217
edits
m (Update ejabberd URLs.) |
Neustradamus (talk | contribs) m |
||
(7 intermediate revisions by 5 users not shown) | |||
Line 10: | Line 10: | ||
=== Step1: Get a server certificate=== | === Step1: Get a server certificate=== | ||
Let's say you run an XMPP service for <code> | Let's say you run an XMPP service for <code>domain.tld</code> (jids of user@domain.tld), you will need to order a certificate for with a subject or alt-name of <code>domain.tld</code> (not <code>server.domain.tld</code>) from your preferred cert provider. The certificate should also include alt-names for subomains such as <code>conference.domain.tld</code>, at least for services that should be accessible to remote users. | ||
=== Step 2: Disable cleartext connections === | === Step 2: Disable cleartext connections === | ||
Line 17: | Line 17: | ||
==== ejabberd ==== | ==== ejabberd ==== | ||
Make sure that your ''ejabberd.yml'' contains the [http://docs.ejabberd.im/admin/guide/configuration/#listening-ports following settings]. | Make sure that your ''ejabberd.yml'' contains the [http://docs.ejabberd.im/admin/guide/configuration/#listening-ports following settings]. | ||
* For ejabberd >= 17.12 list all available PEM files in this top-level option | |||
certfiles: | |||
- "/etc/ejabberd/*.pem" | |||
* For client-to-server connections: | * For client-to-server connections: | ||
Line 24: | Line 28: | ||
module: ejabberd_c2s | module: ejabberd_c2s | ||
starttls_required: true | starttls_required: true | ||
certfile: "/etc/ejabberd/certificate.pem" | # For ejabberd < 17.12 | ||
# certfile: "/etc/ejabberd/certificate.pem" | |||
* For server-to-server connections: | * For server-to-server connections: | ||
s2s_use_starttls: required | s2s_use_starttls: required | ||
s2s_certfile: "/etc/ejabberd/certificate.pem" | # For ejabberd < 17.12 | ||
# s2s_certfile: "/etc/ejabberd/certificate.pem" | |||
Further help: | Further help: | ||
* Homepage: [https://www.ejabberd.im/ ejabberd IM] | * Homepage: [https://www.ejabberd.im/ ejabberd IM] | ||
* Chatroom: [xmpp:ejabberd@conference. | * Chatroom: [xmpp:ejabberd@conference.process-one.net?join ejabberd@conference.process-one.net] | ||
* Documentation: [http://docs.ejabberd.im/admin/guide/ ejabberd Installation and Operation Guide] | * Documentation: [http://docs.ejabberd.im/admin/guide/ ejabberd Installation and Operation Guide] | ||
==== Prosody ==== | ==== Prosody ==== | ||
Prosody is aiming to be secure by default, as of version 0.12.x no changes to the default configuration is required to enable or enforce encrypted connections. | |||
Further help: | Further help: | ||
Line 53: | Line 57: | ||
Further help: | Further help: | ||
* Homepage: [ | * Homepage: [https://metronome.im Metronome IM] | ||
* Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im] | * Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im] | ||
* Documentation: [ | * Documentation: [https://metronome.im/documentation metronome.im/documentation] | ||
==== Tigase ==== | ==== Tigase ==== |
edits