I have all the appropriate firewall ports open to allow external connections to the jab server.
I see the connections come in and they get rejected
Does anyone know what I need to add to my config to allow external, basically anyone access to my jabber server?
Error on server:
=SUPERVISOR REPORT==== 25-Apr-2005::13:58:09 ===
Supervisor: {local,ejabberd_c2s_sup}
Context: child_terminated
Reason: {{badmatch,{error,"ssl_ctx_use_certificate_chain_file failed"}},
[{ejabberd_c2s,wait_for_feature_request,2},
{gen_fsm,handle_msg,7},
{proc_lib,init_p,5}]}
Offender: [{pid,<0.277.0>},
{name,undefined},
{mfa,{ejabberd_c2s,start_link,
[{gen_tcp,#Port<0.286>},
[{access,c2s},
{shaper,c2s_shaper},
starttls,
{certfile,"./ssl.pem"}]]}},
{restart_type,temporary},
{shutdown,brutal_kill},
{child_type,worker}]
My ejabberd.cfg file
...
% Listened ports:
{listen,
[{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper},
starttls, {certfile, "./ssl.pem"}]},
{5223, ejabberd_c2s, [{access, c2s},
tls, {certfile, "./ssl.pem"}]},
% Use these two lines instead if TLS support is not compiled
%{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
%{5223, ejabberd_c2s, [{access, c2s}, ssl, {certfile, "./ssl.pem"}]},
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}]},
{5280, ejabberd_http, [http_poll, web_admin]},
{8888, ejabberd_service, [{access, all},
{hosts, ["icq.localhost", "sms.localhost"],
[{password, "secret"}]}]}
]}.
...
I figured it out..duh
RTFM!!!
I wasn't sure if there was an implicit deny for external connections. There is not!
Explanation
TLS/SSL certificate file was not successfully loaded.
Solution
Check the file ejabberd.pem exists, is readable by Erlang and the route is correctly specified in your ejabberd.cfg configuration file.
I followed the instructions and added a server.pem file in the install doc.