I have installed the Ejabberd version 17.11 in our server. After the intallation, the user is able to connect with the Ejabberd service 1st time successfully. But once the session ended by that user and if the same user tries to connect again then we are getting the below error message.
websocket|<0.574.0>) Failed c2s PLAIN authentication for user#domain from xx.xx.xxx.xxx: Invalid username or password
Note:
While closing the session by the user we are getting below messages. Is that is the reason for not able to connect after 1st time for the same user?
(websocket|<0.534.0>) Closing c2s session for user#domain/reg_agent: Connection failed: connection closed
[info] Removing any push sessions of user#domain
[info] Removing any push sessions of user#domain
Looking at the source code file mod_push.erl, that message is logged when the account is being removed.
So, for some reason the account is being removed. If you use anonymous authentication, accounts are removed when they logout. If you use internal or SQL auth, then you should check what other modules you have enabled that may delete an account on logout.
Here is my ejabberd.yml file configuration
###
###' ejabberd configuration file
###
###
##
loglevel: 4
##
##
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
##
log_rate_limit: 100
##
hosts:
- "localhost"
- "xxxx.xxxx.com"
- "yyyy.yyyy.com"
##
###. =================
###' TLS configuration
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:#STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "cipher_server_preference"
- "no_compression"
## 'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
##
###. ===============
###' LISTENING PORTS
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
-
port: 5222
module: ejabberd_c2s
certfile: "/etc/ejabberd/ejabberd.pem"
starttls: true
##
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
##
starttls_required: true
##
## Stream compression
##
## zlib: true
##
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 5280
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
"/bosh": mod_bosh
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: true
-
port: 5281
module: ejabberd_http
tls: true
certfile: "/etc/ejabberd/ejabberd.pem"
##starttls: true
request_handlers:
"/websocket": ejabberd_http_ws
"/bosh": mod_bosh
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: false
##
###. ==============
###' AUTHENTICATION
##
## auth_method: Method used to authenticate the users.
## The default method is the internal.
## If you want to use a different method,
## comment this line and enable the correct ones.
##
auth_method: internal
##
host_config:
"xxxx.xxxx.com":
auth_method: anonymous
allow_multiple_connections: true
anonymous_protocol: both
host_config:
"yyyy.yyyy.com":
auth_method: anonymous
allow_multiple_connections: true
anonymous_protocol: both
###. ==============
###' DATABASE SETUP
###. ===============
###' TRAFFIC SHAPERS
shaper:
##
## The "normal" shaper limits traffic speed to 1000 B/s
##
normal: 1000
##
## The "fast" shaper limits traffic speed to 50000 B/s
##
fast: 50000
##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
##
max_fsm_queue: 10000
###. ====================
###' ACCESS CONTROL LISTS
acl:
##
## The 'admin' ACL grants administrative privileges to XMPP accounts.
## You can put here as many accounts as you want.
##
admin:
user:
- "xx#xxxx.xxxx.com"
- "xx#localhost"
##
## Local users: don't modify this.
##
local:
user_regexp: ""
##
##
## Loopback network
##
loopback:
ip:
- "127.0.0.0/8"
##
##
###. ============
###' SHAPER RULES
shaper_rules:
## Maximum number of simultaneous sessions allowed for a single user:
max_user_sessions: 10
## Maximum number of offline messages that users can have:
max_user_offline_messages:
- 5000: admin
- 100
## For C2S connections, all users except admins use the "normal" shaper
c2s_shaper:
- none: admin
- normal
## All S2S connections use the "fast" shaper
s2s_shaper: fast
###. ============
###' ACCESS RULES
access_rules:
## This rule allows access only for local users:
local:
- allow: local
## Only non-blocked users can use c2s connections:
c2s:
- deny: blocked
- allow
## Only admins can send announcement messages:
announce:
- allow: admin
## Only admins can use the configuration interface:
configure:
- allow: admin
## Only accounts of the local ejabberd server can create rooms:
muc_create:
- allow: local
## All users are allowed to use MUC service:
muc:
- allow
## Admins of this server are also admins of MUC service:
muc_admin:
- allow: admin
muc_log:
- allow: local
## Only accounts on the local ejabberd server can create Pubsub nodes:
pubsub_createnode:
- allow: local
## In-band registration allows registration of any possible username.
## To disable in-band registration, replace 'allow' with 'deny'.
register:
- allow
## Only allow to register from localhost
trusted_network:
- allow: all
## Do not establish S2S connections with bad servers
## If you enable this you also have to uncomment "s2s_access: s2s"
###. ================
###' DEFAULT LANGUAGE
##
## language: Default language used for server messages.
##
language: "en"
#
###. =======
###' MODULES
##
## Modules enabled in all ejabberd virtual hosts.
##
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
## mod_delegation: {} # for xep0356
mod_disco: {}
## mod_echo: {}
## mod_irc: {}
mod_bosh: {}
mod_last: {}
## XEP-0313: Message Archive Management
## You might want to setup a SQL backend for MAM because the mnesia database is
## limited to 2GB which might be exceeded on large servers
mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
mod_muc:
## host: "conference.#HOST#"
access: muc_create
access_admin:
- allow: muc_admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
logging: true
persistent: true
history_size: 0
mod_muc_admin: {}
## mod_muc_log: {}
mod_muc_log:
access_log: muc_create
dirtype: plain
outdir: "/data/ejabberd/muclogs"
top_link:
"http://xxxx.xxxx.com/" : "xxxx.xxxx.com"
## mod_multicast: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
## mod_pres_counter:
## count: 5
## interval: 60
mod_privacy: {}
mod_private: {}
## mod_proxy65: {}
mod_pubsub:
access_createnode: pubsub_createnode
## reduces resource comsumption, but XEP incompliant
ignore_pep_from_offline: true
## XEP compliant, but increases resource comsumption
## ignore_pep_from_offline: false
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
## mod_push: {}
## mod_push_keepalive: {}
## mod_register:
##
## Protect In-Band account registrations with CAPTCHA.
##
## captcha_protected: true
##
## Set the minimum informational entropy for passwords.
##
## password_strength: 32
##
## After successful registration, the user receives
## a message with this subject and body.
##
## welcome_message:
## subject: "Welcome!"
## body: |-
## Hi.
## Welcome to this XMPP server.
##
## When a user registers, send a notification to
## these XMPP accounts.
##
## registration_watchers:
## - "admin1#example.org"
##
## Only clients in the server machine can register accounts
##
## ip_access: trusted_network
##
## Local c2s or remote s2s users cannot register accounts
##
## access_from: deny
## access: register
mod_roster: {}
mod_shared_roster: {}
## mod_stats: {}
## mod_time: {}
mod_vcard:
search: false
mod_vcard_xupdate: {}
## Convert all avatars posted by Android clients from WebP to JPEG
## mod_avatar: # this module needs compile option
## convert:
## webp: jpeg
mod_version: {}
mod_stream_mgmt: {}
mod_s2s_dialback: {}
mod_http_api: {}
##
##
## Enable modules management via ejabberdctl for installation and
## uninstallation of public/private contributed modules
## (enabled by default)
##
allow_contrib_modules: true
After added the below line in .yml config file its working fine now.
auth_use_cache: false
Also, one more thing - Can we use bosh method instead of http_bind method which was used in lower versions. We used this http_bind method for lower version browsers and iPad app which are all not supporting the WebSocket feature.
Related
I've found this: https://docs.ejabberd.im/admin/configuration/modules/#mod-muc
And this: https://docs.ejabberd.im/admin/ejabberdctl/muc-admin/#prerequisite
What are the steps I need to do to setup MUC from a fresh install? mod_muc is already in the ejabberd.yml file, and so is mod_muc_admin. I've also added myself as an admin.
Here is my ejabberd.yml file:
ubuntu#ip-10-0-1-208:/opt/ejabberd/conf$ cat ejabberd.yml
###
###' ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### ******* !!! WARNING !!! *******
### ******* YAML IS INDENTATION SENSITIVE *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
###
hosts:
- ip-10-0-1-208.us-west-1.compute.internal
- xmpp.ughstudios.com
loglevel: info
certfiles:
- "/opt/ejabberd/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "/opt/ejabberd/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
admin:
user:
- daniel#xmpp.ughstudios.com
auth_method: [external]
extauth_program: /opt/ejabberd_auth_bridge.py
extauth_instances: 3
auth_use_cache: true
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin#ip-10-0-1-208.us-west-1.compute.internal"
ca_url: "https://acme-v02.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://#HOST#:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
- allow: daniel
- allow: david
#access_create: all
#access_persistent: all
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
What are the steps I need to do to setup MUC from a fresh install?
Usually mod_muc is already configured and enabled by default. Of course, if ejabberd is installed in a remote server, you will need to setup DNS for the MUC service, similar to what you may want to do for any other services that have their specific domain, like pubsub.example.org
I downloaded the XAMPP server which has Apache and MySQL in it. link: https://www.apachefriends.org/download.html
I downloaded the 20.01 version of the ejabberd installer for windows 10 OS. After that, I run the installer and installed the ejabberd in my Program files folder.
I created the ejabberd database in http://localhost/phpmyadmin/index.php and imported all the tables from mysql.sql file using C:\Program Files\ejabberd-20.01\lib\ejabberd-20.01\priv\sql folder.
Database setup completed. After that,
I configured the ejabberd.yml file.
After that, I installed the Pidgin Client for a chat then I started the ejabberd node.
According to the below ejabberd.yml configuration, The ejabberd node is running fine and I am able to chat with users in the Pidgin client.
I registered a new user in the ejabberd dashboard But I am not getting the message data and registered user data (username and password) into the PHPMyAdmin MySQL database.
My purpose for this issue is to use the ejabberd MySQL database which is already created by me in PHPMyAdmin. I want to store chat messages in the ejabberd MySQL database.
ejabberd.yml file:
hosts:
- "localhost"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "C:/ProgramData/ejabberd/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "C:/ProgramData/ejabberd/conf/cacert.pem"
listen:
-
port: 5222
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
admin:
user:
- "admin#localhost"
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "root"
sql_password: ""
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin#localhost"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://#HOST#:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
I registered a new user in the ejabberd dashboard But I am not getting the message data and registered user data (username and password) into the PHPMyAdmin MySQL database.
If you login in ejabberd WebAdmin with an admin account, and go to -> Nodes -> your node -> Database, you will see that the internal Mnesia table "passwd" has 1 Element. That means one account is registered in ejabberd, and stored in the Mnesia database. That's the internal database used by default.
ejabberd.yml file:
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "root"
sql_password: ""
Ok, those options tell ejabberd what SQL database you want to use, and how to connect to it.
I want to store chat messages in the ejabberd MySQL database.
Then, tell ejabberd to use sql for the tasks that you want. For example, add also those options to your config:
auth_method: sql
default_db: sql
See:
https://docs.ejabberd.im/admin/configuration/toplevel/#auth-method
https://docs.ejabberd.im/admin/configuration/toplevel/#default-db
I try to get the last_activity of user using ejabberd API get_last but getting this error: REST API Error: get_last([{<<"user">>,<<"67456efc-be57-4cbd-a176-527de2dce19d#faiqkhan-virtualbox">>},{<<"host">>,<<"faiqkhan-VirtualBox">>}]) -> error:{module_not_loaded,mod_last,<<"faiqkhan-VirtualBox">>} [{gen_mod,get_module_opts,2,[{file,"src/gen_mod.erl"},{line,338}]},{gen_mod,get_module_opt,3,[{file,"src/gen_mod.erl"},{line,318}]},{gen_mod,db_mod,3,[{file,"src/gen_mod.erl"},{line,352}]},{mod_last,get_last,2,[{file,"src/mod_last.erl"},{line,181}]},{mod_last,get_last_info,2,[{file,"src/mod_last.erl"},{line,248}]},{mod_admin_extra,get_last,2,[{file,"src/mod_admin_extra.erl"},{line,1382}]},{mod_http_api,handle2,4,[{file,"src/mod_http_api.erl"},{line,268}]},{mod_http_api,handle,4,[{file,"src/mod_http_api.erl"},{line,229}]}]
I checked my ejabberd.yml mod_last: {} is added in the modules tag.
My ejabberd configuration:
hosts:
- "faiqkhan-VirtualBox"
loglevel: 4
log_rotate_size: 10485760
log_rotate_count: 1
certfiles:
- "/home/faiqkhan/ejabberd-20.07/conf/server.pem"
ca_file: "/home/faiqkhan/ejabberd-20.07/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: false
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: false
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
- ::FFFF:172.0.0.1/16
admin:
user:
- "admin#faiqkhan-VirtualBox"
ip:
- ::FFFF:172.19.0.0/16
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: local
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
acl: loopback
acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin#faiqkhan-VirtualBox"
ca_url: "https://acme-v02.api.letsencrypt.org/directory"
allow_contrib_modules: true
modules:
mod_stanza_ack: {}
mod_http_offline: {}
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://#HOST#:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: all
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard:
search: true
mod_vcard_xupdate: {}
mod_version:
show_os: false
Check the documentation of the get_last API call you want to use. It seems you are not providing the correct arguments:
https://docs.ejabberd.im/developer/ejabberd-api/admin-api/#get-last
I have my rails app. And whenever user registers, I want to register user on ejabberd node as well. But, whenever i call register API using curl request, it gives be following error:
{"status":"error","code":32,"message":"AccessRules: Account does not have the right to perform the operation."}
My curl request is:
curl -X POST --data '{"user": "bob", "host": "localhost", "password": "password"}' http://localhost:5443/api/register
My ejabberd.yml file is as below:
hosts:
- "localhost"
loglevel: 5
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "/etc/letsencrypt/live/localhost/fullchain.pem"
- "/etc/letsencrypt/live/localhost/privkey.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: false
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "0.0.0.0"
module: ejabberd_http
request_handlers:
"/api": mod_http_api
"/bosh": mod_bosh
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
web_admin: true
captcha: true
tls: false
commands_admin_access: configure
commands:
- add_commands: [user, admin, open]
oauth_expire: 3600
oauth_access: all
s2s_use_starttls: optional
acl:
admin:
user:
- "admin#localhost"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: local
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
oauth:
- scope: "ejabberd:admin"
- allow: admin
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: admin#localhost
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: admin#localhost
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "0.0.0.0"
what:
- "register"
- "status"
- "connected_users_number"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: "https://#HOST#:5443/upload"
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: always
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
ip: "localhost"
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- "flat"
- "pep"
force_node_config:
## Change from "whitelist" to "open" to enable OMEMO support
## See https://github.com/processone/ejabberd/issues/2425
"eu.siacs.conversations.axolotl.*":
access_model: whitelist
## Avoid buggy clients to make their bookmarks public
"storage:bookmarks":
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
Can someone point me where exactly I might be wrong?
Thanks in advance.
If you want to use mod_http_api from localhost to register accounts, you can grant it permission in this way:
api_permissions:
"http_api commands":
who:
- ip: "127.0.0.1"
from:
- mod_http_api
what:
- "register"
See https://docs.ejabberd.im/developer/ejabberd-api/permissions/
Are you logged in before requesting this? or r u using any kind of authentication mechanism?
If you r requesting without this try adding the ip from which you are requesting insode
"public commands":
who:
- ip: "0.0.0.0"
what:
- "register"
- "status"
- "connected_users_number"
part.
Else try adding allow all under register in api_permission section
I want my users to be able to block each other. So I did some research and figured out that it can be done with privacy_set.
So I added mod_privacy and mod_blocking in config file.
The problem is when I run the following command nothing is getting inserted in mysql.
I copied xml from here.
ejabberdctl privacy_set userA localhost "<iq from='userA#localhost/l' type='set' id='block1'> <block xmlns='urn:xmpp:blocking'> <item jid='userB#montague.net'/> </block> </iq>"
I also tied this one, still no luck:
Copied from here
ejabberdctl privacy_set userA localhost "<iq from='userA#localhost/l' type='set' id='iq1'> <query xmlns='jabber:iq:privacy'> <list name='iq-jid-example'> <item type='jid' value='userB#localhost' action='deny' order='29'> <iq/> </item> </list> </query> </iq>"
This is the content of my ejabberd yml file:
loglevel: 5
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
watchdog_admins:
- "admin#localhost"
acl:
admin:
user:
- "admin": "localhost"
access:
configure:
admin: allow
webadmin_view:
viewers: allow
hosts:
- "localhost"
listen:
-
port: 5222
module: ejabberd_c2s
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5281
module: ejabberd_http
request_handlers:
## "/oauth": ejabberd_oauth
"/api": mod_http_api
web_admin: true
http_bind: true
http_poll: true
captcha: false
commands_admin_access:
- allow:
- user: "admin#localhost"
commands:
- add_commands: [send_stanza, destroy_room, connected_users_info, get_room_options, user, admin, open, status, stats, connecteo_users, get_vcard, change_password, check_account, register, create_room, create_room_with_opts, send_direct_invitation]
oauth_access: all
modules:
mod_vcard: {}
mod_ping: {}
mod_admin_extra: {}
mod_mam: {}
mod_roster: {}
mod_shared_roster: {}
mod_stats: {}
mod_offline: {}
mod_privacy:
db_type: sql
mod_blocking: {}
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- admin
- oauth:
- scope: "ejabberd:admin"
- admin
what:
- "*"
- "!stop"
- "!start"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: all
register:
- allow
trusted_network:
- allow: loopback
auth_password_format: scram
auth_method: sql
default_db: sql
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "123456"
## If you want to specify the port:
sql_port: 3306
Any help would be appreciated.
I found the answer with the help from a console based XMPP client called Profanity
This is how it can be done:
ejabberdctl send_stanza_c2s userA localhost l '<iq id="1212" type="set"><block xmlns="urn:xmpp:blocking"><item jid="userB#localhost"/></block></iq>'