Log in

No account? Create an account
My new JID, or how to run DJabberd on Debian - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

My new JID, or how to run DJabberd on Debian [May. 14th, 2006|11:48 am]
Brad Fitzpatrick

Now that s2s is secure and memory leaks are fixed, I'm now running djabberd on my personal server/domain.

My new canonical instant messaging JID is now brad@fitzpat.com . Chat me up. (if you're using something which uses Jabber for IM interop, which includes Google Talk and I think Gizmo too....)

If you want to run this yourself on Debian, here's a short guide:
$ wget http://danga.com/debs/libdanga-socket-perl_1.51-1_all.deb
$ wget http://danga.com/debs/libsys-syscall-perl_0.1-1_all.deb
$ sudo dpkg -i libsys*.deb libdanga*.deb
$ sudo apt-get install openssl libdbd-sqlite3-perl \
 libnet-ssleay-perl libnet-dns-perl libdigest-sha1-perl \
 libxml-sax-perl libxml-libxml-perl liblog-log4perl-perl 
 subversion libdigest-hmac-perl

$ svn co http://code.sixapart.com/svn/djabberd/trunk/ djabberd
$ cd djabberd
$ openssl req -x509 -newkey rsa:1024 -keyout server-key.pem \
         -out server-cert.pem -days 365 -nodes
$ htdigest -c djabberd.users djabberd [your-username-without-at-sign]
(enter password twice)

Make a conf file. mine is:
$ cat fitzpat.conf
OldSSL  enable
<VHost fitzpat.com>
  S2S enable
  RequireSSL yes
  <Plugin DJabberd::Authen::HTDigest>
     Realm djabberd
     HtDigest /home/bradfitz/djabberd/djabberd.users
  <Plugin DJabberd::RosterStorage::SQLite>
     Database /home/bradfitz/djabberd/fitzjabber.sqlite
Then run it:

$ ./djabberd --conf=fitzpat.conf

Or daemonize it with --daemon|-d.


[User Picture]From: ydna
2006-05-14 08:05 pm (UTC)
Zoiks. Can't wait until tonight to play with this.
(Reply) (Thread)
[User Picture]From: mart
2006-05-14 08:21 pm (UTC)

Aside from setting up SSL and HTDigest I'd already done all this, but it does seem to be working now. When I get a moment I think I'll have to write a tool to import my roster from jabberd 1.4 so I don't have to add everyone again…

(Reply) (Thread)
[User Picture]From: dormando
2006-05-14 08:43 pm (UTC)
dormando@rydia.net :)

Super easy! Used htdigest from apache 2.2.0, rest is just debian sarge.

Will play with it more later today, but I'm going to sit around online.
(Reply) (Thread)
[User Picture]From: dormando
2006-05-14 08:43 pm (UTC)
Oh, guess I should add that it took just over two minutes to start it up and get connected via gaim :) Including adjusting my firewall rules.
(Reply) (Parent) (Thread)
[User Picture]From: joshuak
2006-05-14 09:09 pm (UTC)
Yay! It's easy to set up, however, it doesn't really work in daemon mode (r274). It gives a Policy Violation when I try to log in. Any ideas? (I'll look into it soon myself and see if I can come up with something.)
(Reply) (Thread)
[User Picture]From: brad
2006-05-14 09:11 pm (UTC)
You have it set to require SSL (that's our only policy violation we return), and when it daemonizes it can't find the *.pem files you made, since it only looks in the current directory, which is now "/". There's an item in the TODO about this, to make SSL configurable and make paths be relative to something and more sane.
(Reply) (Parent) (Thread)
[User Picture]From: userunknown
2006-05-15 12:21 am (UTC)
Did you ever see my email about the regex for jids?

I'm sure you'll figure it out for yourself once someone with a '.' in their name sends you a message and djabbered borks :-)
(Reply) (Thread)
[User Picture]From: brad
2006-05-15 01:05 am (UTC)
Replied. Sorry, hadn't updated my mail rules.
(Reply) (Parent) (Thread)
[User Picture]From: userunknown
2006-05-15 02:05 pm (UTC)

I wrote a HTBasicProxy auth module that lets you authenticate against a web server.., think anyone would find it useful?
(Reply) (Thread)
[User Picture]From: brad
2006-05-15 04:17 pm (UTC)
We plan to have an Auth::Simple option available, which gives us about 40 different auth options, including against a webserver, so we can just wait and get it then, or if you feel motivated and need it now, you could build it.
(Reply) (Parent) (Thread)
[User Picture]From: scsi
2006-05-15 03:41 pm (UTC)
s/rs:1024/rsa:1024/ in the key generation thingy above.
(Reply) (Thread)
[User Picture]From: ydna
2006-05-15 09:58 pm (UTC)
It only took a few minutes to get it all setup. That was sweet. Damn that is cool.
(Reply) (Thread)
[User Picture]From: nhaines
2006-05-21 06:50 am (UTC)

Works great for me!

I read zero docs and just followed the little recipe here. I'll read docs in the morning (maybe ;)). Anyhow, I set up a quick server install of Ubuntu Dapper.

It works perfectly. The only trouble I had was dialback authentication with Google Talk, and that ended once I set my virtual server in my router's DMZ.

Thanks for all the work you put into the server. I wish I programmed and could help out, but as a puny end-user I hope some positive feedback will do. :)
(Reply) (Thread)
[User Picture]From: jwz
2009-06-04 05:10 pm (UTC)
Since LJ can't seem to keep their Jabber server up any more, I was trying to install this. CPAN has 0.84 but doesn't know about DJabberd::Authen::HTDigest. What am I missing?
(Reply) (Thread)