Ejabberd has supported STUN/TURN for quite some time now, this in conjunction with client support can be used to implement one on one audio and video calls. Since version 2.8.0 Conversations Android client added audio and video call functionality by leveraging on STUN/TURN and XEP-0215. The rest of the XMPP world is following the route opened by them, so I expect to see IOS and regular computer XMPP clients to finally implement these new features too in the upcoming months. …

XMPP over TLS (formerly XEP-0368) is a clever mechanism that allows users to connect to a XMPP server from networks that restrict outgoing traffic only to specific ports; this block is circumvent by routing XMPP traffic via port TCP 443. If the server hosts only a XMPP server setting up XMPP over TLS is pretty easy, just instruct the server to listen on port 443. If the server also runs a webserver which is listening on port 443 things are a bit more complicated; luckily Nginx provides a way to manage XMPP traffic and redirect it to the XMPP server. …

XMPP module HTTP File Upload (formerly XEP-0363) provides a way to share files between XMPP clients, it works transparently and even in multi user chats. The sender uploads a file on an HTTP(S) server that will then generate an URI, this is sent to each one of the recipients that can then download it. The interesting bits about this XEP are various: File sharing now works even in multi-user chats (MUC), in any case the file is only uploaded a single time even if the recipients are more than one. …

CentOS repos (both official and EPEL) does not provide an up to date version of Ejabberd, installing from source is the only way if one want or need a version from this century. Problem is that doing things manually is a never ever a good idea, luckily Ansible and a bit of Python love come to rescue. Supposing Ejabberd is already installed and configured (I wrote a post on the subject a couple of years ago: https://uwot. …

Fail2ban is a useful tool capable of mitigating brute force attacks performed against a multitude of services (ejabberd in our case). Configuration is split between a multitude of files: jail.conf defines which filters are active while the filters scripts are placed in ./filter.d directory. [root@CentOS ~]# vi /etc/fail2ban/jail.conf --- bantime = 1200 findtime = 1200 maxretry = 10 backend = auto [ejabberd-auth] enabled = true port = 5222,5280,7777 action = iptables-multiport[name=ejabberd, port="5222,5269,5280,777", protocol=tcp] logpath = /var/log/ejabberd/ejabberd. …

Ejabberd XMPP server includes a SOCKS5 proxy, setting it up correctly is what makes the difference between fast or very slow file transfer operations. As per XEP-0065 file transfer is either peer-to-peer or mediated by a proxy server. In Conversation peer-to-peer transfer is done by converting the file in base64, split it in 4 kb chunks sent one at the time always awaiting first for the ACK of the precedent one; this makes the whole process painfully slow and bandwidth consuming. …

I will be keeping this post up to date to keep track on how to configure and mantain an ejabberd server working efficiently and secure. I strongly advise any reader to read carefully what is written here and not just copy-and-paste the configuration file. My blog also contains a bunch of other posts regarding ejabberd that are worth giving a look at, use the search form. Server CentOS 7.5.1804 x86_64 Erlang/OTP 21. …