ejabberd-17.09-2.fc27.x86_64 running well with PAM authentication and MySQL back-end.
I'm not able to use mod_bosh when setting it up according to the documentation. I can see the connections being made in the log, but the client (Swift) times out when I set its connection from c2s to BOSH.
A few questions, if I may, before I go too far down the rabbit hole:
- Do I use /http-bind or /bosh in the connection URL? Is there even any meaning in either name, as long as the server and the client use the same?
- Do I need an Apache reverse proxy? I allow 5280 through the firewall. Swift has a manual proxy option
- Does anybody have a snippet of their conf file that is necessary and sufficient to run BOSH?
Any help would be most appreciated.
Thanks,
Bart...
I'm testing with ejabberd
I'm testing with ejabberd 18.01. I guess there aren't relevant changes since your version.
- Do I use /http-bind or /bosh in the connection URL? Is there even any meaning in either name, as long as the server and the client use the same?
That URL has no meaning, simply set the same in server and clients.
- Do I need an Apache reverse proxy? I allow 5280 through the firewall. Swift has a manual proxy option
I have no web server or anything else than ejabberd to connect a BOSH client to ejabberd, as ejabberd already includes the Web service required.
- Does anybody have a snippet of their conf file that is necessary and sufficient to run BOSH?
Then usehttp://localhost:5280/bosh/ as URL for BOSH in your client. It works for me using Tkabber and Gajim.
Thanks badlop, I spun up a
Thanks badlop, I spun up a vanilla ejabberd on Fedora 27 without PAM and that works. As soon as I change from:
auth_method: internal
to
auth_method: pam
pam_service: "ejabberd"
I get "Authentication method not supported" from the client. I did notice that I get the same error on normal connections over 5222, so there is another difference between PAM and internal. My guess is TLS, since I used this on the first server and got a connection on 5222.
I'll do some more testing and will keep this thread updated (if only for posterity)
Bart...
It was indeed TLS. Adding
It was indeed TLS. Adding these lines to the 5280 listener did the trick:
tls: true
certfile: 'CERTFILE'
protocol_options: 'TLSOPTS'
dhfile: 'DHFILE'
Bart...