erl distribution with SSL/ejabberd clustering

Hi all

I was troubleshooting some spam connections, toying with the ACLs for s2s. I got side-tracked when I got curious about connections, port use etc. when I spotted some extra connections that were happening between our two-node jabber cluster.

I recall from the early days the old method of creating a cluster by executing some commands with erlang directly and establishing the cluster peering. So I had long forgotten that despite having s2s connections that are encrypted, the intra-cluster connection (or erl distribution) is separate and done between erl nodes, and has nothing to do with ejabberd per se.

So looking at traffic on port 53333 on the sniffer, I can confirm that intra-node communication is not encrypted, as the documentation says. I did find on the Internet some documentation on erlang that says it is possible to have encryption between nodes if erl is invoked in a certain way.

Are there any plans to make this available somehow to ejabberd and control it through the YAML config? (Perhaps this is sounding like a feature request?) Failing that, is there a way to do this manually?

Thanks,

Hi, you can ask this too in

Hi, you can ask this too in the ejabberd mailing list, or submit the question to the ejabberd github. I imagine some admins will answer "use VPN".

Syndicate content