ejabberd - Comments for "baffled by BOSH"

It was indeed TLS. Adding

bartjsmit — Mon, 05 Feb 2018 21:37:06 +0000

It was indeed TLS. Adding these lines to the 5280 listener did the trick:

tls: true
certfile: 'CERTFILE'
protocol_options: 'TLSOPTS'
dhfile: 'DHFILE'

Bart...

Thanks badlop, I spun up a

bartjsmit — Mon, 05 Feb 2018 20:26:06 +0000

Thanks badlop, I spun up a vanilla ejabberd on Fedora 27 without PAM and that works. As soon as I change from:

auth_method: internal

auth_method: pam
pam_service: "ejabberd"

I get "Authentication method not supported" from the client. I did notice that I get the same error on normal connections over 5222, so there is another difference between PAM and internal. My guess is TLS, since I used this on the first server and got a connection on 5222.

I'll do some more testing and will keep this thread updated (if only for posterity)

Bart...

I'm testing with ejabberd

badlop — Mon, 05 Feb 2018 12:46:00 +0000

I'm testing with ejabberd 18.01. I guess there aren't relevant changes since your version.

bartjsmit wrote:

- Do I use /http-bind or /bosh in the connection URL? Is there even any meaning in either name, as long as the server and the client use the same?

That URL has no meaning, simply set the same in server and clients.

bartjsmit wrote:

- Do I need an Apache reverse proxy? I allow 5280 through the firewall. Swift has a manual proxy option

I have no web server or anything else than ejabberd to connect a BOSH client to ejabberd, as ejabberd already includes the Web service required.

bartjsmit wrote:

- Does anybody have a snippet of their conf file that is necessary and sufficient to run BOSH?

listen:
...
  -
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/bosh": mod_bosh

modules:
...
  mod_bosh: {}

Then use http://localhost:5280/bosh/ as URL for BOSH in your client. It works for me using Tkabber and Gajim.