hi,
i recently installed ejabberd on unbuntu 12.04. i made the necessary configuration and able to connect using a xmpp client PSI on a differnet computer using LAN ip. now i want to allow my ejabberd server to be accessible from the public url, but have been unsucessful. i have done the following:
1) Assuming my public domain is example.domain.com and the public IP is 123.123.10.210
2) opened port 5222 5269 and 5280.
iptables -A INPUT -p tcp --dport 5222 -j ACCEPT
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp --dport 5280 -j ACCEPT
3) added the following to my host file:
123.123.10.210 example.domain.com
4) Allow ubuntu firewall:
sudo ufw allow 5222
sudo ufw allow 5269
sudo ufw allow 5280
5) Here is my ejabberd.cfg:
%%% %%% Debian ejabberd configuration file %%% This config must be in UTF-8 encoding %%% %%% The parameters used in this configuration file are explained in more detail %%% in the ejabberd Installation and Operation Guide. %%% Please consult the Guide in case of doubts, it is available at %%% /usr/share/doc/ejabberd/guide.html %%% This configuration file contains Erlang terms. %%% In case you want to understand the syntax, here are the concepts: %%% %%% - The character to comment a line is % %%% %%% - Each term ends in a dot, for example: %%% override_global. %%% %%% - A tuple has a fixed definition, its elements are %%% enclosed in {}, and separated with commas: %%% {loglevel, 4}. %%% %%% - A list can have as many elements as you want, %%% and is enclosed in [], for example: %%% [http_poll, web_admin, tls] %%% %%% - A keyword of ejabberd is a word in lowercase. %%% The strings are enclosed in "" and can have spaces, dots... %%% {language, "en"}. %%% {ldap_rootdn, "dc=example,dc=com"}. %%% %%% - This term includes a tuple, a keyword, a list and two strings: %%% {hosts, ["jabber.example.net", "im.example.com"]}. %%% %%% =================================== %%% OVERRIDE OPTIONS STORED IN DATABASE %% %% Override global options (shared by all ejabberd nodes in a cluster). %% %%override_global. %% %% Override local options (specific for this particular ejabberd node). %% %%override_local. %% %% Remove the Access Control Lists before new ones are added. %% %%override_acls. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Options which are set by Debconf and managed by ucf %% Admin user {acl, admin, {user, "admin", "localhost"}}. %% Hostname {hosts, ["localhost", "example.domain.com"]}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% ========= %%% DEBUGGING %% %% loglevel: Verbosity of log files generated by ejabberd. %% 0: No ejabberd log at all (not recommended) %% 1: Critical %% 2: Error %% 3: Warning %% 4: Info %% 5: Debug %% {loglevel, 4}. %% %% watchdog_admins: If an ejabberd process consumes too much memory, %% send live notifications to those Jabber accounts. %% %%{watchdog_admins, ["bob@example.com"]}. %%% ================ %%% SERVED HOSTNAMES %% %% hosts: Domains served by ejabberd. %% You can define one or several, for example: %% {hosts, ["example.net", "example.com", "example.org"]}. %% %% (This option is defined by debconf earlier) %% {hosts, ["localhost"]}. %% %% route_subdomains: Delegate subdomains to other Jabber server. %% For example, if this ejabberd serves example.org and you want %% to allow communication with a Jabber server called im.example.org. %% %%{route_subdomains, s2s}. %%% =============== %%% LISTENING PORTS %% %% listen: Which ports will ejabberd listen, which service handles it %% and what options to start it with. %% %5222 {listen, [ {5222, ejabberd_c2s, [ {access, c2s}, {access, register}, {shaper, c2s_shaper}, {max_stanza_size, 65536}, %%zlib, starttls, {certfile, "/etc/ejabberd/ejabberd.pem"} ]}, %% %% To enable the old SSL connection method (deprecated) in port 5223: %% %%{5223, ejabberd_c2s, [ %% {access, c2s}, %% {shaper, c2s_shaper}, %% {max_stanza_size, 65536}, %% zlib, %% tls, {certfile, "/etc/ejabberd/ejabberd.pem"} %% ]}, %5269 {5269, ejabberd_s2s_in, [ {shaper, s2s_shaper}, {max_stanza_size, 131072} ]}, %% External MUC jabber-muc %%{5554, ejabberd_service, [ %% {ip, {127, 0, 0, 1}}, %% {access, all}, %% {shaper_rule, fast}, %% {host, "muc.localhost", [{password, "secret"}]} %% ]}, %% Jabber ICQ Transport %%{5555, ejabberd_service, [ %% {ip, {127, 0, 0, 1}}, %% {access, all}, %% {shaper_rule, fast}, %% {hosts, ["icq.localhost", "sms.localhost"], %% [{password, "secret"}]} %% ]}, %% AIM Transport %%{5556, ejabberd_service, [ %% {ip, {127, 0, 0, 1}}, %% {access, all}, %% {shaper_rule, fast}, %% {host, "aim.localhost", [{password, "secret"}]} %% ]}, %% MSN Transport %%{5557, ejabberd_service, [ %% {ip, {127, 0, 0, 1}}, %% {access, all}, %% {shaper_rule, fast}, %% {host, "msn.localhost", [{password, "secret"}]} %% ]}, %% Yahoo! Transport %%{5558, ejabberd_service, [ %% {ip, {127, 0, 0, 1}}, %% {access, all}, %% {shaper_rule, fast}, %% {host, "yahoo.localhost", [{password, "secret"}]} %% ]}, %% External JUD (internal is more powerful, %% but doesn't allow to register users from other servers) %%{5559, ejabberd_service, [ %% {ip, {127, 0, 0, 1}}, %% {access, all}, %% {shaper_rule, fast}, %% {host, "jud.localhost", [{password, "secret"}]} %% ]}, %5280 {5280, ejabberd_http, [ %%{request_handlers, %% [ %% {["pub", "archive"], mod_http_fileserver} %% ]}, %%captcha, http_bind, http_poll, web_admin ]} ]}. %% %% max_fsm_queue: Enable limiting of lengths of "message queues" %% for outgoing connections. Roughly speaking, each message in such %% queues represents one XML stanza queued to be sent into %% an output stream it is serving. %% The default value is an atom 'undefined' which specifies no limiting. %% %% When specified globally, this option limits the message queue lengths %% for all ejabberd_c2s_in and ejabberd_service listeners, %% as well as for outgoing s2s connections. %% %% This option can also be specified as an option for ejabberd_c2s_in %% and ejabberd_service listeners, in wich case it will override %% the value of the global option. %% {max_fsm_queue, 1000}. %% %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. %% Allowed values are: true or false. %% You must specify a certificate file. %% {s2s_use_starttls, true}. %% %% s2s_certfile: Specify a certificate file. %% {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}. %% %% domain_certfile: Specify a different certificate for each served hostname. %% %%{domain_certfile, "example.org", "/path/to/example_org.pem"}. %%{domain_certfile, "example.com", "/path/to/example_com.pem"}. %% %% S2S whitelist or blacklist %% %% Default s2s policy for undefined hosts. %% %%{s2s_default_policy, allow}. %% %% Allow or deny communication with specific servers. %% %%{{s2s_host, "goodhost.org"}, allow}. %%{{s2s_host, "badhost.org"}, deny}. %% %% The maximum allowed delay for retry to connect %% after a failed connection attempt to a remote server, in seconds. %% The default value is 300 seconds (5 minutes). %% %% The reconnection algorythm works like this: if connection fails, %% ejabberd makes an initial random delay between 1 and 15 seconds, %% then retries, and if this attempt fails, makes another delay, %% twice as long as previous. These attempts are performed either %% until a successful connection is made or until the next calculated %% delay is greated or equal than the value of s2s_max_retry_delay. %% %%{s2s_max_retry_delay, 300}. %% %% Outgoing S2S options %% %% Preferred address families (which to try first) and connect timeout %% in milliseconds. %% %%{outgoing_s2s_options, [ipv4, ipv6], 10000}. %%% ============== %%% AUTHENTICATION %% %% auth_method: Method used to authenticate the users. %% The default method is the internal. %% If you want to use a different method, %% comment this line and enable the correct ones. %% {auth_method, internal}. %% %% Authentication using external script %% Make sure the script is executable by ejabberd. %% %%{auth_method, external}. %%{extauth_program, "/path/to/authentication/script"}. %% %% Authentication using ODBC %% Remember to setup a database in the next section. %% %%{auth_method, odbc}. %% %% Authentication using PAM %% %%{auth_method, pam}. %%{pam_service, "pamservicename"}. %% %% Authentication using LDAP %% %%{auth_method, ldap}. %% %% List of LDAP servers: %%{ldap_servers, ["localhost"]}. %% %% Encryption of connection to LDAP servers (LDAPS): %%{ldap_encrypt, none}. %%{ldap_encrypt, tls}. %% %% Port connect to LDAP server: %%{ldap_port, 389}. %%{ldap_port, 636}. %% %% LDAP manager: %%{ldap_rootdn, "dc=example,dc=com"}. %% %% Password to LDAP manager: %%{ldap_password, "******"}. %% %% Search base of LDAP directory: %%{ldap_base, "dc=example,dc=com"}. %% %% LDAP attribute that holds user ID: %%{ldap_uids, [{"mail", "%u@mail.example.org"}]}. %% %% LDAP filter: %%{ldap_filter, "(objectClass=shadowAccount)"}. %% %% Anonymous login support: %% auth_method: anonymous %% anonymous_protocol: sasl_anon | login_anon | both %% allow_multiple_connections: true | false %% %%{host_config, "public.example.org", [{auth_method, anonymous}, %% {allow_multiple_connections, false}, %% {anonymous_protocol, sasl_anon}]}. %% %% To use both anonymous and internal authentication: %% %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}. %%% ============== %%% DATABASE SETUP %% ejabberd uses by default the internal Mnesia database, %% so you can avoid this section. %% This section provides configuration examples in case %% you want to use other database backends. %% Please consult the ejabberd Guide for details about database creation. %% NOTE that ejabberd in Debian supports "out of the box" %% only mnesia (default) and ODBC storage backends. %% Working with MySQL and PostgreSQL DB backends requires %% building and installation of the corresponding Erlang modules, %% not distributed as a part of ejabberd. %% Refer to /usr/share/doc/ejabberd/README.Debian for details. %% %% MySQL server: %% %%{odbc_server, {mysql, "server", "database", "username", "password"}}. %% %% If you want to specify the port: %%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}. %% %% PostgreSQL server: %% %%{odbc_server, {pgsql, "server", "database", "username", "password"}}. %% %% If you want to specify the port: %%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}. %% %% If you use PostgreSQL, have a large database, and need a %% faster but inexact replacement for "select count(*) from users" %% %%{pgsql_users_number_estimate, true}. %% %% ODBC compatible or MSSQL server: %% %%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}. %% %% Number of connections to open to the database for each virtual host %% %%{odbc_pool_size, 10}. %% %% Interval to make a dummy SQL request to keep alive the connections %% to the database. Specify in seconds: for example 28800 means 8 hours %% %%{odbc_keepalive_interval, undefined}. %%% =============== %%% TRAFFIC SHAPERS %% %% The "normal" shaper limits traffic speed to 1.000 B/s %% {shaper, normal, {maxrate, 1000}}. %% %% The "fast" shaper limits traffic speed to 50.000 B/s %% {shaper, fast, {maxrate, 50000}}. %%% ==================== %%% ACCESS CONTROL LISTS %% %% The 'admin' ACL grants administrative privileges to Jabber accounts. %% You can put as many accounts as you want. %% %%{acl, admin, {user, "aleksey", "localhost"}}. %%{acl, admin, {user, "ermine", "example.org"}}. %% %% Blocked users %% %%{acl, blocked, {user, "baduser", "example.org"}}. %%{acl, blocked, {user, "test"}}. %% %% Local users: don't modify this line. %% {acl, local, {user_regexp, ""}}. %% %% More examples of ACLs %% %%{acl, jabberorg, {server, "jabber.org"}}. %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. %%{acl, test, {user_regexp, "^test"}}. %%{acl, test, {user_glob, "test*"}}. %% %% Define specific ACLs in a virtual host. %% %%{host_config, "localhost", %% [ %% {acl, admin, {user, "bob-local", "localhost"}} %% ] %%}. %%% ============ %%% ACCESS RULES %% Define the maximum number of time a single user is allowed to connect: {access, max_user_sessions, [{10, all}]}. %% Maximum number of offline messages that users can have: {access, max_user_offline_messages, [{5000, admin}, {100, all}]}. %% This rule allows access only for local users: {access, local, [{allow, local}]}. %% Only non-blocked users can use c2s connections: %{access, c2s, [{deny, blocked}, % {allow, all}]}. % TODO: Testing. Allow all {access, c2s, [{allow, all}]}. %% For all users except admins used "normal" shaper {access, c2s_shaper, [{none, admin}, {normal, all}]}. %% For all S2S connections used "fast" shaper {access, s2s_shaper, [{fast, all}]}. %% Only admins can send announcement messages: {access, announce, [{allow, admin}]}. %% Only admins can use configuration interface: {access, configure, [{allow, admin}]}. %% Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. %% All users are allowed to use MUC service: {access, muc, [{allow, all}]}. %% No username can be registered via in-band registration: %% To enable in-band registration, replace 'deny' with 'allow' % (note that if you remove mod_register from modules list then users will not % be able to change their password as well as register). % This setting is default because it's more safe. %{access, register, [{deny, all}]}. %TODO: testing. allow registration {access, register, [{allow, all}]}. %% By default frequency of account registrations from the same IP %% is limited to 1 account every 10 minutes. To disable put: infinity %%{registration_timeout, 600}. %% Everybody can create pubsub nodes {access, pubsub_createnode, [{allow, all}]}. %% %% Define specific Access rules in a virtual host. %% %%{host_config, "localhost", %% [ %% {access, c2s, [{allow, admin}, {deny, all}]}, %% {access, register, [{deny, all}]} %% ] %%}. %%% ================ %%% DEFAULT LANGUAGE %% %% language: Default language used for server messages. %% {language, "en"}. %% %% Set a different default language in a virtual host. %% %%{host_config, "localhost", %% [{language, "ru"}] %%}. %%% ======= %%% CAPTCHA %% %% Full path to a script that generates the image. %% Note that this script must be made executable %% for the user ejabberd:ejabberd. %% %%{captcha_cmd, "/usr/lib/ejabberd/priv/bin/captcha.sh"}. %% %% Host part of the URL sent to the user. %% The port specified must be configured as the "ejabberd_http" %% listener which must have the "captcha" directive included %% in its configuration (see the "LISTENING PORTS" section above). %% %%{captcha_host, "localhost:5280"}. %%% ======= %%% MODULES %% %% Modules enabled in all ejabberd virtual hosts. %% {modules, [ {mod_adhoc, []}, {mod_announce, [{access, announce}]}, % requires mod_adhoc {mod_caps, []}, {mod_configure,[]}, % requires mod_adhoc {mod_admin_extra, []}, {mod_disco, []}, %%{mod_echo, [{host, "echo.localhost"}]}, {mod_irc, []}, %% NOTE that mod_http_fileserver must also be enabled in the %% "request_handlers" clause of the "ejabberd_http" listener %% configuration (see the "LISTENING PORTS" section above). %%{mod_http_fileserver, [ %% {docroot, "/var/www"}, %% {accesslog, "/var/log/ejabberd/access.log"} %% ]}, {mod_last, []}, {mod_muc, [ %%{host, "conference.@HOST@"}, {access, muc}, {access_create, muc}, {access_persistent, muc}, {access_admin, muc_admin}, {max_users, 500} ]}, %%{mod_muc_log,[]}, {mod_offline, [{access_max_user_messages, max_user_offline_messages}]}, {mod_privacy, []}, {mod_private, []}, {mod_proxy65, [ {access, local}, {shaper, c2s_shaper} ]}, {mod_pubsub, [ % requires mod_caps {access_createnode, pubsub_createnode}, {pep_sendlast_offline, false}, {last_item_cache, false}, %%{plugins, ["default", "pep"]} {plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps ]}, {mod_register, [ %% %% After successful registration, the user receives %% a message with this subject and body. %% {welcome_message, {"Welcome!", "Welcome to a Jabber service powered by Debian. " "For information about Jabber visit " "http://www.jabber.org"}}, %% Replace it with 'none' if you don't want to send such message: %%{welcome_message, none}, %% %% When a user registers, send a notification to %% these Jabber accounts. %% %%{registration_watchers, ["admin1@example.org"]}, {access, register} ]}, {mod_roster, []}, %%{mod_service_log,[]}, %%{mod_shared_roster,[]}, {mod_stats, []}, {mod_time, []}, {mod_vcard, []}, {mod_version, []} ]}. %% %% Enable modules with custom options in a specific virtual host %% %%{host_config, "localhost", %% [{{add, modules}, %% [ %% {mod_echo, [{host, "mirror.localhost"}]} %% ] %% } %% ]}. %%% $Id: ejabberd.cfg.example 2497 2009-08-17 20:27:28Z cromain $ %%% Local Variables: %%% mode: erlang %%% End: %%% vim: set filetype=erlang tabstop=8: