Ejabberd has supported STUN/TURN for quite some time now, this in conjunction with client support can be used to implement one on one audio and video calls. Since version 2.8.0 Conversations Android client added audio and video call functionality by leveraging on STUN/TURN and XEP-0215. The rest of the XMPP world is following the route opened by them, so I expect to see IOS and regular computer XMPP clients to finally implement these new features too in the upcoming months. Enabling audio and video calls in Ejabberd is actually pretty simple. Provided you have installed the latest release (version 20.04), edit ejabberd.yml: …

Android stores application’s data in /data/data directory, it can be accessed via adb only on a rooted phone. To make a backup copy the correspondent directory: $ adb root $ adb pull /data/data/eu.siacs.conversations Application’s data can also be extracted from a full system backup made with TWRP: $ tar -xvf data.ext4.win000 Restoring the backup is the tricky part since Android uses SELinux and every app has it’s own unix user. Before copying back on the phone the already backupped files reinstall the app from f-droid or whatever, then proceed as follow: …

XMPP module HTTP File Upload (formerly XEP-0363) provides a way to share files between XMPP clients, it works transparently and even in multi user chats. The sender uploads a file on an HTTP(S) server that will then generate an URI, this is sent to each one of the recipients that can then download it. The interesting bits about this XEP are various: File sharing now works even in multi-user chats (MUC), in any case the file is only uploaded a single time even if the recipients are more than one. Peer-to-peer file transfer, be it in-band (XEP-0234: Jingle File Transfer) or out-of-band (XEP-0065: SOCKS5 Bytestreams), is slow, unreliable, does not work in MUC and does not work if the recipient is offline. HTTP File Upload supports both client-server encryption (HTTPS) and end-to-end encryption when used in conjunction with OMEMO encryption (as per today this is supported by Conversations on Android and Gajim desktop client). 3.1. When using OMEMO encryption the files are stored encrypted on the server, this makes it impossibile for ejabberd to create a thumbnail if the file sent is a picture. To enable HTTP File Upload module with HTTPS enabled in ejabberd edit ejabberd.yml configuration file: > listen: - port: 5443 ip: "0.0.0.0" module: ejabberd_http request_handlers: "upload": mod_http_upload tls: true protocol_options: 'TLS_OPTIONS' dhfile: 'DH_FILE' ciphers: 'TLS_CIPHERS' modules: mod_http_upload: docroot: "/home/ejabberd/upload" # this must be a valid path, user ownership and SELinux flags must be set accordingly put_url: "https://@HOST@:5443/upload" access: local max_size: 25000000 #25 MByte thumbnail: false file_mode: "0644" dir_mode: "0744" mod_http_upload_quota: max_days: 2 shaper: soft_upload_quota: - 250: all # MiB hard_upload_quota: - 10000: all # MiB define_macro: 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" 'TLS_OPTIONS': - "no_sslv2, no_sslv3, no_tlsv1" - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" - "no_compression" 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096 Add an iptables rule to allow traffic coming from port TCP 5443: …

Ejabberd XMPP server includes a SOCKS5 proxy, setting it up correctly is what makes the difference between fast or very slow file transfer operations. As per XEP-0065 file transfer is either peer-to-peer or mediated by a proxy server. In Conversation peer-to-peer transfer is done by converting the file in base64, split it in 4 kb chunks sent one at the time always awaiting first for the ACK of the precedent one; this makes the whole process painfully slow and bandwidth consuming. The other file transfer method supported by Conversation is defined by XEP-0234 (or Jingle file transfer) which relies on a SOCKS5 proxy and also allow to negotiate parameters like encryption. Ejabberd configuration: …

I will be keeping this post up to date to keep track on how to configure and mantain an ejabberd server working efficiently and secure. I strongly advise any reader to read carefully what is written here and not just copy-and-paste the configuration file. My blog also contains a bunch of other posts regarding ejabberd that are worth giving a look at, use the search form. Server CentOS 7.5.1804 x86_64 Erlang/OTP 21.1.1-1 x86_64 ejabberd 18.09 Client LineageOS 15.1 (Android Nougat) Conversations 2.3.5+fcr .:. Installation and initial configuration Download and install erlang (release numbers here may not be up to date): …