Monday, August 06, 2007

Installing Jabber 2 IM Server

Once the basic Fedora installation has been completed, then we can install Jabber 2 Instant Messaging Server.  This has now been released into the community as a production release.  The version I am using here is Jabber 2.0s1
The source program, documentation and informal support information can be found at http://jabberd.jabberstudio.org/2
A lot of Jabber 2 documentation can be found at http://www.jabberdoc.org/FrontPage - which is the official Jabber Documentation Project.  (I have to say that this set of documentation is really quite excellent!)  If there are any omissions in this web page here, or something doesn't work, then please consult the official documentation!
These guidelines are here to help other people work through the installation of Jabber 2 – and they are what I did – they don't necessarily fit in to the environment that other people have!  Again, the hardware is a bog-standard PIII with an IDE HDD, CD-ROM and about 256Mb RAM.
Ok, so the first thing to do is to start a console session into the Fedora server.  As we've configured, it'll be an SSH telnet connection and logged in as the root superuser.
Create a new user and a new group to run the Jabber services – type [groupadd jabber {return}] and then [useradd –g jabber jabber {return}].  Or, Webmin can be used to create the user and group.  Make sure that you add the jabber user to the jabber group!
Next is to create some directories (folders) for Jabber to store PID files.  (PID files are files that are created when a service runs, to allocate and identify the process number that it runs.)
At the console, type [mkdir –p /usr/local/var/jabber/pid/ {return}] (mkdir is the command to make a directory, the –p is to make parent directories if necessary and the /usr…is the path to the directory.  Note that unlike MS-DOS, the directory slashes are the other way round!!)
Then change the ownership of the directory (and it's sub files) to the jabber user just created.  Type [chown –R jabber:jabber /usr/local/var/jabber/pid/ {return}]  (chown is the command to change the owner of files/directories, the –R means recursive – change the owner of all of the files and directories below.  The jabber:jabber part is the user and the group the ownership should be changed to and the directory path is the same as above.)
For more information about the chown and chmod command, permissions and owners, please see my permissions page.
The next stage is to install Jabber 2.
SFTP the Jabber installation tgz to your temporary install folder (mine is /stuff) - if you haven't already.
In a console session, unpack the install files by typing [tar –zxvf jabberd (and then press the tab key to fill in the rest of the filename automatically) {return}].  This will extract the installation files into a new directory.
Change to the new directory by typing [cd jabberd (and then press the tab key to fill in the rest of the filename automatically) {return}].
At this point, it is time to do the configuring for Jabber.  I have had many, many problems with this in the past, however a recent newsgroup post has lightened things considerably!  The main problems were to do with OpenSSL and Kerberos.  OpenSSL is the back-end program that runs SSL connections (both for the web server and Jabber amongst other things)  However, configuring Jabber without Kerberos support seems to work just fine!  As the newsgroup post pointed out, if you don't know what Kerberos is, then you don't need it!
So, at the console, type [export CPPFLAGS="-DOPENSSL_NO_KRB5" {return}].
Please note that the case is important here!
Then type [./configure {return}] to start the Jabber configure process.
Configuring may take a little time (about a minute on my machine) however it should end up back at the prompt with no errors!!  If it does stop quite quickly with errors, then you'll have to work out why and put it right!! (You're on your own here! J)
Once the "configure" has completed, then it's time to build the Jabber install.  At the console, type [make {return}]
This again may take some time, (more than two minutes on my machine!) but should not elicit any errors.  If it does…see note above!!!
Once the make is done, then it's time to install for real.  At the console type [make install {return}].  This will install Jabber – and should take seconds!!  Again, there should be no errors.
Now we set the ownership of the Jabber files and executables for the jabber user and also set permissions on the files so that only the jabber user and the root superuser can use them.
At the console, type [chown jabber:jabber /usr/local/etc/jabberd/* {return}]
Then set the permissions as follows [chmod 660 /usr/local/etc/jabberd/* {return}]
The Jabber documentation says that it is purely option to create a symlink to the jabber config files, however I find it a much easier path to type (/etc/jabberd) than the full path and therefore I do it:
At a console, type [ln –s /usr/local/etc/jabberd/ /etc/jabberd {return}]
You can then access the jabber config files just by typing [cd /etc/jabberd {return}]
The next stage is to make some minor changes to some of the jabber config files – just for neatness.  (Major config changes coming up later!)
At a console, type [cd /etc/jabberd {return}].  This takes you to the jabber config folder.
Type [ls –l {return}].  This will list the config files.  Note that there are files in the directory that have a ".dist" extension.  These are files installed by jabber initially to provide a backup, in case your config gets screwed!  I normally create a new folder to move these to, just to make things a bit cleaner!
At the console, type [mkdir zbackup {return}].  This creates a new directory called "zbackup".  Strange name – however the "z" ensures that the directory is last in the listing.  That way, the main ".xml" config files are listed first and are easier to read.
Then type [mv *.dist zbackup {return}].  This will move the ".dist" files into the new directory, out of the way.
There should now be two directories and seven files (six have an ".xml" extension and one has a ".cfg" extension) in that directory.  The .xml files are the files that "drive" the jabber server.  The cfg file can be left alone!
So, to start, the MYSQL database tables need to be created, the database user and the password needs to be set.
First the root password needs to be changed for MYSQL.  I've found that the easiest way to do this is through Webmin.  Open your browser and login to webmin.  Go to the Servers tab and choose the MYSQL Database Server Option.
As we have just done a default install of MYSQL, we need to tidy this up first!#
Click on the test database.
On the Edit Database page click on the "Drop Database" button, then click Drop Database again on the next page.  This deletes the test database – you should just now be left with one database – mysql.  DO NOT delete this database!!!  (It will cause problems for the O/S if you do!).
Click on the User Permissions option.
You should see two anonymous users and two root users (one set for "localhost" and one set for the server FQDN).
Click on one of the anonymous users and then click delete.  Repeat for the other anonymous user.  This removes any anonymous access to the database server.
Click on the user "root" at host "localhost" and click the radio button for "password" to "set to.."  Enter a password that will be the root users password for the database server.  Do not make it the same as your root user password that you use to login to the server with!
When you click on "Save", you will effectively be disconnected from the database!  This is normal, as you've gone from using no password to using a password, so you will have to go back to the Webmin Index, click on MYSQL Database Server and login as root and the password that you've just entered.
Now repeat the password setting procedure for the other root user (at the server FQDN host).
When you click save, you will go back to the User permissions page – both of the encrypted password fields should match (if you used the same password for both, that is!).
Click save.
 
To create the necessary SQL database and tables, there is a script provided within the jabber installation files.
At a console, change to the jabber installation folder (in my case the file were under a subdirectory called "stuff").
[cd /stuff/jabber (and then press the tab key to fill in the rest of the filename automatically) {return}]
Then change to the "tools" directory [cd tools {return}].
Start a mysql console by typing [mysql –u root –p {return}]
A prompt will appear asking you for your password – this is the one that you changed in the webmin MYSQL interface to be the user "root" and host "localhost"
Type the password and press {return}
Now, at the mysql prompt (mysql>) type [\. db-setup.mysql {return}]
A series of "Query OK, 0 rows affected (0.01 sec)" messages should appear and take you back to the mysql prompt.
Note – if you check in the webmin mysql interface now, there should be a database called "jabberd2")
The next stage is to set up the jabber database user.  At this point, it's worth mentioning that it's probably easier (if not less typing intensive!) to set up the jabber database user using the console rather than the webmin interface.  However, either way is acceptable.  I prefer to setup a custom username and password for the jabber database user and change the jabber config files accordingly.
From the mysql console type [GRANT select,insert,delete,update ON jabberd2.* {return}]
The next bit of input (at a ">" prompt) is where you specify the jabber user and the password.  It's in the format "username@localhost" – which will be the username – and then the password….
Type [to username@localhost IDENTIFIED by 'password'; {return}]
Note that there are bits of case-sensitivity in here and also single quotes around the password.  Don't forget the semi-colon on the end either!!
Once that's done, type [quit] {return}] to exit the mysql console.
Once the mysql bits have been successfully set up, there only remains the configuration of the .xml files to do.
In a console session, change to the config file directory (/etc/jabberd) by typing [cd /etc/jabberd {return}].
Using a text editor (I use vi) to edit the .xml files [vi "filename".xml {return}].
The config files will need the following information
    Mysql username and password (i.e. jabberd & password)
    IP address of the server (i.e. 10.0.1.1)
    FQDN of the server (i.e. discovery.woodysnet.ath.cx)
The files are listed here - all of them will need to be edited!
c2s.xml
resolver.xml
router-users.xml
router.xml
s2s.xml
sm.xml
For a pictorial layout of the Jabber server components, click here.
Just a word about IP addresses... if you study the diagram for the Jabber Layout, you'll notice that the only components to actually get connections from outside of the Jabber server are the c2s, s2s and a "Foreign Gateway" component.  All of the other components "talk" to each other within the confines of the server they are loaded on. Therefore, if the Jabber server is to be installed on one server only (it is (apparently) possible to spread the components around several servers) as per the layout diagram, then it is marginally more secure to have the "internal" components using the loopback address (127.0.0.1).  The components that are accessed from the "outside" can have either the IP address of the server interface (i.e. 10.0.1.1) or be set to 0.0.0.0 - which means any IP address.  As my Jabber installation sits behind a firewall, I have used the interface IP address of the server for the "external" components.  The example files supplied below reflect this schema.
At the bottom of each section there is a link to an example config file.  The files will not work on their own - please download them and use them if you wish - however you will have to change the fiddly bits to suit your system!
We're going to start with the router-users.xml file as it is a) the smallest! and b) the information will have to be changed in each xml file to the information entered in this one.
This file is purely a file to supply a username and password for the jabber components to access the router.  The router being the heart of the server, please remember the spellings!  Yes - it's case-sensitive!!
Edit the file in the normal way and change the default username and password.
<users>
<user>
<name>jabberd</name> - for security reasons, change this default username to something else!
<secret>secret</secret> - change this default password for something else also!
</user>
</users>
That should be it (for the time being!) for router-users.xml.  Remember to save the file!!
router-users.xml example file.  Right-click on the file and choose "Save Target As.." to save the file.
The c2s.xml file handles client requests to the jabber server.
It is in here that the FQDN of the server needs to be specified, as does the MYSQL jabber user and password.
This is the router bit - change the username and password to the one you specified in router-users.xml.
Remember that the router is an "internal" component and does not need to have an "external" IP address, so we use the loopback address here of 127.0.0.1
<!-- Router connection configuration -->
<router>
<!-- IP/port the router is waiting for connections on -->
<ip>127.0.0.1</ip> <!-- default: 127.0.0.1 -->
<port>5347</port> <!-- default: 5347 -->
 
<!-- Username/password to authenticate as -->
<user>jabberd</user> <!-- default: jabberd -->
<pass>secret</pass> <!-- default: secret -->
The network configuration needs to be changed to reflect the FQDN of your server.
<!-- Local network configuration -->
<local>
<!-- Who we identify ourselves as. This should correspond to the
ID (host) that the session manager thinks it is. You can
specify more than one to support virtual hosts, as long as you
have additional session manager instances on the network to
handle those hosts. The realm attribute specifies the auth/reg
or SASL authentication realm for the host. If the attribute is
not specified, the realm will be selected by the SASL
mechanism, or will be the same as the ID itself. Be aware that
users are assigned to a realm, not a host, so two hosts in the
same realm will have the same users.
If no realm is specified, it will be set to be the same as the
ID. -->
<id>discovery.woodysnet.ath.cx</id>
<!-- <id realm='company'>localhost</id> -->
The next thing to do is to enter the IP address for the c2s file to listen on.  Remember this is an "external" component, in that Jabber clients connect directly to this component.  Therefore the IP address assigned here should be the interface IP address of your server.  In this example, it's 10.0.1.1.  Note that you can use the default (0.0.0.0) which means that the c2s component listens on all IP addresses.
<!-- IP address to bind to (default: 0.0.0.0) -->
<ip>10.0.1.1</ip>
And the last thing to do is to change the username and password for the mysql server database access.  This is the username and password that you set up either using webmin, or through a mysql console session.
<!-- MySQL module configuration -->
<mysql>
<!-- Database server host and port -->
<host>localhost</host>
<port>3306</port>
<!-- Database name -->
<dbname>jabberd2</dbname>
<!-- Database username and password -->
<user>datauser</user>
<pass>some-password</pass>
</mysql>
That should be it (for the time being!) for c2s.xml.  Remember to save the file!!
c2s.xml example file.  Right-click on the file and choose "Save Target As.." to save the file.
The resolver.xml file is another "internal" component that configures the router.xml component which in turn handles hostname resolution for s2s (server to server) communication.  The resolver.xml component only "talks" to the router.xml and therefore can have the loopback IP address - 127.0.0.1.
Leave the IP port as the default of 127.0.0.1
<!-- Router connection configuration -->
<router>
<!-- IP/port the router is waiting for connections on -->
<ip>127.0.0.1</ip> <!-- default: 127.0.0.1 -->
<port>5347</port> <!-- default: 5347 -->
This is the username and password that you've entered already in the router-users.xml file and provides authenticated access to the router.xml component.
<!-- Username/password to authenticate as -->
<user>jabberd</user> <!-- default: jabberd -->
<pass>secret</pass> <!-- default: secret -->
That should be it (for the time being!) for resolver.xml.  Remember to save the file!!
resolver.xml example file.  Right-click on the file and choose "Save Target As.." to save the file.
The router.xml component is another "internal" component.  The function of the router.xml component is to pass information between most of the other Jabber components and is probably the most important of the configuration files.
By default, the listening IP address for this component is set to 0.0.0.0, however, as this is essentially an "internal" component, I usually set the IP address to the loopback address - 127.0.0.1.
<!-- Local network configuration -->
<local>
<!-- IP address to bind to (default: 0.0.0.0) -->
<ip>127.0.0.1</ip>
The only other thing to change in this file is the Access Control List.  The Access Control List restricts who can access the router to pass data through it to the other components.  The username that you have defined in router-users.xml should be entered here, either under acl=all (which means that the user will have full access to the router.xml) or you can restrict the user to either have bind, default-route or log access only.  In the example here, "jabberd" is the user defined in router-users.xml and has been allocated full access to the router...
<!-- Access control information -->
<aci>
<!-- The usernames listed here will get access to all restricted
functions, regardless of restrictions further down -->
<acl type='all'>
<user>jabberd</user>
</acl>
That should be it (for the time being!) for router.xml.  Remember to save the file!!
router.xml example file.  Right-click on the file and choose "Save Target As.." to save the file.
The s2s.xml component is an "external" component that handles connections from other Jabber servers.  If you have a Jabber client on one server that wants to talk to another Jabber client on another (separate) server, then the two Jabber servers communicate with each other using the s2s component.  The s2s component routes data through the router component to the required Jabber server - and then on to the Jabber client.  As this is an "external" component, then the IP address assigned here should be either the interface of your server.  Note that you can use the default (0.0.0.0) which means that the c2s component listens on all IP addresses.
Leave the IP address as the loopback IP..
<!-- Router connection configuration -->
<router>
<!-- IP/port the router is waiting for connections on -->
<ip>127.0.0.1</ip> <!-- default: 127.0.0.1 -->
<port>5347</port> <!-- default: 5347 -->
This is the username and password that you've entered already in the router-users.xml file and provides authenticated access to the router.xml component.
 <!-- Username/password to authenticate as -->
<user>jabberd</user> <!-- default: jabberd -->
<pass>secret</pass> <!-- default: secret -->
The next thing to do is to enter the IP address for the c2s file to listen on.  Remember this is an "external" component, in that Jabber clients connect directly to this component.  Therefore the IP address assigned here should be the interface IP address of your server.  In this example, it's 10.0.1.1.  Note that you can use the default (0.0.0.0) which means that the c2s component listens on all IP addresses.
<!-- Local network configuration -->
<local>
<!-- IP and port to listen for incoming s2s connections on
(default: 0.0.0.0, 5269) -->
<ip>10.0.1.1</ip>
<port>5269</port>
That should be it (for the time being!) for s2s.xml.  Remember to save the file!!
s2s.xml example file.  Right-click on the file and choose "Save Target As.." to save the file.
Finally, the sm.xml component.  The sm.xml component is the Session Manager for Jabber and is an "internal" component.  The Session Manager acts as a layer between the router and the "external" components of Jabber - s2s and c2s.  This is again another important component!
This section defines what we are called on the network and is usually the FQDN (Fully Qualified Domain Name) of your Jabber server.  As other Jabber servers may wish to communicate with yours, this domain name needs to be accessible via DNS and available on the networks that you have.  If you are requiring internet-based Jabber servers to communicate with you, then this name must also be resolvable from the internet.
 <!-- Our ID on the network. Users will have this as the domain part of their JID. If you want your server to be accessible from other Jabber servers, this ID must be resolvable by DNS
(default: localhost) -->
<id>discovery.woodysnet.ath.cx</id>
Leave the IP address as the loopback IP..
<!-- Router connection configuration -->
<router>
<!-- IP/port the router is waiting for connections on -->
<ip>127.0.0.1</ip> <!-- default: 127.0.0.1 -->
<port>5347</port> <!-- default: 5347 -->
This is the username and password that you've entered already in the router-users.xml file and provides authenticated access to the router.xml component.
<!-- Username/password to authenticate as -->
<user>jabberd</user> <!-- default: jabberd -->
<pass>secret</pass> <!-- default: secret -->
Change the username and password for the mysql server database access.  This is the username and password that you set up either using webmin, or through a mysql console session.
<!-- MySQL driver configuration -->
<mysql>
<!-- Database server host and port -->
<host>localhost</host>
<port>3306</port>

<!-- Database name -->
<dbname>jabberd2</dbname>

<!-- Database username and password -->
<user>datauser</user>
<pass>some-password</pass>
Finally, this next section is to define who the system administrator is.  This is an important function of Jabber, as the system admin can control who has access to the Jabber server and can perform things like listing all online users, sending (broadcast) messages to users etc.  This is in the Access Control List format again as above.  Usually the system administrator user is called "admin", however it can be any username.  (And as we've created no users yet, it doesn't matter what it's called!!).
The "JID" (Jabber IDentity) of the user must follow the entries you have made in your c2s and sm components for the FQDN of your server.  So, if the FQDN of your server is discovery.woodysnet.ath.cx, then the user will be user@discovery.woodysnet.ath.cx.  In this example, the user is called "admin"...
<!-- Access control information -->
<aci>
<!-- The JIDs listed here will get access to all restricted
functions, regardless of restrictions further down -->
<acl type='all'>
<jid>admin@discovery.woodysnet.ath.cx</jid>
</acl>
That should be it (for the time being!) for router.xml.  Remember to save the file!!
sm.xml example file.  Right-click on the file and choose "Save Target As.." to save the file.


Park yourself in front of a world of choices in alternative vehicles.
Visit the Yahoo! Auto Green Center.

0 Comments: