Ich habe den Kuketz-Artikel befolgt, weil ich gerne einen eigenen XMPP-Server aufsetzen möchte. Dabei bin ich bis `6.2` gekommen, jedoch komme ich hier nicht weiter.
Ich musste ein zwei Sachen aböndern, aber habe den gesamten Prozess notiert.
useradd ejabberd
adduser ejabberd sudo
apt install ejabberd
apt install imagemagick gsfonts --no-install-recommends
apt install socat curl
# add dns A/AAAA for domains
wget -O - https://get.acme.sh | sh
bash /root/.acme.sh/acme.sh --upgrade # upgrade acme.sh
bash /root/.acme.sh/acme.sh --register-account -m lorax4242@proton.me
bash /root/.acme.sh/acme.sh --issue -d xmpp.lorax42.eu -d conference.xmpp.lorax42.eu -d upload.xmpp.lorax42.eu -d pubsub.xmpp.lorax42.eu -d proxy.xmpp.lorax42.eu --keylength 4096 --standalone
mkdir /etc/ejabberd/certs
cp /root/.acme.sh/xmpp.lorax42.eu/fullchain.cer /etc/ejabberd/certs/xmpp.lorax42.eu.pem
cp /root/.acme.sh/xmpp.lorax42.eu/xmpp.lorax42.eu.key /etc/ejabberd/certs/xmpp.lorax42.eu.key
chown ejabberd:ejabberd /etc/ejabberd/certs/
chown ejabberd:ejabberd /etc/ejabberd/certs/*
chmod 600 /etc/ejabberd/certs/*
apt install neovim
nvim /etc/ejabberd/ejabberd.yml
# ###
# ###' ejabberd configuration file
# ###
# ###
#
# ### The parameters used in this configuration file are explained in more detail
# ### in the ejabberd Installation and Operation Guide.
# ### Please consult the Guide in case of doubts, it is included with
# ### your copy of ejabberd, and is also available online at
# ### https://docs.ejabberd.im/
# ---
# ###. =======
# ###' LOGGING
#
# loglevel: 3
# hide_sensitive_log_data: true
#
# log_rotate_size: infinity
#
# ###. ================
# ###' SERVED HOSTNAMES
#
# hosts:
# - "xmpp.lorax42.eu"
#
# ###. ============
# ###' Certificates
#
# certfiles:
# - "/etc/ejabberd/certs/xmpp.lorax42.eu.pem"
# - "/etc/ejabberd/certs/xmpp.lorax42.eu.key"
#
# ###. =================
# ###' TLS configuration
#
# define_macro:
# 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
# 'TLS_OPTIONS':
# - "no_sslv3"
# - "no_tlsv1"
# - "no_tlsv1_1"
# - "cipher_server_preference"
# - "no_compression"
#
# c2s_ciphers: 'TLS_CIPHERS'
# s2s_ciphers: 'TLS_CIPHERS'
# c2s_protocol_options: 'TLS_OPTIONS'
# s2s_protocol_options: 'TLS_OPTIONS'
#
# ###. ===============
# ###' LISTENING PORTS
#
# listen:
# -
# port: 5222
# ip: "::"
# module: ejabberd_c2s
# starttls_required: true
# max_stanza_size: 65536
# shaper: c2s_shaper
# access: c2s
# -
# port: 5223
# ip: "::"
# module: ejabberd_c2s
# tls: true
# max_stanza_size: 65536
# shaper: c2s_shaper
# access: c2s
# -
# port: 5269
# ip: "::"
# module: ejabberd_s2s_in
# -
# port: 5270
# ip: "::"
# module: ejabberd_s2s_in
# tls: true
# -
# port: 5443
# ip: "::"
# module: ejabberd_http
# request_handlers:
# "/upload": mod_http_upload
# tls: true
# ciphers: 'TLS_CIPHERS'
# protocol_options: 'TLS_OPTIONS'
#
# disable_sasl_mechanisms:
# - "digest-md5"
# - "x-oauth2"
#
# ###. ==================
# ###' S2S GLOBAL OPTIONS
#
# s2s_use_starttls: required
#
# ###. ==============
# ###' AUTHENTICATION
#
# auth_method: internal
# auth_password_format: scram
#
# ###. ==============
# ###' DATABASE SETUP
#
# ###. ===============
# ###' TRAFFIC SHAPERS
#
# shaper:
# normal: 1000
# fast: 50000
#
# max_fsm_queue: 10000
#
# ###. ====================
# ###' ACCESS CONTROL LISTS
#
# acl:
# admin:
# user:
# - "admin": "xmpp.lorax42.eu"
#
# local:
# user_regexp: ""
#
# loopback:
# ip:
# - "127.0.0.0/8"
# - "::1/128"
# - "::FFFF:127.0.0.1/128"
#
# ###. ============
# ###' SHAPER RULES
#
# shaper_rules:
# max_user_sessions: 10
# max_user_offline_messages:
# - 5000: admin
# - 500
# c2s_shaper:
# - none: admin
# - normal
# s2s_shaper: fast
#
# ###. ============
# ###' ACCESS RULES
#
# access_rules:
# local:
# - allow: local
# c2s:
# - deny: blocked
# - allow
# announce:
# - allow: admin
# configure:
# - allow: admin
# muc_create:
# - allow: local
# pubsub_createnode:
# - allow: local
# register:
# - allow
# trusted_network:
# - allow: local
#
# ## ===============
# ## API PERMISSIONS
# ## ===============
#
# api_permissions:
# "console commands":
# from:
# - ejabberd_ctl
# who: all
# what: "*"
# "admin access":
# who:
# - access:
# - allow:
# - acl: loopback
# - acl: admin
# - oauth:
# - scope: "ejabberd:admin"
# - access:
# - allow:
# - acl: loopback
# - acl: admin
# what:
# - "*"
# - "!stop"
# - "!start"
# "public commands":
# who:
# - ip: "127.0.0.1/8"
# what:
# - "status"
# - "connected_users_number"
#
# ###. ================
# ###' DEFAULT LANGUAGE
#
# language: "en"
#
# ###. =======
# ###' CAPTCHA
#
# captcha_cmd: "/usr/share/ejabberd/captcha.sh"
# captcha_limit: 5
#
# ###. ====
# ###' ACME
#
# acme:
# contact: "mailto:lorax4242@proton.me"
# ca_url: "https://acme-v01.api.letsencrypt.org"
#
# ###. =======
# ###' MODULES
#
# modules:
# mod_adhoc: {}
# mod_admin_extra: {}
# mod_announce:
# access: announce
# mod_block_strangers: {}
# mod_blocking: {}
# mod_caps: {}
# mod_carboncopy: {}
# mod_client_state: {}
# mod_configure: {}
# ## mod_delegation: {}
# mod_disco:
# server_info:
# -
# modules: all
# name: "abuse-addresses"
# urls:
# - "mailto:lorax4242@proton.me"
# -
# modules: all
# name: "support-addresses"
# urls:
# - "mailto:lorax4242@proton.me"
# -
# modules: all
# name: "admin-addresses"
# urls:
# - "mailto:lorax4242@proton.me"
# ## mod_echo: {}
# ## mod_bosh: {}
# ## mod_http_fileserver:
# mod_http_upload:
# put_url: "https://@HOST@:5443/upload"
# docroot: "@HOME@/upload"
# secret_length: 40
# mod_http_upload_quota:
# max_days: 30
# ## mod_last: {}
# mod_mam:
# assume_mam_usage: true
# default: always
# request_activates_archiving: true
# mod_muc:
# access:
# - allow
# access_admin:
# - allow: admin
# access_create: muc_create
# access_persistent: muc_create
# default_room_options:
# mam: true
# persistent: true
# public: false
# public_list: false
# mod_muc_admin: {}
# ## mod_muc_log: {}
# ## mod_multicast: {}
# mod_offline:
# access_max_user_messages: max_user_offline_messages
# mod_ping: {}
# mod_pres_counter:
# count: 16
# interval: 60
# mod_privacy: {}
# mod_private: {}
# mod_proxy65:
# max_connections: 5
# mod_pubsub:
# access_createnode: pubsub_createnode
# ignore_pep_from_offline: true
# last_item_cache: false
# plugins:
# - "flat"
# - "pep"
# force_node_config:
# "eu.siacs.conversations.axolotl.*":
# access_model: open
# "storage:bookmarks":
# access_model: whitelist
# mod_push: {}
# mod_push_keepalive: {}
# mod_register:
# captcha_protected: true
# password_strength: 64
# ip_access: all
# access: register
# mod_roster:
# versioning: true
# mod_shared_roster: {}
# mod_sic: {}
# mod_stats: {}
# mod_time: {}
# mod_vcard:
# search: false
# mod_vcard_xupdate: {}
# mod_avatar: {}
# mod_version:
# show_os: false
# mod_stream_mgmt:
# resend_on_timeout: if_offline
# mod_s2s_dialback: {}
# ## mod_http_api: {}
# mod_fail2ban: {}
#
# allow_contrib_modules: true
nvim /etc/systemd/system/xmpp-port-redirection.service
# [Unit]
# Description=Port redirection rules for XMPP
# After=network.target
#
# [Install]
# WantedBy=multi-user.target
#
# [Service]
# Type=oneshot
# RemainAfterExit=true
# ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223
# ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223
systemctl enable xmpp-port-redirection.service
reboot
iptables -t nat -L
# Chain PREROUTING (policy ACCEPT)
# target prot opt source destination
# REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 5223
#
# Chain INPUT (policy ACCEPT)
# target prot opt source destination
#
# Chain OUTPUT (policy ACCEPT)
# target prot opt source destination
#
# Chain POSTROUTING (policy ACCEPT)
# target prot opt source destination
mkdir /etc/systemd/system/epmd.socket.d
nvim /etc/systemd/system/epmd.socket.d/listen-on-localhost.conf
# [Socket]
# ListenStream=
# ListenStream=127.0.0.1:4369
nvim /etc/ejabberd/ejabberdctl.cfg
# uncomment INET_DIST_INTERFACE=127.0.0.1
systemctl daemon-reload
systemctl stop epmd.service
systemctl start epmd.service
/etc/init.d/ejabberd start
An diesem Punkt kommt:
$ /etc/init.d/ejabberd start
Starting ejabberd (via systemctl): ejabberd.serviceJob for ejabberd.service failed because the control process exited with error code.
See "systemctl status ejabberd.service" and "journalctl -xeu ejabberd.service" for details.
failed!
root@debian-4gb-hel1-1:~# journalctl -xeu ejabberd.service
░░
░░ The job identifier is 27753 and the job result is failed.
Apr 07 11:37:33 debian-4gb-hel1-1 systemd[1]: ejabberd.service: Scheduled restart job, restart counter is at 243.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ Automatic restarting of the unit ejabberd.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Apr 07 11:37:33 debian-4gb-hel1-1 systemd[1]: Starting ejabberd.service - robust, scalable and extensible realtime platform (XMPP server + MQTT broker + SIP service)...
░░ Subject: A start job for unit ejabberd.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit ejabberd.service has begun execution.
░░
░░ The job identifier is 27850.
Apr 07 11:37:34 debian-4gb-hel1-1 sh[21019]: Could not start kernel pid (application_controller) ("{bad_environment_value,\"=ERROR\"}")
Apr 07 11:37:34 debian-4gb-hel1-1 systemd[1]: ejabberd.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit ejabberd.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Apr 07 11:37:34 debian-4gb-hel1-1 systemd[1]: ejabberd.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit ejabberd.service has entered the 'failed' state with result 'exit-code'.
Apr 07 11:37:34 debian-4gb-hel1-1 systemd[1]: Failed to start ejabberd.service - robust, scalable and extensible realtime platform (XMPP server + MQTT broker + SIP serv>
░░ Subject: A start job for unit ejabberd.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit ejabberd.service has finished with a failure.
░░
░░ The job identifier is 27850 and the job result is failed.
Hat da jemensch Erfahrung mit und kann mir helfen?