🚀 Liran Tal

~ 5 min read

Jabberd2 Deployment

share this story on
Conferencing room for your Asterisk PBX

Jabberd2 deployment.

Quick introduction – jabber or rather XMPP is a protocol or set of protocols which define a transport layer for messages and media streams. Similar to SIP, it is a sort of signaling medium on which messages can be exchanged.

Jabberd2 is the successor of jabberd1 and can be found at http://jabberd2.xiaoka.com/ In general, it is possible to think of the jabberd concept as an implementation of a collaboration framework, much like an enhanced IRC implementation.

We will deploy it to provide Instant Messaging and Conferencing between users.

Installation, dependencies

First off, meet the package requirements and install: OpenSSL support

  • libssl-dev (>= 0.9.6b)
  • libssl0.9.8
  • openssl
apt-get install libssl-dev libssl0.9.8 openssl

Libidn support

  • libidn11
  • libidn11-dev
apt-get install libidn11 libidn11-dev

Expat

  • libexpat1
  • libexpat1-dev
apt-get install libexpat1 libexpat1-dev

roommaker.pl script:

  • libxml-simple-perl
  • libdigest-sha1-perl
apt-get install libxml-simple-perl libdigest-sha1-perl

If you don’t have MySQL installed already then also:

apt-get install mysql-server-5.0 libmysqlclient15-dev libmysqlclient15off

Another important requirement is that you have resolvable domain names which will resolve to the IP address of the jabberd server. If you plan on also deploying the conference plugin to allow chat rooms then you will need 2 domain names.

We will assume through-out the document that the domain names are: im.example.com and conf.example.com

Installation, deployment

tar -xvf jabberd-2.1.17.tar.bz2
cd jabberd-2.1.17
./configure –enable-mysql –enable-ssl –enable-idn –with-extra-include-path=/usr/local/lib/:/usr/lib/ssl/ –with-extra-library-path=/usr/lib

If at this point you receive errors from configure it means you probably didn’t meet at least one of the dependencies or you have it installed elsewhere, if which that is the case then tweak the include or library configure options accordingly. To continue:

make
make install

chown -R root:jabber /usr/local/etc/jabberd*
chmod -R 640 /usr/local/etc/jabberd*

mkdir -p /usr/local/var/jabberd/pid
mkdir -p /usr/local/var/jabberd/log
mkdir -p /usr/local/var/jabberd/spool/rooms

Then change to the /usr/local/etc directory and perform changes as following to the configuration xml files that are present there:

c2s.xml:
im.example.com
register-enable='true'
pemfile='/usr/local/etc/server.pem'>im.example.com
  • Make the tag changes in the c2s.xml file as shown above.
  • To the end of the file there’s the mysql module configuration, you can leave it as it is with the default jabberd2/secret user/pass account or change it (but you will also have to remember to make those changes later when we create that user in mysql)
sm.xml:

im.example.com

admin@im.example.com

templates/roster.xml: (Controlling what users automatically appear on the contact list)

Support

  • Uncomment that query tag and make it look something like that.

MySQL configuration

in the source package where the tar.gz file was extracted there’s a directory tools/ and inside it a db-setup.mysql file. With the root user account run: mysql -u root -p < db-setup.mysql It will create the database jabberd2 and populate all the tables.

Then we need to allow the jabberd2 user which is configured in all the files (c2s, sm, etc) access to the database, inside mysql console run:

GRANT select,insert,delete,update ON jabberd2.* to jabberd2@localhost IDENTIFIED by 'secret';

Note, if you change that password from ‘secret’ to something else be sure to make changes in the configuration files as well.

If everything went well you can run the jabberd program (it’s actually a script that calls the rest of the server components) as follows:

/usr/local/bin/jabberd

And now check syslog, hopefully for successful messages.

Deploying the mu-conference conferencing plugin is done as follows: Get the program from: http://download.gna.org/mu-conference/

wget http://download.gna.org/mu-conference/mu-conference_0.7.tar.gz
tar -zxvf mu-conference_0.7.tar.gz
cd mu-conference_0.7
make

copy the mu-conference binary to /usr/local/bin
copy the muc.xml configuration file to /usr/local/etc

configure the muc.xml file as follows:

conf.example.com
conf.example.com
127.0.0.15347 
secret
/usr/local/var/jabberd/spool/rooms
/usr/local/var/jabberd/log/usr/local/var/jabberd/pid/mu-conference.pid
255

admin@im.example.com
  • Changing the loglevel to 255 is a good idea when starting out, later you can change it back.

For creating persistent rooms – meaning that they always exist on the server without having each user create them manually when he or she pleases:

in the source directory for mu-conference there’s a scripts/ directory, there you can find the roommaker.pl script, run it and answer the questions as follows:

Please enter spool directory path (e.g. /usr/local/jabber/spool): /usr/local/var/jabberd/spool/rooms
Please enter jid for the room: lobby@conf.example.com
/usr/local/var/jabberd/spool/conf.example.com/ doesn’t exist – Create? (Y/N) y
Creating Directory

Configuring room lobby@conf.example.com
Filename: /usr/local/var/jabberd/spool/conf.example.com/[long-alpha-numeric-text].xml

General Options

Room name (text) [Default: lobby]:
Password (text) [Default: ]:
Room description/MOTD (text) [Default: ]:
Room subject (text) [Default: ]:
Bare JID of room creator (text) [Default: ]: admin@im.example.com
Is room public (0/1) [Default: 0]:
Maximum Users  (value) [Default: 0]: 256

Permission Options

Allow non-admins to see real jids (0/1) [Default: 0]:
Can users change subject (0/1) [Default: 0]:
Allow users to IQ query other users (0/1) [Default: 0]:

Legacy Options:

Consider all clients legacy (0/1) [Default: 0]:
Legacy join message (text) [Default: ]:

Legacy leave message (text) [Default: ]:
Legacy rename message (text) [Default: ]:

Moderation Options:

Is room moderated (0/1) [Default: 0]:
Skipping Moderation options

Member-Only Options:

Make room member-only (0/1) [Default: 0]:
Skipping Moderation options

Logging Options:

Enable native room logging (0/1) [Default: 0]: 1
Log Format
0] Plain Text
1] XML
2] XHTML
[Default: 0]: 0

Owner List:

JID of owner (Empty line to exit): admin@im.example.com
JID of owner (Empty line to exit):

Admin List:

JID of admin (Empty line to exit): admin@im.example.com
JID of admin (Empty line to exit):

Member List:

JID of member (Empty line to exit):

Outcast List:

JID of outcast (Empty line to exit):

Writing Room definition file
Room registry not found. Creating

Writing updated Room registry file
[jabberd@opennms scripts]

What it will do is create rooms.xml and another long-name.xml file inside the /usr/local/var/jabberd/spool/rooms/conf.example.com/ directory, copy those files to the actual /usr/local/var/jabberd/spool/rooms/ folder (overwrite the rooms.xml it’s ok)

Then try running jabberd, after that you can run the mu-conference program manually by running /usr/local/bin/mu-conference -c /usr/local/etc/muc.xml And check it’s log file at: /usr/local/var/jabberd/log/mu-conference.log to see that everything is ok.

Bibliography: very useful information can be found at jabberd2 deployment: http://jabberd2.xiaoka.com/wiki/InstallGuide/

mu-conference configuration and package:

Liran Tal is the author of the book Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

The book: Node.js Secure Coding: Defending Against Command Injection Vulnerabilities