Setup Ejabberd on Amazon EC2, CentOS 7

.README.md

Introduction

This guide will walk through installing and configuring Ejabberd on CentOS 7 to use Riak KV, Redis, and MySQL.

Steps

• Install
• Configure

I have provided an example ejabberd.yml to help.

Next steps

• Clustering Riak on AWS
• Clustering ejabberd. Also see official docs

ejabberd.yml

###
###'           ejabberd configuration file
###
###

### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/

###.  =======
###'  LOGGING

loglevel: 4

log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

###.  ================
###'  SERVED HOSTNAMES

##
## hosts: Domains served by ejabberd.
##
hosts:
  - "localhost"
  - "example.com"

###.  ===============
###'  LISTENING PORTS

##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
  -
    port: 5222
    module: ejabberd_c2s
    certfile: "/opt/ejabberd-16.04/conf/server.pem"
    starttls: true
    ## To enforce TLS encryption for client connections,
    ## use this instead of the "starttls" option:
    ## starttls_required: true
    ##
    ## Custom OpenSSL options
    ##
    protocol_options:
      - "no_sslv3"
    ##   - "no_tlsv1"
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
  -
    port: 5269
    module: ejabberd_s2s_in
    max_stanza_size: 131072
    shaper: s2s_shaper
  -
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: false

###.  ==============
###'  AUTHENTICATION

auth_method: internal

###.  ==============
###'  DATABASE SETUP

riak_server: "localhost"
riak_port: 8087

## Redis
redis_server: "127.0.0.1"
redis_port: 6379
redis_db: 0

## Databse server
## Types: ['mysql', 'sqlite', 'pgsql', 'odbc']
odbc_type: mysql
odbc_server: "localhost"
odbc_database: "ejabberd"
odbc_username: "username"
odbc_password: "password"
odbc_port: 3306

###.  ===============
###'  TRAFFIC SHAPERS

shaper:
  ## Values in B/s
  normal: 1000
  fast: 50000

max_fsm_queue: 1000
sm_db_type: redis

###.   ====================
###'   ACCESS CONTROL LISTS
acl:
  admin:
    user:
      - "admin": "ip-xx-x-x-xx.us-east-x.compute.internal"

  ## Local users: don't modify this.
  ##
  local:
    user_regexp: ""

  ## Loopback network
  loopback:
    ip:
      - "127.0.0.0/8"

###.  ============
###'  ACCESS RULES
access:
  ## Maximum number of simultaneous sessions allowed for a single user:
  max_user_sessions:
    all: 10
  ## Maximum number of offline messages that users can have:
  max_user_offline_messages:
    admin: 5000
    all: 100
  ## This rule allows access only for local users:
  local:
    local: allow
  ## Only non-blocked users can use c2s connections:
  c2s:
    blocked: deny
    all: allow
  ## For C2S connections, all users except admins use the "normal" shaper
  c2s_shaper:
    admin: none
    all: normal
  ## All S2S connections use the "fast" shaper
  s2s_shaper:
    all: fast
  ## Only admins can send announcement messages:
  announce:
    admin: allow
  ## Only admins can use the configuration interface:
  configure:
    admin: allow
  ## Admins of this server are also admins of the MUC service:
  muc_admin:
    admin: allow
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create:
    local: allow
  ## All users are allowed to use the MUC service:
  muc:
    all: allow
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode:
    local: allow
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register:
    all: allow
  ## Only allow to register from localhost
  trusted_network:
    loopback: allow

###.  ================
###'  DEFAULT LANGUAGE

## language: Default language used for server messages.
language: "en"

###.  =======
###'  MODULES

## Modules enabled in all ejabberd virtual hosts.
modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce: # recommends mod_adhoc
    db_type: riak
    access: announce
  mod_blocking: {} # requires mod_privacy
  mod_caps:
    db_type: riak
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {} # requires mod_adhoc
  mod_disco: {}
  mod_http_bind: {}
  mod_last:
    db_type: riak
  mod_mam:
    default: always
    db_type: odbc
  mod_muc:
    ## host: "conference.@HOST@"
    db_type: riak
    access: muc
    access_create: muc_create
    access_persistent: muc_create
    access_admin: muc_admin
  mod_muc_admin: {}
  ## mod_muc_log: {}
  ## mod_multicast: {}
  mod_offline:
    db_type: riak
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy:
    db_type: riak
  mod_private:
    db_type: riak
  mod_pubsub:
    access_createnode: pubsub_createnode
    ## reduces resource comsumption, but XEP incompliant
    ignore_pep_from_offline: true
    ## XEP compliant, but increases resource comsumption
    ## ignore_pep_from_offline: false
    last_item_cache: false
    plugins:
      - "flat"
      - "hometree"
      - "pep" # pep requires mod_caps
  mod_register:
    welcome_message:
      subject: "Welcome!"
      body: |-
        Hi.
        Welcome to this XMPP server.

    ip_access: trusted_network
    access: register
  mod_roster:
    db_type: riak
  mod_shared_roster:
    db_type: riak
  mod_vcard:
    db_type: riak
  mod_version: {}

allow_contrib_modules: true

###.
###'
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:

Step1-InstallationCentOS.md

Step 1 / 2

This step of the guide walks through installing ejabberd on CentOS 7. At the end, you will have Erlang, ejabberd, Riak KV, Redis, and MySQL installed (Elixir install optional).

Install development tools

# Install Extra Packages for Enterprise Linux
$ sudo yum install epel-release

# Make sure the packages installed are update-to-date
$ sudo yum -y update && sudo yum -y upgrade

# Install development tools
$ sudo yum install gcc gcc-c++ glibc-devel make ncurses-devel openssl-devel autoconf java-1.8.0-openjdk-devel git wxBase.x86_64

Install Erlang

# Install erlang solutions repo
$ wget http://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm
$ rpm -Uvh erlang-solutions-1.0-1.noarch.rpm

# Install Erlang
$ sudo yum instal erlang

Install Ejabberd

$ sudo wget -O ejabberd-16.04-0.x86_64.rpm https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/16.04/ejabberd-16.04-0.x86_64.rpm
$ sudo rpm -ivh ejabberd-16.04-0.x86_64.rpm

Start Ejabberd:

# Copy the .service file into /etc/systemd/system
$ sudo cp /opt/ejabberd-16.04/bin/ejabberd.service /etc/systemd/system/

# Start ejabberd service
$ sudo systemctl start ejabberd

Install Riak KV

# Add Riak repo from packagecloud
$ curl -s https://packagecloud.io/install/repositories/basho/riak/script.rpm.sh | sudo bash

# Install Riak
$ sudo yum install riak

# Start Riak
$ sudo riak start

# Verify it is up
$ sudo riak ping
pong

# Test writing to Riak
$ sudo riak-admin test
Successfully completed 1 read/write cycle to 'riak@127.0.0.1'

Install Redis

To install and start a Redis server:

# Install redis
$ sudo yum install redis

# Start redis
$ sudo systemctl start redis

Install MySQL

To install MySQL:

# Install MySQL server
$ sudo yum install mysql-server

# Start MySQL
$ sudo systemctl start mysqld

If you want to "secure" your MySQL installation from known vulnerabilities, start the interactive guide:

$ sudo mysql_secure_installation

Next steps

• Configure ejabberd

Optional: Elixir

Install Elixir

# Install Elixir
$ cd /opt
$ sudo git clone https://github.com/elixir-lang/elixir.git
$ cd elixir/
$ sudo make clean test

# Create symlinks
$ sudo ln -s /opt/elixir/bin/iex /usr/local/bin/iex
$ sudo ln -s /opt/elixir/bin/mix /usr/local/bin/mix
$ sudo ln -s /opt/elixir/bin/elixir /usr/local/bin/elixir
$ sudo ln -s /opt/elixir/bin/elixirc /usr/local/bin/elixirc

External resources

Full install instructions:

• Erlang
• Ejabberd
• Riak

Step2-ConfigureEjabberd.md

Step 2 / 2

This step of the guide walks through configuring ejabberd to use Riak KV for persistence and MySQL for message archiving. You can either follow each step in this file, or you can just use the finished ejabberd.yml as an example.

Configure to use Riak KV

Update ejabberd.yml with Riak connection details:

riak_server: "localhost"
riak_port: 8087

Then, you will need to configure the ejabberd modules to use Riak as their data store. See modules section of ejabberd.yml

Configure MAM to use MySQL

Update ejabberd.yml with MySQL connection info:

odbc_type: mysql
odbc_server: "localhost"
odbc_database: "ejabberd"
odbc_username: "username"
odbc_password: "password"

Then, you will want to enable mod_mam in ejabberd.yml and set the storage for mod_mam to be MySQL:

  mod_mam:
    default: always
    db_type: odbc

Finally, you will have to create the MySQL database ejabberd:

# Get the DB schema file from ejabberd's GitHub
$ sudo wget https://raw.githubusercontent.com/processone/ejabberd/master/sql/mysql.sql

# Log into MySQL
$ mysql -u root 

# Create ejabberd database
mysql> CREATE DATABASE ejabberd;

# Create ejabberd user
mysql> CREATE USER 'ejabberd'@'localhost' IDENTIFIED BY 'password';

# Grant ejabberd user privileges to ejabberd database
mysql> GRANT ALL on ejabberd.* to 'ejabberd'@'localhost';

# Reload privileges
mysql> FLUSH PRIVILEGES;

# Create tables in ejabberd DB from schema file
$ mysql ejabberd -u ejabberd -p < mysql.sql

Configure to use Redis for Session Management

Update ejabberd.yml with Redis connection info:

redis_server: "127.0.0.1"
redis_port: 6379
redis_db: 0

Find this line:

sm_db_type: mnesia

And change it to use Redis:

sm_db_type: redis