Home » Forums » ejabberd & XMPP » ejabberd Administration

baffled by BOSH

Submitted by bartjsmit on Sun, 2018-02-04 16:03

ejabberd-17.09-2.fc27.x86_64 running well with PAM authentication and MySQL back-end.

I'm not able to use mod_bosh when setting it up according to the documentation. I can see the connections being made in the log, but the client (Swift) times out when I set its connection from c2s to BOSH.

A few questions, if I may, before I go too far down the rabbit hole:

- Do I use /http-bind or /bosh in the connection URL? Is there even any meaning in either name, as long as the server and the client use the same?
- Do I need an Apache reverse proxy? I allow 5280 through the firewall. Swift has a manual proxy option
- Does anybody have a snippet of their conf file that is necessary and sufficient to run BOSH?

Any help would be most appreciated.

Thanks,

Bart...

‹ Unable to publish PubSub event Cannot register admin user in v17.11.20 ›

I'm testing with ejabberd

Submitted by badlop on Mon, 2018-02-05 12:46.

I'm testing with ejabberd 18.01. I guess there aren't relevant changes since your version.

bartjsmit wrote:

- Do I use /http-bind or /bosh in the connection URL? Is there even any meaning in either name, as long as the server and the client use the same?

That URL has no meaning, simply set the same in server and clients.

bartjsmit wrote:

- Do I need an Apache reverse proxy? I allow 5280 through the firewall. Swift has a manual proxy option

I have no web server or anything else than ejabberd to connect a BOSH client to ejabberd, as ejabberd already includes the Web service required.

bartjsmit wrote:

- Does anybody have a snippet of their conf file that is necessary and sufficient to run BOSH?

listen:
...
  -
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/bosh": mod_bosh

modules:
...
  mod_bosh: {}

Then use http://localhost:5280/bosh/ as URL for BOSH in your client. It works for me using Tkabber and Gajim.

»

Thanks badlop, I spun up a

Submitted by bartjsmit on Mon, 2018-02-05 20:26.

Thanks badlop, I spun up a vanilla ejabberd on Fedora 27 without PAM and that works. As soon as I change from:

auth_method: internal

to

auth_method: pam
pam_service: "ejabberd"

I get "Authentication method not supported" from the client. I did notice that I get the same error on normal connections over 5222, so there is another difference between PAM and internal. My guess is TLS, since I used this on the first server and got a connection on 5222.

I'll do some more testing and will keep this thread updated (if only for posterity)

Bart...

»

It was indeed TLS. Adding

Submitted by bartjsmit on Mon, 2018-02-05 21:37.

It was indeed TLS. Adding these lines to the 5280 listener did the trick:

tls: true
certfile: 'CERTFILE'
protocol_options: 'TLSOPTS'
dhfile: 'DHFILE'

Bart...

»
Syndicate content

User login