Hi all,
I currently have my ejabberd installation setup with this:
{5280, ejabberd_http, [http_poll, web_admin]}
Which works, except that the administrative user has to submit their password in cleartext. I did have it working over SSL like this:
{5280, ejabberd_http, [http_poll, web_admin, tls, {certfile, "/etc/ssl/certs/ejabberd.pem"}, starttls_required]}
but then JWChat couldn't connect to the http_poll interface.
There's two solutions I see: 1) (preferrable) get JWChat working over SSL. 2) get ejabberd_http to listen on two ports, one with SSL enabled, and the other without. Unfortuntely, when I put something like this in the config:
{5280, ejabberd_http, [http_poll, web_admin]},
{5284, ejabberd_http, [http_poll, web_admin, tls, {certfile, "/etc/ssl/certs/ejabberd.pem"}, starttls_required]}
Trying to connect to port 5284 results in a timeout.
Does anyone have any tips on how to access http_poll over http, but web_admin over https? Or better yet, how to get JWChat working with SSL?
Thanks!
Re: ejabberd_http on two ports?
{5280, ejabberd_http, [http_poll, web_admin]},
{5284, ejabberd_http, [http_poll, web_admin, tls, {certfile, "/etc/ssl/certs/ejabberd.pem"}, starttls_required]}
This looks correct, except that
starttls_requiredshouldn't be there (the connection is TLS from the beginning, so there is no need to "start" TLS). Not sure if that is the problem, though...Yeah, that was an oops.
Yeah, that was an oops. Unfortunately, changing it doesn't fix anything... neither does switching from tls to starttls, which I would think would only provide encryption if the client supported it.
Re: Yeah, that was an oops.
Yeah, that was an oops. Unfortunately, changing it doesn't fix anything... neither does switching from tls to starttls, which I would think would only provide encryption if the client supported it.
The example in the official documentation works for me. Are you sure it is no JWChat config issue?
Re: ejabberd_http on two ports?
2) get ejabberd_http to listen on two ports, one with SSL enabled, and the other without.
You forgot option 3), and it works:
{5280, ejabberd_http, [http_poll]}, {5284, ejabberd_http, [web_admin, tls, {certfile, "/etc/ssl/certs/ejabberd.pem"}]}If you want encryption for JWChat, instead of adding encryption to HTTP-Poll, add it to your HTTP server. After all, your users connect to your Jabber server using HTTP, not HTTP-Poll, right?
Re: ejabberd_http on two ports?
If you want encryption for JWChat, instead of adding encryption to HTTP-Poll, add it to your HTTP server. After all, your users connect to your Jabber server using HTTP, not HTTP-Poll, right?
I've already got SSL for the JWChat web interface. But the web interface passes usernames and passwords to the HTTP-POLL interface, so it's not so secure if JWChat can't connect to an SSL HTTP-POLL.