The following is a sequence of trial and errors, one by one, covering the path from the default config file to a working one. It is intended to be a search engine trap for people trying to resolve configuration problems.
In my setup, the jabberd ecosystem resides on a readonly filesystem, so the very first thing to do is to copy the
If you're not familiar with
To quit without saving type '
To save changes and quit type '
To move around use the arrow keys
To start writing at cursor press '
To get out of the writing mode (so that you can move somewhere else) press 'Esc'
To delete character at cursor press '
The changes I did at first were:
1.
To prevent the message
I changed
2.
Next I launched jabberd in debug mode (
The comments in the file say:
So I commented out
3.
Yes, this is true, the daemon was compiled without any sql support. I've followed the steps in
4.
5.
hmm, seems to be working ..., time to launch kopete and try registering a user hajma@192.168.1.1. It failed, of course. The message I got from Kopete was definitely not helpful: "There was an error in the protocol stream: There was a conflict in the information received." and "Unable to create account on the server. The Jabber ID is probably already in use.". What a nonsense ... a brief look into the konsole shows the infamous "bouncing a routed packet" message:
In short, to make jabberd working correctly, you have to replace all occurences of '
6.
Registering with Kopete again ... This time I only got one error: "Unable to create account on the server. The Jabber ID is probably already in use.". And again it was completely unrelated - in the konsole I found this:
The stupid thing Kopete completely ignores XEP-0077, does not ask the server what is needed for registration and just sends username and password. To support Kopete, I had to delete
After this change I am able to register a new user and send messages.
Just to be perfect I also changed
Off to the next level!
7.
To have it available from outside world, I replaced
To open a port in the AM-200g router, issue the following command:
8.
The main reason for running own jabber server is more privacy and that is impossible without encryption - let's do it.
To be able to use TLS I had to generate a self-signed certificate. I've used the procedure described at http://www.vanemery.com/Linux/Jabber/jabberd.html:
$ telnet 192.168.1.1 Trying 192.168.1.1... Connected to r (192.168.1.1). Escape character is '^]'. BCM96348 ADSL Router Login: admin Password: > sh BusyBox v1.00 (2005.04.12-18:11+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. # /var/usb/usb_1/bin/jabberd Not writing pidfile /var/usb/usb_1/var/run/jabberd/jabber.pid: Read-only file system
In my setup, the jabberd ecosystem resides on a readonly filesystem, so the very first thing to do is to copy the
etc/jabber.xml file to the vfat partition and make sure the files that need to be dynamically created/modified are there as well.# mkdir /var/usb/usb_2/jabberd # cp /var/usb/usb_1/etc/jabber.xml /var/usb/usb_2/jabberd # /var/usb/usb_1/bin/vim /var/usb/usb_2/jabberd/jabber.xml
If you're not familiar with
vi, here's quick help:To quit without saving type '
:q' (colon q Enter)To save changes and quit type '
:wq' (colon w q Enter)To move around use the arrow keys
To start writing at cursor press '
i'To get out of the writing mode (so that you can move somewhere else) press 'Esc'
To delete character at cursor press '
x'The changes I did at first were:
1.
To prevent the message
Not writing pidfile /var/usb/usb_1/var/run/jabberd/jabber.pid: Read-only file system
I changed
/var/usb/usb_1/var/run/jabberd/jabber.pid to /var/usb/usb_2/jabberd/jabber.pid.2.
Next I launched jabberd in debug mode (
-D) and pointed it to the alternate config file (-c path/to/file):# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml Mon Jan 3 20:31:13 2000 mio_tls.cc:921 MIO TLS init (GNU TLS) Mon Jan 3 20:31:14 2000 log.cc:221 <log xmlns='jabber:server' type='warn' from='-internal'> Cannot open /var/usb/usb_1/etc/dhparams.pem for reading dhparams: No such file or directory</log> ...
The comments in the file say:
<!-- With the <dhparams/> element right inside the <tls/> element, --> <!-- you can configure a file containing parameters for Diffie --> <!-- Hellmann key exchanges. If this configuration setting is not --> <!-- present, jabberd14 will generated these parameters --> <!-- automatically on each startup. This takes some time, therefore --> <!-- you get a faster startup, if this setting is present. -->
So I commented out
<dhparams type='pem'>/var/usb/usb_1/etc/dhparams.pem</dhparams> as I don't know how to make it properly and don't mind waiting a few seconds more at startup. To start a comment, you write "<!--", you close it with "-->".3.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 20:47:02 2000 xdb_sql.cc:911 using the following query on SQL connection establishment: SET NAMES utf8 Mon Jan 3 20:47:02 2000 log.cc:221 <log xmlns='jabber:server' type='alert' from='xdbsql.localhost'>Your xdb_sql is compiled without support for the selected database driver 'mysql'.</log> Mon Jan 3 20:47:02 2000 xdb_sql.cc:813 processing handler definition: <handler xmlns='jabber:config:xdb_sql' ns='jabber:iq:last'> ... Mon Jan 3 20:47:03 2000 deliver.cc:837 delivering to instance 'elogger.localhost' Mon Jan 3 20:47:03 2000 deliver.cc:614 DELIVER 3:xdbsql.localhost <log xmlns='jabber:server' type='alert' from='xdbsql.localhost'>Your xdb_sql is compiled without support for the selected database driver 'mysql'.</log>
Yes, this is true, the daemon was compiled without any sql support. I've followed the steps in
README.filespool to setup jabber to store data in files - I definitely don't want to run sql server on the machine. Of course I replaced the <xdb_file>$PREFIX/lib/libjabberdxdbfile.so</xdb_file> with <xdb_file>/var/usb/usb_1/lib/libjabberdxdbfile.so</xdb_file>, and <spool><jabberd:cmdline flag='s'>$PREFIX/var/spool/jabberd</jabberd:cmdline></spool> with <spool><jabberd:cmdline flag='s'>/var/usb/usb_2/jabberd/jabberdspool</jabberd:cmdline></spool> - then made sure the directory exists:# mkdir /var/usb/usb_2/jabberd/jabberdspool
4.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 21:17:58 2000 log.cc:221 <log xmlns='jabber:server' type='alert' from='inject.localhost'> could not open directory /var/usb/usb_1/var/spool/jabberd/inject.localhost for reading</log> ...
inject.localhost is a directory, where some other process can put messages. jabberd then automatically sends them. To make it working I changed<in>/var/usb/usb_1/var/spool/jabberd/inject.localhost</in> to <in>/var/usb/usb_2/jabberd/inject.localhost</in> and created the directory with# mkdir /var/usb/usb_2/jabberd/inject
5.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ... Mon Jan 3 21:33:15 2000 jabberd.cc:336 main load check of 1.00 with 4 total threads Mon Jan 3 21:33:16 2000 users.cc:209 0 total users Mon Jan 3 21:33:17 2000 dialback.cc:1207 dialback idle check
hmm, seems to be working ..., time to launch kopete and try registering a user hajma@192.168.1.1. It failed, of course. The message I got from Kopete was definitely not helpful: "There was an error in the protocol stream: There was a conflict in the information received." and "Unable to create account on the server. The Jabber ID is probably already in use.". What a nonsense ... a brief look into the konsole shows the infamous "bouncing a routed packet" message:
Mon Jan 3 21:35:40 2000 deliver.cc:614 DELIVER 4:192.168.1.1 <route xmlns='jabber:server' type='auth' to='hajma@192.168.1.1' from='14@c2s/100E0278'><iq type='set' to='192.168.1.1' id='aab0a'> <query xmlns='jabber:iq:register'> <username>hajma</username> <password>qwertyuiop</password> </query> </iq></route> Mon Jan 3 21:35:40 2000 deliver.cc:837 delivering to instance 'dnsrv.localhost' Mon Jan 3 21:35:40 2000 deliver.cc:766 delivery failed (Internal Delivery Error) Mon Jan 3 21:35:40 2000 log.cc:221 <log xmlns='jabber:server' type='notice' from='192.168.1.1'>bouncing a routed packet to hajma@192.168.1.1 from 14@c2s/100E0278: Internal Delivery Error</log>
In short, to make jabberd working correctly, you have to replace all occurences of '
localhost' by the domain or IP jabberd is listening at. Now I replaced localhost with 192.168.1.1.6.
# /var/usb/usb_1/bin/jabberd -D -c /var/usb/usb_2/jabberd/jabber.xml ...
Registering with Kopete again ... This time I only got one error: "Unable to create account on the server. The Jabber ID is probably already in use.". And again it was completely unrelated - in the konsole I found this:
Mon Jan 3 21:50:02 2000 mod_register.cc:278 we got a reply for: username Mon Jan 3 21:50:02 2000 mod_register.cc:278 we got a reply for: password Mon Jan 3 21:50:03 2000 mod_register.cc:298 returned err msg: Missing data field: name ... <error code='400' type='modify'><bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Missing data field: name</text></error></iq></route>
The stupid thing Kopete completely ignores XEP-0077, does not ask the server what is needed for registration and just sends username and password. To support Kopete, I had to delete
<name/> and <email/> from the <register xmlns="jabber:iq:register" notify="yes"> section.After this change I am able to register a new user and send messages.
Just to be perfect I also changed
/var/usb/usb_1/var/log/jabberd/error.log to /var/usb/usb_2/jabberd/error.log.Off to the next level!
7.
To have it available from outside world, I replaced
192.168.1.1 with my_domain.cz.To open a port in the AM-200g router, issue the following command:
iptables -I INPUT -p tcp -i ppp_8_48_1 --dport 5222 -m state --state NEW -j ACCEPT
8.
The main reason for running own jabber server is more privacy and that is impossible without encryption - let's do it.
To be able to use TLS I had to generate a self-signed certificate. I've used the procedure described at http://www.vanemery.com/Linux/Jabber/jabberd.html:
$ openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out key.pem Generating a 1024 bit RSA private key ...........++++++ .........++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
No comments:
Post a Comment