| My new JID, or how to run DJabberd on Debian |
[May. 14th, 2006|11:48 am] |
Now that s2s is secure and memory leaks are fixed, I'm now running djabberd on my personal server/domain.
My new canonical instant messaging JID is now brad@fitzpat.com . Chat me up. (if you're using something which uses Jabber for IM interop, which includes Google Talk and I think Gizmo too....)
If you want to run this yourself on Debian, here's a short guide:
$ wget http://danga.com/debs/libdanga-socket-perl_1.51-1_all.deb
$ wget http://danga.com/debs/libsys-syscall-perl_0.1-1_all.deb
$ sudo dpkg -i libsys*.deb libdanga*.deb
$ sudo apt-get install openssl libdbd-sqlite3-perl \
libnet-ssleay-perl libnet-dns-perl libdigest-sha1-perl \
libxml-sax-perl libxml-libxml-perl liblog-log4perl-perl
subversion libdigest-hmac-perl
$ svn co http://code.sixapart.com/svn/djabberd/trunk/ djabberd
$ cd djabberd
$ openssl req -x509 -newkey rsa:1024 -keyout server-key.pem \
-out server-cert.pem -days 365 -nodes
$ htdigest -c djabberd.users djabberd [your-username-without-at-sign](enter password twice)
Make a conf file. mine is:$ cat fitzpat.conf
OldSSL enable
<VHost fitzpat.com>
S2S enable
RequireSSL yes
<Plugin DJabberd::Authen::HTDigest>
Realm djabberd
HtDigest /home/bradfitz/djabberd/djabberd.users
</Plugin>
<Plugin DJabberd::RosterStorage::SQLite>
Database /home/bradfitz/djabberd/fitzjabber.sqlite
</Plugin>
</VHost>Then run it:
$ ./djabberd --conf=fitzpat.conf
Or daemonize it with --daemon|-d.
Enjoy. |
|
|
| Comments: |
![[User Picture]](http://l-userpic.livejournal.com/996772/447266) | From: ![[info]](http://l-stat.livejournal.com/img/userinfo.gif) ydna
2006-05-14 08:05 pm (UTC)
| (Link)
|
Zoiks. Can't wait until tonight to play with this.
![[User Picture]](http://l-userpic.livejournal.com/34474992/3171) | From: mart
2006-05-14 08:21 pm (UTC)
| (Link)
|
Aside from setting up SSL and HTDigest I'd already done all this, but it does seem to be working now. When I get a moment I think I'll have to write a tool to import my roster from jabberd 1.4 so I don't have to add everyone again…
dormando@rydia.net :)
Super easy! Used htdigest from apache 2.2.0, rest is just debian sarge.
Will play with it more later today, but I'm going to sit around online.
Oh, guess I should add that it took just over two minutes to start it up and get connected via gaim :) Including adjusting my firewall rules.
Yay! It's easy to set up, however, it doesn't really work in daemon mode (r274). It gives a Policy Violation when I try to log in. Any ideas? (I'll look into it soon myself and see if I can come up with something.)
![[User Picture]](http://l-userpic.livejournal.com/54541970/2) | From: brad
2006-05-14 09:11 pm (UTC)
| (Link)
|
You have it set to require SSL (that's our only policy violation we return), and when it daemonizes it can't find the *.pem files you made, since it only looks in the current directory, which is now "/". There's an item in the TODO about this, to make SSL configurable and make paths be relative to something and more sane.
Did you ever see my email about the regex for jids?
I'm sure you'll figure it out for yourself once someone with a '.' in their name sends you a message and djabbered borks :-)
| From: brad
2006-05-15 01:05 am (UTC)
| (Link)
|
Replied. Sorry, hadn't updated my mail rules.
s/rs:1024/rsa:1024/
I wrote a HTBasicProxy auth module that lets you authenticate against a web server.., think anyone would find it useful?
| From: brad
2006-05-15 04:17 pm (UTC)
| (Link)
|
We plan to have an Auth::Simple option available, which gives us about 40 different auth options, including against a webserver, so we can just wait and get it then, or if you feel motivated and need it now, you could build it.
![[User Picture]](http://l-userpic.livejournal.com/36951816/24078) | From: scsi
2006-05-15 03:41 pm (UTC)
| (Link)
|
s/rs:1024/rsa:1024/ in the key generation thingy above.
| From: ydna
2006-05-15 09:58 pm (UTC)
| (Link)
|
It only took a few minutes to get it all setup. That was sweet. Damn that is cool.
![[User Picture]](http://l-userpic.livejournal.com/20439798/542249) | From: nhaines
2006-05-21 06:50 am (UTC)
Works great for me! | (Link)
|
I read zero docs and just followed the little recipe here. I'll read docs in the morning (maybe ;)). Anyhow, I set up a quick server install of Ubuntu Dapper.
It works perfectly. The only trouble I had was dialback authentication with Google Talk, and that ended once I set my virtual server in my router's DMZ.
Thanks for all the work you put into the server. I wish I programmed and could help out, but as a puny end-user I hope some positive feedback will do. :)
![[User Picture]](http://l-userpic.livejournal.com/5887295/515656) | From: jwz
2009-06-04 05:10 pm (UTC)
| (Link)
|
Since LJ can't seem to keep their Jabber server up any more, I was trying to install this. CPAN has 0.84 but doesn't know about DJabberd::Authen::HTDigest. What am I missing? | |
