Jabberd 1.4.x Administrator Wizard
Copyright © 1999 - 2004 THE JABBER MANUAL TEAM
Chinese translation: flying in the wind
Overview
This article will introduce how to 1.4.x Jabberd server installation, configuration, and management.
Introduction
The JabberD server is the first open source server that implements the Jabber communication protocol, and is also the most popular Jabber communication implementation in the company or public IM service. However, there are many other Jabber servers implementations, including many open source projects and commercial versions. As a organization where the Jabber protocol is managed, the Jabber Software Foundation (JSF) does not distinguish between different Jabber. At the same time, JSF recognizes that most Jabber servers start from using the Jabberd server, JSF also tries to promote Jabber technology through how to install, configure, manage Jabberd servers through documentation.
In order to support relevant Jabberd, the administrator is encouraged to subscribe to Jadmin Mailing List (Archive). For more information on Jabber, please visit the homepage of the Jabber Software Foundation http://www.jabber.org/.
background
The Jabber project is provided by Jeremie Miller in 1998 for free, open source projects for IM services to AIM, ICQ, MSN, Yahoo. In January 1999, the Jabber project has attracted the public's attention in Slashdot. The core of the Jabber project is usually a Jabberd server, and a modular server written with C, the modular server of the GNU's PTH thread library. After more than a year, Jabberd 1.0 is released in May 2000. The 1.2 version of the transition is released in October 2000, which released a 1.4 version in January 2001, issued 1.4.1 version in April 2001, released 1.4.2 version in February 2002, released 1.4 in November 2003. 3 version.
While developing the Jabberd 1.4.x version, Jabberd 2 has also been developed and has the first stable version in December 2003. Jabberd 2 has almost rewritten all code, such as SQL support.
The Target of the Jabberd 1.4.x server is to fully follow the XMPP protocol established by the Jabber Software Foundation. However, the XMPP protocol itself is a new standard, and jabberd1.4.3 does not support some XMPP functions. However, it is still able to connect to the server and client supporting the XMPP protocol.
core function
In general, a Jabber server needs to provide the following features:
l Accept the TCP socket connection of the client and server components compatible with the Jabber protocol.
l Handle the XML stream from these clients and server components.
l Forward the core Jabber data type (
l Conserver and connected client (usually IM users) session information.
l If necessary, establish a connection to other Jabber servers and accept connections from other Jabber servers, then routing data to other Jabber servers.
l Saving the components, especially the IM user, including the contact list of each user, and the parameters of some clients.
Other features - such as multi-user chat, user guide, and collaboration with traditional IM systems (AIM, ICQ, MSN, Yahoo), not with the core message system and presence feature of the Jabber server, so it will not be Mention. If your Jabber server needs to add these features, check the Jabber Component Wizard (http://jabberd.jabberStudio.org/1.4/doc/componentguide) Get relevant information. Prepare to configure your Jabber
Before installing any software, especially the web-based software like the Jabber server, confirm your needs, and plan your configuration is very important. Jabber servers are generally used in a variety of environments, including:
l Small Development Group
l Small and medium-sized enterprise internal network
L University
l web page-based community
l Internet service provider
l Large company internal network
How do you use your Jabber server to determine hardware configuration, such as operating system, bandwidth, network configuration, firewall, security, database connection, and more. You first have to decide to run your Jabber server on what operating system. Jabber servers are designed and developed for Linux and other types of UNIX systems (including AIX, Solaris, HP-UX, BSD, Mac OS X). When the Jabberd server does not work in Windows, it is not recommended to use under Windows. (This document will not be designed to see the Windows section).
In addition, the bandwidth you want to provide is also very important. Do you need a simple point-to-point message and presence? Still also need multiple user groups? Do you want to build a user's directory on your server? Do you want your Jabber server user with traditional IM services such as AIM, ICQ, MSN, Yahoo interconnect? The default Jabberd installation does not provide these services, and additional components must be used. While improving the user experience, you also make your configuration more complicated and manage more difficult. (For details, see "Jabber Component Wizard").
Finally, consider how to integrate Jabber with existing network systems and information sources. For example, you want to guarantee that no one Jabber username is consistent with their email address or the network username. Or you need to use an existing user database for authentication (such as your company's LDAP database), not the default file system storage. Your demand here will result in an additional complexity problem.
System Requirements
This section describes how to define system requirements that run the Jabber server.
operating system
The Jabberd server is mainly developed and configured under GNU / Linux, and has been tested on many other UNIX operating systems. 1.4.x version of Jabberd can run in the following operating system:
l AIX
l freebsd
l HP-UX
l Irix
l Linux
l Mac OS X
l NetBSD
l OpenBSD
l Solaris2.6, 7, 8
Appeals a non-Linux operating system is not as wide as Linux, so it is possible (also may not necessarily) install some trouble on other UNIX systems. The needs and descriptions known to each operating system are mentioned herein. In general, non-GNU's UNIX operating system requires a GNU to replace your Make programming system with your operating system. Using the GNU's Make can solve the problems that most of which can be encountered on the non-GNU operating system. Note: This article does not involve jabberd1.4.x under Windows.
hardware
Your hardware configuration is determined on your number of users. According to the author's experience, the main Jabberd configuration is generally used in small projects, and the company's internal internet server, development platform, etc., has approximately 100 to 1000 registered users. Since the basic 50% of users do not online (such as Jabberd servers running on Jabber.org usually only 2% registered user online), we can probably expect possible maximum online people on your Jabberd to be 500. For this configuration, the hardware requires a minimum of 512M RAM's Pentium-level processor.
If you make a large capacity configuration, you need to do some judgments. After the test, when the Jabberd server has up to 10,000 users simultaneously, Jabberd is designed as an experimental concept, not a server that provides an industrial intensity of industrialization for the Internet service provider. For example, according to the operating system you use, you may need to modify the operating system level to set the number of concurrent TCP connections, or the number of files (in Linux, in the PROC settings, the default file open limit is limited 1024). Because large configuration exceeds the range of use of most Jabber server configuration, this article will not be discussed, although I want to add more about zoom server configuration in the future revision.
software
Jabberd1.4.x Server requires the following software:
l GNU PTH thread library. If you are not manual installation, you can find its library from your UNIX system, don't forget the header file of the installation library. To know, jabber1.4.2 is incompatible with GNY PTH> 1.4.0 (server-server connection will fail)! Jabber1.4.3 is not affected, working well under GNU PTH1.4.0, 1.4.1 and 2.0.
l Gnu make gnu make is a standard part of all GNU / Linux operating systems, but must be installed separately on non-GNU systems (such as FreeBSD, Solaris), unlike GNU Pth, you must install GNU Make yourself (Jabberd does not install automatically ).
l OpenSSL is optional. However, if you want the client to connect your server via SSL, you must install OpenSSL before installing jabberd1.4.x.
bandwidth
In the case of ordinary use, a Jabber server requires approximately 15 bits per second with users per connection. This means that a server that supports 1000 concurrent users need to consume about 15kbs, and 10000 concurrent users need to consume bandwidth of 150kbs to so. Note that this is for concurrent users. It is not a registered user (the number of concurrent users is determined on your configuration. For service providers, the general average will not exceed 5% of the number of registered users, for a business, generally less than 50 % Registered users). According to this, your configuration is developed.
DNS
Here, there will be a more detailed introduction, you might want to configure your Jabberd server to run a completely legitimate domain name (FQDN, for example, jabber.mydomain.org - not localhost, jabberv.mycompany.Inet or IP address) . This subdomain name for your Jabberd is also true (such as a Jabber User Directory or Conference Service on your Jabber server). Therefore, you may ask your system administrator to add your hostname and all related subdomains to your domain DNS table. Port and firewall
The IANA task believes that the Jabber service requires two ports: a port provides a client-to-server communication (5222 port), a communication providing server to the server (5269 port). If you want the Jabber client to connect to your server, you need to make sure that the TCP communication of the 5222 port is open. If you want your Jabber server user to send messages to users of other Jabber servers, you need to ensure that the TCP communication of the 5269 port is open to the connection. Also, if you want to install the gateway of other IM systems, you need to open other ports to correspond to the system. Check out the documentation of the reable or other gateway software you want to install, get detailed information for the port you need to develop (such as the MSN gateway requires 1863).
Some Jabber servers are configured in a company's internal internet or behind a firewall. If you don't want to open your server to other Jabber servers outside your organization, you may of course think of to open any port. In some cases (such as employees with remote office), you may want to open the standard Jabber client port 5222 (or 5223 port of SSL connection) so that the external user of the firewall can be created to your server. connection. Also, if you want the user on your server to communicate with the user of the external server, you need to open the standard Jabber server port 5269 to create a server to the server. A more complex configuration can be equipped with a server behind the firewall, a server on the DMZ to the external user, and the two servers build a trusted server to the server channel on the 5269 port.
If you have a firewall between the Jabber server and all users on your server, ensure your firewall's timeout settings and Jabber consistent. Jabber users are connected to the server using long TCP socket connections on the 5222 port, which is important to understand this. Because the TCP socket is established in the user with the server, the firewall's optimized timeout process for HTTP communication may disconnect the JABBER user.
Quick installation
1. Ensure that you have installed GNU Pth.
2, get Jabberd source code from Jabberd's homepage
3, Untar (decompressed), ./configure ,make
4, start JABBERD: JabberD / Jabberd -h JabberSerRhostName usually, you need to enter the host name in the Jabberd configuration file, but Jabber: cmdline makes it possible to enter parameters through the command line.
5. Use your favorite Jabber client to register your server.
Continue if you encounter a problem.
Server installation
1.4.x version of the Jabberd server can be downloaded from http://jabberd.jabberStudio.org/1.4/, which includes any Builds (Solaris Builds, RPMS, DEBS, etc.) based on different platforms. Again Please note that only the Jabber server core code - additional components can be placed in any other place (see "Component Management Wizard"). Because some server administrators encountered some problems when other Builds and Jabber servers are distributed, we recommend that the server is started from the source code. This only needs to download the Jabberd 1.4.x TAR package (.tar.gz) to install, follow the following:
1, save files to / tmp / (or other directory).
2. Open a console window and create a directory, establish Jabberd in this directory. We assume that the path is / path / to / jabber / (a typical path / usr / local / jabber /). Note: You may need to log in to root or use the SU name to create this directory.
3, enter mv /tmp/jabber-1.4.3.tar.gz / path / to / jabber /
4, enter CD / PATH / TO / JABBER /
5, enter gzip -d jabberd-1.4.3.tar.gz
6. Enter TAR-XVF Jabberd-1.4.3.tar (this will create a directory of Jabber-1.4.3, including various files and subdirectories).
7, enter CD Jabberd-1.4.3 /
8, enter ./configure Safety Notice If you want the client to connect to your server via SSL, you must compile the server with a command ./configure-enable-ssl (At the same time, note if you have a slave source code server, you can't Use the server in SSL mode).
9. Enter your Make Operating System Note If you are running in Solaris or other non-GNU systems, you must use GNU Make without your own Make version, with GMAKE instead of Make.
Jabberd1.4.3 software is now installed on your machine. If you encounter a problem when installing the software, please go to Jadmin Mailing List (Archive). If you write an email, please confirm if you contain detailed information (including configuration files) for your Jabberd installation, your operating system, related software versions, and more.
Inspection point # 1
Now is a good time to check the Jabber that is installing and running on your machine. We don't have a functional test of the safety of the security here, just tell the successful installation process. Follow these steps to test your installation:
1. Open a console, enter CD / Path / To / Jabber / (ie, you install the Jabberd path).
2. Enter ls -l jabberd / jabberd to display the permissions of the JABBER background program. Your console display should be similar below: -rwxr-xr-x 1 User group 675892 Feb 25 2002 Jabberd / Jabberd
3, enter ./jabberd/jabberd to launch the Jabber background program so that the server will start with the default hostname. You will see such a line of output on your console: 20020923T02: 50: 26: [notice] (-internal): Initializing Server If you get an error in "Unable to Listen On (Port), please confirm if there is Other programs run in these ports. The NetStat -LTP command allows you to get a back-end program list. When you try to start the server, you may see an error that tells you "Configuration Parsing Using Jabber.xml Faled". There are two reasons for this problem. First, the file you specified does not exist, the solution is to enter ./jabberd/jabberd -c /path/to/jabber.xml Specifies the full path to your profile. Another reason is that the file exists, but there is an XML error, the solution is to check your XML (you can paste your complete Jabber.xm to XML Syntax Checker on XML.com). 4. Open a separate console window on the same machine, enter Telnet localhost 5222 to connect your server (right, you can connect your server by using simple and old Telnet!). You will see the following information:
Trying 127.0.0.1 ...
Connected to Your-Machine-Name.
Escape Character is '^]'.
5. Now open an XML stream on your server, paste the XML to your Telnet window on the bottom:
TO = 'localhost' XMLns = 'Jabber: Client' XMLns: stream = 'http: //etherx.jabber.org/streams'> You will immediately receive a reply from your server congratulations! Your Jabber server is working properly! 6. Paste the following XML: to your Telnet window to close the stream. 7. The server is stopped by killing the process or entering the window input ^ C in the window of the service background program. basic configuration The Jabberd server is now installed, you can check if it can run on your system. Below, we will take two steps to verify the server even if the message function is 1. Configure the host name of the server. 2. Create a spool directory that stores XML. Details of these two steps will be discussed below. Once you have passed these two steps, we will pass another test point, so you will be able to check if all programs work. Configure the host name Change the Jabberd configuration by editing a file called Jabber.xml, this file is stored in your / path / jabber / Directory. The Jabber.xml file contains a lot of content, which will help you understand every detail of the configuration. However, now we need to change the host name. Open Jabber.xml with your favorite text editor (vi, emacs, etc.), Edit the following rows: You need to decide your host name of your Jabber server. It is highly recommended to use a completely legal domain name (FQDN) in the DNS list on the open Internet. This ensures all functions available and stable. If you don't have permissions to the DNS server, you can use a DNS service of a dynamic domain name. Note Once the host name is determined, and people start registering your server, changing the host name of the server will bring a lot of trouble to administrators and users. So a wise practice is to choose the host name when starting, and then use it. To configure the host name of your Jabber server, you only need to replace all "localhost" in the configuration file with "jabber.mycompany.com" or any name you like, and then save your modification of Jabber.xml. A deeper discussion with DNS (some special configurations) can be seen in the following contents. File system settings As mentioned above, one of the core functions of the Jabber server is to save user-related information. This information includes the user's authentication information (username, password), and a list of contacts (called the "Romo" in Jabber), sometimes this information also includes the user's VCARD and various client parameters. By default, this information is stored in a / path / to / jabber / spool / sub-directory of the file system and must match the host name you configured before. Therefore, if you want to make Jabberd to operate with host names such as Jabber.Mycompany.com, you must create a list of /Path/to/jabber/spool/jabber.mycompany.com/. In addition, the Jabberd process running the Jabber background program must be read and write permissions to this directory. Once you have made these, the Jabber background program can save an XML file for each registration to your server under this path (name "UserName.xml"). OK, now it is time to test your basic configuration. Inspection point # 2 Because you have already configured the host name of the server, you have established an XML storage area, you can now test something that can't be tested in the test point # 1: (1) Connect from another machine; (2) Register an account; (3) Send a message to another user. To test, we will use the Telnet client again to help you understand the XML sent to the server. 1. In the / path / to / jabber / directory, enter ./jabberd/jabberd -d Start Jabber service in debug mode. You will see many line debug information in your console window. If you encounter the "Unable to Listen On (Port)" error, please confirm that there is no other background program in these ports to run, netstat -ltp can give you a background list of a background program Note that now you have given your host configuration. A complete domain name, maybe you will receive an error, tell you "Jabberd IS Unable to Listen on Port 5222 and 5269". For this error, you need to configure your server to bind a fixed IP address. First, change 3. Paste the following XML to your Telnet window, open an XML stream on your server. Use your configuration to start Jabberd's host name to replace "YourHostName". XMLns = 'Jabber: Client' XMLns: stream = 'http: //etherx.jabber.org/streams'> You will immediately receive a reply from your server: note If you disconnect the connection here, check your Telnet's hostname and you are consistent in the Jabber configuration file, and your host name in the "from" tab in the above XML. The Jabber protocol is very good when receiving the host name - it needs to support its virtual host name. 4. Send the following XML, will find information you need to register on this server: You will receive the following reply, tell you to register on this server to provide a name, email address, user name, password: Note If you disconnect the connection here, verify that the XML you entered in the fourth step is the same (for example, you may be in the third step and fourth step in the Telnet part in the third step. There is no shutdown or reopen the Telnet). Confirm that the host in your telnet is configured in a jabberd.xml file (each hostname must support lowercase letters). Note that Debian Woody's Jabber package is broken, you must run MOD_AUTH_PLAIN to run. 5, then send your registration information to the server: The server will tell you the certification information you need: note If you don't see 7. You can choose "Password" or "Digest" for your password. For the sake of simplicity, we will use it. You must specify a "resource" for this connection. This way we will send the following XML: The server will send us the following XML, indicating that the authentication is successful: 8. Finally, send Presence to the server, let it know that you can receive a message online: The server will be sent immediately to a welcome message below: Welcome to the Jabber Server At Localhost - WE Hope you enjoy this service! for Information About How to use jabber, Visit the Jabber User's Guide at http://docs.jabber.org/ If you need, you can modify the Welcome message content by modifying the text in the 9, then repeat steps 3 through 8 on another machine (guarantee the username of another non-"Jabberuser"). If your host name and DNS configuration are correct, the performance on another machine should be exactly the same as the performance on your previous machine. When you complete all your operations, send the following XML stream from your second Telnet window: You will receive the same XML as your first Telnet window, and you will add one in the place where the sender's Jabber ID is displayed. ". congratulations! Your Jabber server is working well! Note that when you send a message, you may see an error prompt "Sending Name Is Invalid". This is a DNS error. Ensure that you can ping from the host name of your Jabber server from the network, tell your network administrator, your server's host name requires a valid DNS entry. In addition, you may need to add one entry to the host name in the / etc / hosts file on your machine. 10. Now you have passed the music checkpoint # 2 music, send in the two Telnet windows to properly turn off the XML stream, and then entered the server by killing the process or enter the server in the boot service window. Daily use Automatically start JABBERD when booting There are many scripts in Script Repository, which can be used to start / stop Jabberd background service. These scripts should be placed under /etc/init.d/ and links from the /etc/rcx.d directory. If you are unfamiliar with this, you can search for "SystemV Init Scripts" or "Man CHKCONFIG" or "Man Updaterc.D" in Google. Another way to start and monitor Jabberd is to use daemOnTools. Log file contraction Jabberd's log files need to be contracted (compressed and stored, then starting with a blank file), otherwise they will get more and more, and finally because of the maximum capacity of your file system or the maximum capacity of the hard drive. Jabberd cannot be launched. . Therefore, you should use logrotate or other simple tools, unfortunately, jabber1.4 needs to stop when logging and then start. Grant administrator privileges The JabberD server allows you to assign the user administrator's permissions by configuring the 1. Read the Jabber message sent to the specified administrator address admin @ yourjabberhostname. 2, check all current online user information. 3. Give an online user broadcast message (such as reminding all users, the server needs to be restarted), or send a "daily message" to any login user. Add a specified user in the In this example, both the Hamlet, Macbth, and King Lear can read messages sent to the administrator address, and can view online users, but only King Lear can send broadcast messages and daily messages ("WRITE" permissions contain read rights) . If you want to use any administrator, confirm your full Jabber ID in the View online users To view online users on your server, you need to log in with an administrator user (defined in your jabber.xml file) and then send one of the two XML below. For example, connect XML after connecting to the Jabber server via Telnet or a Jabber client: or Send broadcast message Log in with an administrator account (defined in your jabber.xml file), broadcast messages for all online users, send the following XML:
You can log in with an administrator account and send a message to "YourServer.com/announce/online", but some client complained that the JID was lost, using another client or the above XML.
Enterprise internal network installation
The Jabberd server is a very suitable chat on a public network, such as providing messages that provide with other IM services. Because of this, many organizations run the Jabber server behind the firewall or NAT and want to limit these servers.
Prohibit server-to-server communication
Isolate your server with the public Internet, you may want to ban your servers and other communications between any other servers. There are several ways to achieve:
1. Turn off the 5269 port on your firewall because this port is used to communicate with the server on the server. (You can also close the 5222 client to the server communication port).
2, comment down your jabber.xml file in the lower list (this section handles the external DNS routing, and the server to the server):
as well as
Now your JABBER server cannot communicate with other servers.
No registration
By default, anyone can register an account on your Jabber server (account registration follows the Jabber protocol, just like the SMTP protocol for Email). Many Jabber servers want to prevent this registration. To achieve this, comment from your jabber.xml file:
Choose a Username and Password
To register with this server.
->
as well as
->
Obviously, if you prohibit Jabber's registration function, you need to generate an account through another method, such as using the script on the Script Repository to generate a user account in the spool file. The user's XML spool file is typically stored ./spool/ (view the Jabberd configuration file, xdb_file module). Remember that users running Jabberd must have read and write permissions on the spool file.
External authentication
User authentication for jabberd1.4.x is possible via RADIUS, PAM, LDAP, IMAP, POP3, Samba or MySQL, etc., but only authentication will be processed outside.
See the External Authentication Homepage for details on external certification.
High-end application
Some higher level applications for the Jabber server are described here.
Virtual host
If you want the same Jabberd server instance to handle multiple different formal domain names (such as two domain names you have Jabber.myserver1.net and Jabber.myserver2.net, you want to enable these two domain names through a server, not separately Two jabberds, you can configure Jabberd to respond to multiple formal domain names. This is similar to the virtual host that configures WWW servers (often in touch with a httpd instance).
Add two hostnames to your jabber.xml file, to ensure that the two hostnames are in the same line:
DNS SRV record
Usually a Jabber server monitors its IP 5222 or 5223 port for connection with the client, listening to the connection between the server on the 5269 port. For DNS SRV records ((RFC 2782), the corresponding client and server can be connected via other ports or other IPs. What does this mean? Replacing the Jabber server unique record on DNS, DNS first needs SRV record: "I want to Connect the servers of jabber.mydomain.org through the XMPP-Client service, which IP and port do I need to use? "Before connecting the server's only instance of the 5269 port, follow the XMPP server must query the SRV entry of DNS. Client needs Query the SRV entry on the DNS, you need to get more information, see Draft-Ietf-XMPP-CORE-19. Use the following configuration to make binding / naming:
JabberserverHostname. 86400 a jabberserverip
_XMPP-Server._tcp.jabberserverhostname. 86400 in SRV 5 0 5269 JabBerSerRhostName.
_XMPP-Client._tcp.jabberserverHostName. 86400 in SRV 5 0 5222 JabBerSerRHostName.
_jabber._tcp.jabberserverhostname. 86400 in SRV 5 0 5269 JabBerSerRhostName.
Don't forget the "." (Or bind the specified host name "related" name, not a formal domain).
test:
Dig Short JabberSerRhostName
Return to your Jabber server IP.
Dig short _jabber._tcp.jabberserhostname SRV DIG SHORT _XMPP-Server._tcp.jabberserverhostname SRV
Returns the host name of the machine running the C2S service (generally the main Jabber server).
Performance adjustment
Generally, a part of a Jabber server requires the most processing capabilities is a module that processes the C2S (Client-to-Server). For standard Jabberd 1.4.3, this module is named pthsock_client, and PTHSOCK_CLIENT should be good when there are hundreds of C2S connections.
There are some ways to provide C2S performance:
l Alternately, PTHSOCK_CLIENT with a more efficient JADC2S module. This can support several C2S connections. And it is very simple.
l Run multiple C2S modules on different machines, allowing them through the Connect / Accept mechanism (see Profile on Jabber.xml, running an external pthsock_client like a JUD) Connect to the Jabberd primary server. Use round-robin DNS to let the Jabber server's IP can support multiple IPs. Now that a problem is that other Jabber services will certainly connect all IPs through S2S instead of connecting only the primary server IP. A solution is to use port to advance, and build an SRV DNS record for S2S (as described above). This solution requires many experience in DNS and Jabber. Of course, you also need more hardware.
