
/captcha: ejabberd_captcha
/upload: mod_http_upload
/ws: ejabberd_http_ws
-
port: 5280
ip: "192.168.7.5"
module: ejabberd_http
web_admin: true
http_bind: true
register: true
request_handlers:
/admin: ejabberd_web_admin
-
port: 3478
ip: "192.168.7.5"
transport: udp
module: ejabberd_stun
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
turn_ipv4_address: 22.33.44.55
-
port: 1883
ip: "192.168.7.5"
module: mod_mqtt
backlog: 1000
-
port: 5349
transport: tcp
module: ejabberd_stun
use_turn: true
tls: true
turn_min_port: 49152
turn_max_port: 65535
ip: 192.168.7.5
turn_ipv4_address: 22.33.44.55
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
admin:
user:
- "admin#example.cyou"
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: all
register:
- allow: all
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
- acl: loopback
- acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal:
rate: 3000
burst_size: 20000
fast: 100000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
docroot: "/var/spool/ejabberd/upload"
put_url: "https://upload.#HOST#:5443"
max_size: 10000000 #10MB
file_mode: "0644"
dir_mode: "0744"
thumbnail: false
access: local
mod_last: {}
mod_mam:
assume_mam_usage: true
default: always
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
ip_access: all
captcha_protected: true
password_strength: 0
registration_watchers:
-
"admin#example.cyou"
access_from: register_from
access: register
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_stun_disco:
credentials_lifetime: 12h
services:
-
host: 192.168.7.5
port: 3478
type: stun
transport: udp
restricted: false
-
host: 192.168.7.5
port: 3478
type: turn
transport: udp
restricted: true
-
host: example.cyou
port: 5349
type: stuns
transport: tcp
restricted: false
-
host: example.cyou
port: 5349
type: turns
transport: tcp
restricted: true
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
Besides this, for the reverse proxy (nginx)
server {
listen 5280 ;
server_name example.cyou;
root /usr/local/www/nginx/example.cyou;
index captcha.html;
location /captcha {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://192.168.7.5:5280;
}
}
So my questions are:
How can the config be corrected
If ejabberd is serving more than one host, how can different options be placed in mod_register, according to the host being serviced by ejabberd, for example, for example.cyou having the options as stated, but for host foobar.org having register open only for a local network and having the registration_watchers specified according to each of the hosts.

If ejabberd is serving more than one host, how can different options be placed in mod_register, according to the host being serviced by ejabberd, for example, for example.cyou having the options as stated, but for host foobar.org having register open only for a local network and having the registration_watchers specified according to each of the hosts.
Use append_host_config. There's an example in
https://docs.ejabberd.im/admin/configuration/basic/#virtual-hosting that configures mod_muc differently for each vhost.

How to connect ejabberd with phpmyadmin for storing messages into database?

I downloaded the XAMPP server which has Apache and MySQL in it. link: https://www.apachefriends.org/download.html
I downloaded the 20.01 version of the ejabberd installer for windows 10 OS. After that, I run the installer and installed the ejabberd in my Program files folder.
I created the ejabberd database in http://localhost/phpmyadmin/index.php and imported all the tables from mysql.sql file using C:\Program Files\ejabberd-20.01\lib\ejabberd-20.01\priv\sql folder.
Database setup completed. After that,
I configured the ejabberd.yml file.
After that, I installed the Pidgin Client for a chat then I started the ejabberd node.
According to the below ejabberd.yml configuration, The ejabberd node is running fine and I am able to chat with users in the Pidgin client.
I registered a new user in the ejabberd dashboard But I am not getting the message data and registered user data (username and password) into the PHPMyAdmin MySQL database.
My purpose for this issue is to use the ejabberd MySQL database which is already created by me in PHPMyAdmin. I want to store chat messages in the ejabberd MySQL database.
ejabberd.yml file:
hosts:
- "localhost"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "C:/ProgramData/ejabberd/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "C:/ProgramData/ejabberd/conf/cacert.pem"
listen:
-
port: 5222
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
admin:
user:
- "admin#localhost"
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "root"
sql_password: ""
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin#localhost"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://#HOST#:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8

I registered a new user in the ejabberd dashboard But I am not getting the message data and registered user data (username and password) into the PHPMyAdmin MySQL database.
If you login in ejabberd WebAdmin with an admin account, and go to -> Nodes -> your node -> Database, you will see that the internal Mnesia table "passwd" has 1 Element. That means one account is registered in ejabberd, and stored in the Mnesia database. That's the internal database used by default.
ejabberd.yml file:
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "root"
sql_password: ""
Ok, those options tell ejabberd what SQL database you want to use, and how to connect to it.
I want to store chat messages in the ejabberd MySQL database.
Then, tell ejabberd to use sql for the tasks that you want. For example, add also those options to your config:
auth_method: sql
default_db: sql
See:
https://docs.ejabberd.im/admin/configuration/toplevel/#auth-method
https://docs.ejabberd.im/admin/configuration/toplevel/#default-db

How to get last activity of user from ejabberd?

I try to get the last_activity of user using ejabberd API get_last but getting this error: REST API Error: get_last([{<<"user">>,<<"67456efc-be57-4cbd-a176-527de2dce19d#faiqkhan-virtualbox">>},{<<"host">>,<<"faiqkhan-VirtualBox">>}]) -> error:{module_not_loaded,mod_last,<<"faiqkhan-VirtualBox">>} [{gen_mod,get_module_opts,2,[{file,"src/gen_mod.erl"},{line,338}]},{gen_mod,get_module_opt,3,[{file,"src/gen_mod.erl"},{line,318}]},{gen_mod,db_mod,3,[{file,"src/gen_mod.erl"},{line,352}]},{mod_last,get_last,2,[{file,"src/mod_last.erl"},{line,181}]},{mod_last,get_last_info,2,[{file,"src/mod_last.erl"},{line,248}]},{mod_admin_extra,get_last,2,[{file,"src/mod_admin_extra.erl"},{line,1382}]},{mod_http_api,handle2,4,[{file,"src/mod_http_api.erl"},{line,268}]},{mod_http_api,handle,4,[{file,"src/mod_http_api.erl"},{line,229}]}]
I checked my ejabberd.yml mod_last: {} is added in the modules tag.
My ejabberd configuration:
hosts:
- "faiqkhan-VirtualBox"
loglevel: 4
log_rotate_size: 10485760
log_rotate_count: 1
certfiles:
- "/home/faiqkhan/ejabberd-20.07/conf/server.pem"
ca_file: "/home/faiqkhan/ejabberd-20.07/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: false
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: false
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
- ::FFFF:172.0.0.1/16
admin:
user:
- "admin#faiqkhan-VirtualBox"
ip:
- ::FFFF:172.19.0.0/16
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: local
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin#faiqkhan-VirtualBox"
ca_url: "https://acme-v02.api.letsencrypt.org/directory"
allow_contrib_modules: true
modules:
mod_stanza_ack: {}
mod_http_offline: {}
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://#HOST#:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: all
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard:
search: true
mod_vcard_xupdate: {}
mod_version:
show_os: false

Check the documentation of the get_last API call you want to use. It seems you are not providing the correct arguments:
https://docs.ejabberd.im/developer/ejabberd-api/admin-api/#get-last

Ejabberd Authentication

I have my rails app. And whenever user registers, I want to register user on ejabberd node as well. But, whenever i call register API using curl request, it gives be following error:
{"status":"error","code":32,"message":"AccessRules: Account does not have the right to perform the operation."}
My curl request is:
curl -X POST --data '{"user": "bob", "host": "localhost", "password": "password"}' http://localhost:5443/api/register
My ejabberd.yml file is as below:
hosts:
- "localhost"
loglevel: 5
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "/etc/letsencrypt/live/localhost/fullchain.pem"
- "/etc/letsencrypt/live/localhost/privkey.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: false
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "0.0.0.0"
module: ejabberd_http
request_handlers:
"/api": mod_http_api
"/bosh": mod_bosh
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
web_admin: true
captcha: true
tls: false
commands_admin_access: configure
commands:
- add_commands: [user, admin, open]
oauth_expire: 3600
oauth_access: all
s2s_use_starttls: optional
acl:
admin:
user:
- "admin#localhost"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: local
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
oauth:
- scope: "ejabberd:admin"
- allow: admin
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: admin#localhost
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: admin#localhost
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "0.0.0.0"
what:
- "register"
- "status"
- "connected_users_number"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: "https://#HOST#:5443/upload"
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: always
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
ip: "localhost"
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- "flat"
- "pep"
force_node_config:
## Change from "whitelist" to "open" to enable OMEMO support
## See https://github.com/processone/ejabberd/issues/2425
"eu.siacs.conversations.axolotl.*":
access_model: whitelist
## Avoid buggy clients to make their bookmarks public
"storage:bookmarks":
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
Can someone point me where exactly I might be wrong?
Thanks in advance.

If you want to use mod_http_api from localhost to register accounts, you can grant it permission in this way:
api_permissions:
"http_api commands":
who:
- ip: "127.0.0.1"
from:
- mod_http_api
what:
- "register"
See https://docs.ejabberd.im/developer/ejabberd-api/permissions/

Are you logged in before requesting this? or r u using any kind of authentication mechanism?
If you r requesting without this try adding the ip from which you are requesting insode
"public commands":
who:
- ip: "0.0.0.0"
what:
- "register"
- "status"
- "connected_users_number"
part.
Else try adding allow all under register in api_permission section