Jabber Service

We've very little docs on this, so as I come across things, I'll add them here.

  • If the jabber service dies, or you reboot it, you need to tell the nagios notification bot to rejoin. Do this by running om jnotify stop/start on the nagios server (and backup nagios server).
  • Persistent jabber stuff seems to be stored in /var/lib/jabberd/, which is mirrored and should be restored or moved if moving the service to another machine (along with the logs in /var/www/jabberd/html)
  • The jabber room logs need the room to be configured /configure to enable logging. If you want them to be accessible on via web, some apache config is needed to create the URL alias to point at them.
  • You don't need any specific roles/entitlements to access jabber, but some rooms have individual config "/config" in an existing chat. eg the "cos" room is invite only. You do need the jabber/muc/cos entitlement to see the logs on the web though
    • From pidgin (or similar) to invite someone, join the room yourself and issue "/invite uun@inf.ed.ac.uk" (optionally followed by a welcome message). It won't work with an unqualified uun.

Some jabber client docs:

x509 Certificates

There are 3 certificates involved. At the time of writing they were:

/etc/jabberd/comodo-xmpp.pem - seems to be the actual jabber xmpp cert
Subject: C=GB, ST=City of Edinburgh, L=EDINBURGH, O=University of Edinburgh, OU\
=Informatics, CN=inf.ed.ac.uk
Used in: /etc/jabberd/c2s.xml 
Configured by: jabberd.c2s_pemfile and c2s_oldpemfile

 /etc/pki/tls/certs/le-jabber.crt - https://jabber.inf.ed.ac.uk
Subject: C=GB, ST=City of Edinburgh, L=EDINBURGH, O=University of Edinburgh, OU\
=Informatics, CN=jabber.inf.ed.ac.uk
This cert is now an Lets Encrypt x509 component certificate
Used in: /etc/httpd/lcfg.sites.d/jabber.conf
Configured by: apacheconf.vhostsslcert_jabber
apacheconf.vhostsslcert_jabber		<%x509.certfile_jabhttps%>
apacheconf.vhostsslkey_jabber		<%x509.keyfile_jabhttps%>
apacheconf.vhostsslchain_jabber		<%x509.chainfile_jabhttps%>

/etc/pki/tls/certs/jabcos.crt - cosign channel
Subject: CN=jabber.inf.ed.ac.uk, OU=Informatics, O=The University of Edinburgh, L=Edinburgh, ST=Scotland, C=GB
Used in: /etc/httpd/conf.d/cosign-client
Configured by: cosign.file_filter_crt

So the HTTPS and the Cosign certs are generated by the x509 component, using Lets Encrypt where appropriate.

We'd like to use LE for the actual xmpp cert, but it is named "inf.ed.ac.uk", so it might be a bit tricky to get LE to generate that. Toby is going to have a look.


It was simpler to get an old style Quovadis cert for inf.ed.ac.uk. Toby obtained a .crt .key and quovadis-ev-g3.chain file.

To be of use for jabber, they all need cat'd together into a single .pem, and then etc/jabberd/c2s.xml pointed at it. =cat .crt .pem .chain > xmpp.pem

Behind the scenes

  • List of rooms in /var/lib/jabberd/conference.localhost/rooms.xml
  • From the list of rooms you can extra a jid for the room, eg 984879140f5d037757c0f19dd97fb3a0a9582, in that same dir you can then find 984879140f5d037757c0f19dd97fb3a0a958.xml which has mark for the room settings, eg
  • the chatroom stuff is the "mu-conference" part of jabber. /etc/jabberd/jabberd.cfg set mu config file to be /etc/jabbed/muc-jcr.html - in there are room defaults/settings

-- NeilBrown - 03 Feb 2020

Topic revision: r9 - 13 Aug 2020 - 09:32:08 - NeilBrown
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies