Home » Forums » ejabberd & XMPP » ejabberd Administration

ejabberd security with SSL and HTTPS

Submitted by ashansky on Tue, 2012-03-27 15:15

It's possible (and very likely) that I'm missing something when it comes to how ejabberd and XMPP in general does security, so I'm a bit stuck trying to get this to work and very much need some help.

We currently have ejabberd setup/configured and running nicely on a Windows Server 2008 box. Up til now we've only been communicating with the server over http:// everything being broadcast in plaintext. But we need to enable security. In the past whenever we've wanted to do something securely its just been a matter of adding our cert to IIS and running everything through https. So I kind of assumed ejabberd would be something very similar (minus the IIS bit). So I've created a .pem (which is new to me) and pointed ejabberd at it with the following config (if you need more let me know).

{5222, ejabberd_c2s, [
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536},
starttls, {certfile, "c:/ejabberd.pem"}
]},

{5280, ejabberd_http, [
%%{request_handlers, [
%% {["web"], mod_http_fileserver}
%%]},
captcha,
http_bind,
http_poll,
web_admin
]},

{5281, ejabberd_http, [
web_admin,
http_bind,
tls, {certfile, "c:/ejabberd.pem"}
]}

{s2s_use_starttls, true}.
{s2s_certfile, "c:/ejabberd.pem"}.

The goal is to be able to do the same thing as http://mydomain.com:5280/http-bind but with https://mydomain.com:5281/http-bind

Originally I assumed that the https:// request would be made through the 5222 port but that does not appear to work, after doing some more reading (https://git.process-one.net/ejabberd/mainline/blobs/raw/v2.1.10/doc/guid...) I found that I could apply the tls to the ejabberd_http, but so far that does not appear to work either. In firefox I get "The connection was reset" error when trying to access https://mydomain.com:5281/http-bind. What I'm beginning to question is whether it's correct to even try to use ejabberd in this way (meaning https), I'm unfamiliar with c2s and s2s, so perhaps I'm missing out on something. And if I am, can someone point me to some good reading on the topic?

If https is a valid way to go and I'm just doing it wrong, then can anyone point out what I'm doing wrong?

‹ How to enable and configure mod_statsdx Configure ejabberd for File transfer ›

Hi I too having similar issue

Submitted by sownavinod on Thu, 2013-10-24 12:25.

Hi

I too having similar issue now...did you found the solution for https://

If so can you please your solution here so that it will be helpful to those who having similar issue..

»
Syndicate content

User login