XMPP module HTTP File Upload (formerly XEP-0363) provides a way to share files
between XMPP clients, it works transparently and even in multi user chats.
The sender uploads a file on an HTTP(S) server that will then generate an URI, this is sent to each one of the recipients that can then download it.
The interesting bits about this XEP are various:
1. File sharing now works even in multi-user chats (MUC), in any case the file is only uploaded a single time even if the recipients are more than one.
2. Peer-to-peer file transfer, be it in-band (XEP-0234: Jingle File Transfer) or out-of-band (XEP-0065: SOCKS5 Bytestreams), is slow, unreliable, does not work in MUC and does not work if the recipient is offline.
HTTP File Upload supports both client-server encryption (HTTPS) and end-to-end encryption when used in conjunction with OMEMO encryption (as per today this is supported by Conversations on Android and Gajim desktop client).
3.1. When using OMEMO encryption the files are stored encrypted on the server, this makes it impossibile for ejabberd to create a thumbnail if the file sent is a picture.
To enable HTTP File Upload module with HTTPS enabled in ejabberd edit ejabberd.yml configuration file: >
listen: - port: 5443 ip: "0.0.0.0" module: ejabberd_http request_handlers: "upload": mod_http_upload tls: true protocol_options: 'TLS_OPTIONS' dhfile: 'DH_FILE' ciphers: 'TLS_CIPHERS' modules: mod_http_upload: docroot: "/home/ejabberd/upload" # this must be a valid path, user ownership and SELinux flags must be set accordingly put_url: "https://@HOST@:5443/upload" access: local max_size: 25000000 #25 MByte thumbnail: false file_mode: "0644" dir_mode: "0744" mod_http_upload_quota: max_days: 2 shaper: soft_upload_quota: - 250: all # MiB hard_upload_quota: - 10000: all # MiB define_macro: 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" 'TLS_OPTIONS': - "no_sslv2, no_sslv3, no_tlsv1" - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" - "no_compression" 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096
Add an iptables rule to allow traffic coming from port 5443:
$ INPUT -p tcp -m state --state NEW -m tcp --dport 5443 -j ACCEPT
Reload ejabberd service and manually force reconnection in Conversations to be sure HTTP File Upload module is actually being used.