ejabberd on FreeBSD 8.1

Hi all,

Continuing with services on FreeBSD after Postfix/Dovecot and FreeNX, today we'll see how easy it is to setup a jabber server (aka a private chat server) that can be used within a company or for any organization that doesn't want to use a public chat like MSN/Yahoo/Skype or a more expensive solution like Office Communicator. The server we're going to use is ejabberd. Also we'll add SSL encryption to make things secure and cool :D. Furthermore, you can get a client for Jabber for almost any operating system. In this guide I'm going to use 2 different jabber clients. Psi and Pandion.

Note about ejabberd and Java – if you try to install ejabberd from packages using pkg_add -r ejabberd, you will find that unless you have already set up Java on FreeBSD, installation will fail. That is because ejabberd depends on erlang and erlang depends on Java. Java cannot be installed on FreeBSD by using packages. I highly recommend to install ejabberd from ports and take out the options for Java and odbc. Java is a heavy beast on FreeBSD and unless you have it already or know that you will definitely need it, I do not recommend installing it. Following is how I installed ejabberd on FreeBSD 8.1 and took out the Java and odbc options.

ejabberd Prerequisites:

To make things install faster I recommend adding with pkg_add -r at least the following:pkg_add -r perl python pcre gettext bison bitstream vera cairo gmake
The ports skeleton obviously needs to be installed - for help lookhere

Let's see how to setup this in FreeBSD using ports.

ejabberd Installation

Begin by doing a cd /usr/ports/net-im/ejabberd

Then do a make config-recursive:

You'll get the options for ejabberd 2.1.5 – if ODBC is ticked, make sure to untick it.

You'll get the options for erlang r14b01_1,1 – make sure JAVA,ODBC and X11 are not selected. Just take WX and SMP.

You'll get the options for libiconv 1.13.1_1 – just take the defaults EXTRA_ENCODINGS.

You'll get the options for perl 5.10.1_3 – take the defaults PERL_64BITINT and USE_PERL

You'll get the options for jdk 1.6.0.3p4_22 – take the defaults WEB and TZUPDATE.

You'll get the options for wxgtk2-unicode 2.8.11 – take the defaults GSTREAMER and MSPACK.

You'll get the options for cups-client 1.4.6 – take the defaults GNUTLS

You'll get the options for diablo-jdk 1.6.0.07.02_13 – take the default TZUPDATE

You'll get the options for glib 2.26.1_1 – by default none is selected and that's fine

You'll get the options for png 1.4.5 – by default none is selected and that's fine

You'll get the options for gconf2 2.32.0_2 – by default none is selected and that's fine

You'll get the options for gtk 2.22.1_1 – take the default CUPS

You'll get the options for python26 2.6.6_1 – take the defaults THREADS,UCS4,PYMALLOC and IPV6

You'll get the options for gamin 0.1.10_4 – by default none is selected and that's fine

You'll get the options for orc 0.4.11 – by default none is selected and that's fine

You'll get the options for cairo 1.10.2_1,1 – take the default XCB

You'll get the options for libxslt 1.1.26_2 – take the default CRYPTO

You'll get the options for m4 1.4.15,1 – by default none is selected and that's fine

You'll get the options for docbook-xsl 1.75.2_1 – by default all are selected and that's fine

You'll get the options for jasper 1.900.1_9 – by default none is selected and that's fine

You'll get the options for jasper pixman 0.21.4 – by default none is selected and that's fine

You'll get the options for docbook 1.4 – just take the defaults, which are all except DB241,DB30,DB31 and DB40

You'll get the options for docbook 5.0_1 – by default all are selected and that's fine

Finally the preconfig seems to be done.

Let's do it again just to be sure. Type again: make config-recursive again.

If you're getting this, it means there were no more options left to set – we're good to go. Do a time make install clean to start compiling.

Just so you know what you're in for – the source code for erlang (the dependency of ejabberd is a massive 61MBs – this will probably take a while to install)

If all goes well you should see something like this:

Before we configure ejabberd let's also create a certificate for encrypted connections that we'll use later – this requires OpenSSL to be installed, if you need help with that look here: (Link FOR OPENSSL article)

just type:

openssl req -new -x509 -nodes -out /root/ejabberd.pem -keyout /root/ejabberd.pem -days 3650

Fill in the required information, example:

Let's configure ejabberd:

First, go to the configuration directory, do a cd /usr/local/etc/ejabberd

Copy the example configuration file to ejabberd.cfg – do a

cp ejabberd.cfg.example ejabberd.cfg

Edit the ejabberd.cfg file – do

ee ejabberd.cfg

Go to line 91:

{hosts, ["localhost"]}.

Change it to your domain, in my case:

{hosts, ["weirdbricks.com"]}.

Go to lines 120-123:

{access, c2s},

{shaper, c2s_shaper},

{max_stanza_size, 65536}

]},

change this part to:

{access, c2s},

{shaper, c2s_shaper},

starttls,{certfile,"/root/ejabberd.pem"},

starttls_required,

{max_stanza_size, 65536}

]},

Now go to line 435:

{access, register [{allow, all}]}.

Change it to:

{access, register, [{deny all}]}

What this setting changes is in-band registration – in other words now allowing the clients to register users themselves – the admin has to do it for them

Save and exit file.

Start the ejabberd server – do a:

/usr/local/sbin/ejabberdctl start

To check if the server is running do:

/usr/local/sbin/ejabberdctl status

Run ejabberd control and add a user – do a:

/usr/local/sbin/ejabberdctl register lampros weirdbricks.com lampros

Replace in the above command, 'lampros' with the desired username, weirdbricks.com with your domain and the 2nd lampros with the password you want for the user.

You should get something like this:

Add another user (we need at least 2 for testing!)

/usr/local/sbin/ejabberdctl register test weirdbricks.com test

To check the registered users do:

/usr/local/sbin/ejabberdctl registered_users weirdbricks.com

In my computer I get:

To make ejabberd start on system startup, edit your /etc/rc.conf file:

ee /etc/rc.conf

add the line ejabberd_enable="YES"

Windows Side (aka client side)

Let's go ahead and download the Jabber client for Windows called Psi. Go to: http://psi-im.org/

and click on 'Download Now'.

Save the file to your desktop (or wherever you like and run it).

Choose your language – English in my case and click 'OK'

The installation wizard will start. Click 'Next'

Licence agreement – click 'I Agree' to continue.

Take all the defaults but take out the 'Automatic startup (Current User)' and click 'Next'

Take the default installation directory and click 'Install'.

The wizard is almost done. Untick the 'Show Readme' but leave the 'Run Psi 0.14'. Click 'Finish' to start Psi.

You'll get the 'Useful Tips' message. Choose to not 'Show tips at startup' if you wish and click 'Close'.

You'll next get the 'Account setup' wizard. Click on 'Use existing account'. The 'Register new account' would only work if we had enabled the ejabberd server to allow users to create accounts. Most likely this isn't desirable in a private network/company/organization.

Next you'll get the 'Psi: Account Properties'. On Jabber ID type your full username- in my case lampros@weirdbricks.com and under password your account password. Next click on 'Connection'.

Tick the 'Manually Specify Server Host/Port:' and in 'Host' type your LAN address for the FreeBSD server. In my case 192.168.2.101. Leave the 'Encrupt connection' on 'When Available'.Leave the 'Port' to 5222 – the standard ejabberd port. Click 'Save' to finish.

You should get the main Psi window. To connect click 'Offline' and switch to 'Online'.

If you used a certificate with OpenSSL per my instructions you should get a message like this:

Clicking on 'Details...' will show us the details we filled in earlier in the OpenSSL command!

Click 'Close' on the 'Certificate Information' page and then click on 'Trust this certificate'. The certificate warning won't come up again. This is normal with self-signed certificates.

Next the 'lampros@weirdbricks.com' card will come up. It's optional to fill anything in and I don't recommend it. Just click on 'Close' to continue.

And as you can see you are connected succesfully.

Let's add the user 'test@weirdbricks.com' and run a test. To do that, click on 'General'->'Add a contact'.

All you need to do is enter 'test@weirdbricks.com' in Jabber ID. Then click 'Add' to add the user.

You'll get the message 'Add User: Success'. Just click 'OK' to continue.

As you can see the user is under your contacts, but is shown as Offline.

Keep the Psi window open. Do not close it. Let's download a 2nd window client and log in as the test@weirdbricks.com user.

Go to http://pandion.im to download the Pandion Jabber client. Click on 'Pandion 2.6.106 Free Download – GPL3+ 1.8 MB – Windows' 1.8 MB is pretty small compared to the 17MB of Psi.

Save the file somewhere on your desktop and run it.

For some reason I don't understand Windows Vista Home Premium gives me this error when trying to install it even though my user has Administrator privileges. If anyone knows what I'm doing wrong here let me know.

If you do get the same error there is a simple workaround: right click on your Command Prompt and click on 'Run as Administrator'.

Navigate to the directory where you saved the file and run it from there. In my case I type cd UserslamprosDownloads, then just type the name of the file to run it: pandion_setup.msi and press enter to execute. Pandion will now run with no problems.

You'll get the main Pandion window. Type in your full username, in this case the test@weirdbricks.com user and the password. Also tick 'Remember my password'. Then click on 'Connectioon settings'.

'Connection Settings' will come right up. Under 'Server Connection' type the local FreeBSD's IP address as we did for Psi: 192.168.2.101. Leave the 'Port' on 'Automatic'. Under 'Secure Communication' make sure that 'Use TLS encryption if availableon the server' is selected. Under 'Sign In Authentication' we need the 'Address and password'. Click 'OK' to finish.

This will take us back to the main Pandion screen. Click on 'Sign In'. Instantly we'll get the 'Authorization Request' from user 'lampros@weirdbricks.com'. Just as you would expect in MSN. Click on 'Accept' to add the other user.

If you expand the Contacts by clicking on the little '+' you'll see that user 'lampros@weirdbricks.com' needs to Authorise user 'test@weirdbricks.com'.

Leave Pandion open and bring Psi up too. You'll see that the user 'test@weirdbricks.com' has an exclamation mark flashing.

Double click on that exclamation mark. You'll see a 'System Message' explaining that the user wants to add you. Just click 'Add/Auth' to continue adding the user.

You'll see that on Pandion the user 'lampros@weirdbricks.com' is now shown online.

Click and send a message!

You'll instantly see Psi flashing. Double click on the icon to see the message.

As you can see it works great!

This ends my tutorial on basic ejabberd.