Difference between revisions of "Securing XMPP"

Jump to navigation Jump to search

Securing XMPP (view source)

Revision as of 11:31, 2 April 2018

46 bytes added ,  11:31, 2 April 2018
m
→‎Metronome: Correct broken links
m (ejabberd section: Cosmetic changes)
 
m (→‎Metronome: Correct broken links)
(4 intermediate revisions by 3 users not shown)
Line 10: Line 10:


=== Step1: Get a server certificate===
=== Step1: Get a server certificate===
Let's say you run an XMPP service for <code>example.net</code> (jids of user@example.net), you will need to order a certificate for with a subject or alt-name of <code>example.net</code> (not <code>server.example.net</code>) from your preferred cert provider ([http://startssl.com/ StartSSL] offers free certificates and is quite good).
Let's say you run an XMPP service for <code>example.net</code> (jids of user@example.net), you will need to order a certificate for with a subject or alt-name of <code>example.net</code> (not <code>server.example.net</code>) from your preferred cert provider.


=== Step 2: Disable cleartext connections ===
=== Step 2: Disable cleartext connections ===
Line 16: Line 16:


==== ejabberd ====
==== ejabberd ====
Make sure that your ''ejabberd.yml'' contains the [http://www.process-one.net/docs/ejabberd/guide_en.html#listened-options following settings].
Make sure that your ''ejabberd.yml'' contains the [http://docs.ejabberd.im/admin/guide/configuration/#listening-ports following settings].
 
* For ejabberd >= 17.12 list all available PEM files in this top-level option
certfiles:
  - "/etc/ejabberd/*.pem"


* For client-to-server connections:
* For client-to-server connections:
Line 24: Line 28:
     module: ejabberd_c2s
     module: ejabberd_c2s
     starttls_required: true
     starttls_required: true
     certfile: "/etc/ejabberd/certificate.pem"
     # For ejabberd < 17.12
    # certfile: "/etc/ejabberd/certificate.pem"


* For server-to-server connections:
* For server-to-server connections:
  s2s_use_starttls: required
  s2s_use_starttls: required
  s2s_certfile: "/etc/ejabberd/certificate.pem"
  # For ejabberd < 17.12
# s2s_certfile: "/etc/ejabberd/certificate.pem"


Further help:
Further help:
* Homepage: [https://ejabberd.im/ ejabberd.im]
* Homepage: [https://www.ejabberd.im/ ejabberd IM]
* Chatroom: [xmpp:ejabberd@conference.jabber.ru?join ejabberd@conference.jabber.ru]
* Chatroom: [xmpp:ejabberd@conference.process-one.net?join ejabberd@conference.process-one.net]
* Documentation: [https://www.process-one.net/docs/ejabberd/guide_en.html ejabberd Installation and Operation Guide]
* Documentation: [http://docs.ejabberd.im/admin/guide/ ejabberd Installation and Operation Guide]


==== Prosody ====
==== Prosody ====
Line 53: Line 59:


Further help:
Further help:
* Homepage: [http://www.lightwitch.org/metronome Metronome IM]
* Homepage: [https://metronome.im Metronome IM]
* Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im]
* Chatroom: [xmpp:grimoire@muc.metronome.im?join grimoire@muc.metronome.im]
* Documentation: [http://www.lightwitch.org/metronome/documentation lightwitch.org/metronome/documentation]
* Documentation: [https://metronome.im/documentation metronome.im/documentation]


==== Tigase ====
==== Tigase ====
Maranda
2

edits

Retrieved from "https://wiki.xmpp.org/web/Special:MobileDiff/6373...10091"

Navigation menu