Howto Setup ejabberd 16 on CentOS 6.7

Introduction

Do It Yourself an Instant Messaging server, an experiment with ejabberd.

This article is divided into three parts:

• Part 1: Prepare The Server
• Part 2: Install ejabberd
• Part 3: Basic Configuration

The goal of this article is to compile and install ejabberd from source on CentOS, configure admin account to enable the web admin and add an example how to configure ejabberd to support multiple domains or virtual hosts.

Part 1: Prepare The Server

Linux CentOS Minimal

Linux server installation:

• You may use VirtualBox or any other virtualization software, or a real server
• You may also do this in a VPS such as in DigitalOcean
• You need fast Internet connection, we will be downloading lots of stuffs
• Install CentOS 6.7 minimal version, get the minimal version of CentOS 6.7 installer ISO here
• Configure the network so that the server will have access to the Internet
• You must make sure that the SSH server is installed and running, access the server using SSH, work from outside
• You will need to login as root during installation

Please note that you can always use full version of CentOS, the same installation steps in this article will still work.

Update: This article will also work on CentOS 7.1

Update CentOS:

1	yum -y update

Install basic system config tools:

1	yum -y install system-config-firewall system-config-firewall-tui system-config-network system-config-network-tui

Install development packages:

1	yum -y install wget git gcc g++ gcc-c++ perl ncurses-devel openssl-devel unixODBC-devel libyaml-devel expat-devel zlib-devel mysql-devel

Server Init

Follow all instructions to initialize your server.

Disable Firewall

Disable firewall from system config tool:

1	system-config-firewall

Please note that you can enable the firewall again later after successful installation and several test calls.

Disable SELINUX

Edit /etc/sysconfig/selinux and change SELINUX=enforcing to SELINUX=disabled:

1	vi /etc/sysconfig/selinux

Reboot the server to actually disable SELinux:

1

reboot

Once the server up and running again check whether the SELinux is disabled:

1

sestatus

Please note that the SELinux status must be disabled.

Part 2: Install ejabberd

Download Source Codes

Prepare sources directory in /root/src, all required software source codes will be put in that directory:

1 2	mkdir -p /root/src cd ~/src

Get the current ejabberd 16.01:

1	wget -c "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/16.01/ejabberd-16.01.tgz" -O ejabberd-16.01.tgz

Please note that the above wget command and all wget commands below are single line only. You must make sure that the correct package will be downloaded to /root/src.

Get the required Erlang/OTP 17.1:

1	wget -c http://erlang.org/download/otp_src_17.1.tar.gz

Compile and Install Erlang/OTP 17.1

Compile and install Erlang/OTP 17.1:

1 2 3

cd ~/src tar -zxf otp_src_17.1.tar.gz cd otp_src_17.1

Enable and disable some options on the source code. Below options are considered mandatory:

1	./configure --prefix=/usr/local --disable-hipe --enable-smp-support --enable-threads --enable-kernel-poll

Please note that the ./configure options above are important. You can find more options by running ./configure --help.

Continue to compile and install Erlang/OTP 17.1:

1 2	make make install

Compile and Install ejabberd 16.01

Add new Linux user for ejabberd:

1	useradd -m ejabberd

Please note that you cannot miss the -m option to create a home directory for Linux user ejabberd.

Compile and install ejabberd 16.01:

1 2 3

cd ~/src tar -zxf ejabberd-16.01.tgz cd ejabberd-16.01

Enable some options on the source code. Below options are considered mandatory:

1	./configure --prefix=/usr/local --enable-tools --enable-odbc --enable-mysql --enable-zlib --enable-user=ejabberd

Please note that the ./configure options above are important. You can find more options by running ./configure --help.

Continue to compile ejabberd 16.01:

1

make

Please note that the make command above will also download lots of stuffs from Github, therefore you need to make sure that the Internet is ready, and fast.

Continue to install ejabberd 16.01:

1	make install

Init Script and Verification

Place the init script and configure to start ejabberd on boot:

1 2	cp ~/src/ejabberd-16.01/ejabberd.init /etc/init.d chkconfig --add ejabberd.init

Continue with rebooting the server:

1

reboot

Once the server started inspect whether ejabberd has also been started:

1	netstat -lnptu | egrep "(5222|5269|5280)"

Please note that you need to visually see both port 5222 , 5269 and 5280 are occupied by beam.

Also make sure that you have access to running server via ejabberdctl:

1	ejabberdctl status

Please note that you should see the result of the command above like this: ejabberd 16.01 is running in that node

ejabberd Installation is finished, continue with basic configuration to get you started using it.

Part 3: Basic Configuration

Setup Administrator Account

Register the admin user to the default host localhost:

1	ejabberdctl register admin localhost secretpassword

Use your own secretpassword, of course.

Add acl option to enable user admin as an Administrator account:

1	vi /usr/local/etc/ejabberd/ejabberd.yml

Go to the end of file and add these lines:

1 2 3 4

acl:   admin:     user:       - "admin": "localhost"

Please note that the indention and a newline at the end are important.

Continue with reload config:

1	ejabberdctl reload_config

Login to Web Admin

Once you have added and setup an Administrator account you can login to the web admin by visiting this address:

1	http://YOUR_EJABBERD_IP_ADDRESS:5280/admin

For example, browse http://192.168.56.2:5280/admin if 192.168.56.2 is your ejabberd server IP address.

Use admin@localhost as the username and your secretpassword as the password.

Add Virtual Host

Suppose you want to actually setup an IM server for domain textng.com and ngoprek.org, it means your XMPP/Jabber users will have address like username@textng.com or username@ngoprek.org. You need to add both textng.com and ngoprek.org as virtual hosts in your ejabberd.

Add textng.com and ngoprek.org as virtual hosts:

1	vi /usr/local/etc/ejabberd/ejabberd.yml

Go to the end of file and add these lines:

1 2 3

hosts:   - "textng.com"   - "ngoprek.org"

Please note that the indention and a newline at the end are important.

Continue with reload config:

1	ejabberdctl reload_config

Visit web admin and see if both domains are registered as virtual hosts. Once you see them registered then you can add more users under specific host as XMPP/Jabber user.

You can then ask users to use their favorite XMPP/Jabber client software such as Xabber and ChatSecure on smartphone, or Pidgin and Jitsi on desktop, using registered usernames and passwords.

Instant Messaging server installation and basic configuration is finished.

How to access remote server with local phpMyAdmin client?

Just add below lines to your “config.inc.php” file in the bottom:

$i++;
$cfg['Servers'][$i]['host'] = 'HostName:port'; //provide hostname and port if other than default
$cfg['Servers'][$i]['user'] = 'userName';   //user name for your remote server
$cfg['Servers'][$i]['password'] = 'Password';  //password
$cfg['Servers'][$i]['auth_type'] = 'config';       // keep it as config

 

Understanding logrotate utility

How logrotate works

The system runs logrotate on a schedule, usually daily. On most distributions, the script that runs logrotate daily is located at /etc/cron.daily/logrotate.

Some distributions use a variation. For example, on Gentoo the logrotate script is located at /etc/cron.daily/logrotate.cron.

If you want logrotate to run more often (for hourly log rotation, for example) you need to use cron to run logrotate through a script in /etc/cron.hourly.

When logrotate runs, it reads its configuration files to determine where to find the log files that it needs to rotate, how often the files should be rotated, and how many archived logs to keep.

logrotate.conf

The main logrotate configuration file is located at /etc/logrotate.conf.

The file contains the default parameters that logrotate uses when it rotates logs. The file is commented, so you can skim it to see how the configuration is set up. Several of the specific commands in that file are described later in this article.

Note that one line in the file reads:

include /etc/logrotate.d

That directory contains most of the application-specific configuration files.

logrotate.d

Use the following command to list contents of the directory that stores application-specific log settings:

ls /etc/logrotate.d

Depending on how much is installed on your server, this directory might contain no files or several. In general, applications that are installed through your package manager will also create a config file in /etc/logrotate.d.

Usually the directory contains a configuration file for your syslog service, which logrotate reads when it rotates the system logs. This file contains an entry for various system logs, along with some commands similar to those contained in logrotate.conf.

NOTE: On versions of Ubuntu earlier than Karmic Koala (9.10) there is no entry for a syslog service. Before that release, the system logs were rotated by a savelog command run from the /etc/cron.daily/sysklogd script.

Inside an application file

As an example, consider the contents of a logrotate configuration file that might be put in place when you install Apache on a Fedora system:

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
    /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
  }

When logrotate runs, it checks for any files in /var/log/httpd that end in log and rotates them, if they aren’t empty. If it checks the httpd directory and doesn’t find any log files, it doesn’t generate an error. Then it runs the command in the postrotate/endscript block (in this case, a command that tells Apache to restart), but only after it has processed all the specified logs.

This example file does not contain some settings that are included in the logrotate.conf file. The commands in logrotate.conf act as defaults for log rotation. You can specify different settings for any application when you want to override the defaults. For example, if you run a busy web server, you might want to include a daily command in Apache’s configuration block so that Apache’s logs will rotate daily instead of the default weekly rotation.

The next section describes some of the more commonly-used commands actually do in a logrotate configuration file.

Configuration commands

You can get a full list of commands used in logrotate configuration files by checking the man page:

man logrotate

This section describes the more commonly-used commands.

Remember, the configuration files for applications in /etc/logrotate.d inherit their defaults from the main /etc/logrotate.conf file.

Log files

A log file and its rotation behavior are defined by listing the log file (or files) followed by a set of commands enclosed in curly brackets. Most application configuration files will contain just one of these blocks, but it’s possible to put more than one in a file, or to add log file blocks to the main logrotate.conf file.

You can list more than one log file for a block by using a wildcard in the name or by separating log files in the list with spaces. For example, to specify all files in the directory /var/foo that end in .log, and the file /var/bar/log.txt, you would set up the block as follows:

 /var/foo/*.log /var/bar/log.txt {
        rotate 14
        daily
        compress
        delaycompress
        sharedscripts
        postrotate
                /usr/sbin/apachectl graceful > /dev/null
        Endscript
}

Rotate count

The rotate command determines how many archived logs are returned before logrotate starts deleting the older ones. For example:

rotate 4

This command tells logrotate to keep four archived logs at a time. If four archived logs exist when the log is rotated again, the oldest one is deleted to make room for the new archive.

Rotation interval

You can specify a command that tells logrotate how often to rotate a particular log. The possible commands include:

daily
weekly
monthly
yearly

If a rotation interval is not specified the log will be rotated whenever logrotate runs (unless another condition like size has been set).

If you want to use a time interval other than the the defined ones, you need to use cron to create a separate configuration file. For example, if you want to rotate a particular log file hourly, you could create a file in /etc/cron.hourly (you might need to create that directory too) that would contain a line like the following:

/usr/sbin/logrotate /etc/logrotate.hourly.conf

Then you would put the configuration for that hourly run of logrotate (the log file location, whether or not to compress old files, and so on) into /etc/logrotate.hourly.conf.

Size

You can use the size command to specify a file size for logrotate to check when determining whether to perform a rotation. The format of the command tells logrotate what units you’re using to specify the size:

size 100k
size 100M
size 100G

The first example would rotate the log if it gets larger than 100 kilobytes, and the second if it’s larger than 100 megabytes, and the third if it’s over 100 gigabytes. I don’t recommend using a limit of 100G, mind you, the example just got a little out of hand there.

The size command takes priority over and replaces a rotation interval if both are set.

Compression

If you want archived log files to be compressed (in gzip format), you can include the following command, usually in /etc/logrotate.conf:

compress

Compression is normally a good idea, because log files are usually all text and text compresses well. If, however, you have some archived logs that you don’t want to compress, but you still want compression to be on by default, you can include the following command in an application-specific configuration:

nocompress

Another command of note in regard to compression is as follows:

delaycompress

This command is useful if you want to compress the archived logs, but want to delay the compression. When delaycompress is active, an archived log is compressed the next time that the log is rotated. This can be important when you have a program that might still write to its old log file for a time after a fresh one is rotated in. Note that delaycompress works only if you have compress in your configuration.

An example of a good time to use delaycompress would be when logrotate is told to restart Apache with the “graceful” or “reload” directive. Because old Apache processes do not end until their connections are finished, they could potentially try to log more items to the old file for some time after the restart. Delaying the compression ensures that you won’t lose those extra log entries when the logs are rotated.

Postrotate

Logrotate runs the postrotate script each time it rotates a log specified in a configuration block. You usually want to use this script to restart an application after the log rotation so that the app can switch to a new log.

postrotate
    /usr/sbin/apachectl restart > /dev/null
endscript

>/dev/null tells logrotate to pipe the command’s output to nowhere. In this case, you don’t need to view the the output if the application restarted correctly.

The postrotate command tells logrotate that the script to run, starts on the next line, and the endscript command says that the script is done.

Sharedscripts

Normally logrotate runs the postrotate script every time it rotates a log. This is also true for multiple logs that use the same configuration block. For example, a web server configuration block that refers to both the access log and the error log will, if it rotates both, run the postrotate script twice (once for each file rotated). If both files are rotated, the web server is restarted twice.

To keep logrotate from running that script for every log, you can include the following command:

sharedscripts

This command tells logrotate to check all the logs for that configuration block before running the postrotate script. If one or both of the logs is rotated, the postrotate script runs only once. If none of the logs is rotated, the postrotate script doesn’t run.

 

 

https://support.rackspace.com/how-to/understanding-logrotate-utility/

RHEL 7 / CentOS 7 Disable Firewalld and use iptables

Firewalld is bit complicated so it is better to continue with  iptables.

Here I am describing, how to disable Firewalld and use iptables.

1. Disable Firewalld Service.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl mask firewalld

2. Stop Firewalld Service.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl stop firewalld

3. Install iptables service related packages.

[root@rhel-centos7-tejas-barot-linux ~]# yum -y install iptables-services

4. Make sure service starts at boot:

[root@rhel-centos7-tejas-barot-linux ~]# systemctl enable iptables

# If you do not want ip6tables, You can skip following command.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl enable ip6tables

5. Now, Finally Let’s start the iptables services.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl start iptables

# If you do not want ip6tables, You can skip following command.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl start ip6tables

Firewalld Service is now disabled and stop, You can use iptables.

Managing an ext4 File System

yum install e4fsprogs

The e4fsprogs package contains renamed static binaries from the equivalent upstream e2fsprogs release. This has been done to ensure stability of the e2fsprogs core utilities with all the changes for ext4 included. The most important of these utilities are:

• mke4fs — A utility used to create an ext4 file system.
• mkfs.ext4 — Another command used to create an ext4 file system.
• e4fsck — A utility used to repair inconsistencies of an ext4 file system.
• tune4fs — A utility used to modify ext4 file system attributes.
• resize4fs — A utility used to resize an ext4 file system.
• e4label — A utility used to display or modify the label of the ext4 file system.
• dumpe4fs — A utility used to display the super block and blocks group information for the ext4 file system.
• debuge4fs — An interactive file system debugger, used to examine ext4 file systems, manually repair corrupted file systems and create test cases for e4fsck.

The following sections walk you through the steps for creating and tuning ext4 partitions.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-filesystem-ext4-managing.html

Connecting to a PPTP VPN from an OpenVZ VPS

PPTP allows you to implement your own VPN. PPTP (A Point-To-Point Tunneling Protocol ) is less secure than OpenVPN.

To enable PPP in the vps, first you need to enable PPP modules in the host node.

Login to the host node

modprobe ppp_mppe

modprobe ppp_deflate

modprobe zlib_deflate

modprobe ppp_async

modprobe ppp_generic

modprobe slhc

modprobe crc_ccitt

Now you can see the below result, if you run

lsmod | grep ppp
ppp_mppe                6182  0
ppp_deflate             4176  0
zlib_deflate           21629  1 ppp_deflate
ppp_async               7866  0
crc_ccitt               1725  1 ppp_async
ppp_generic            25763  3 ppp_mppe,ppp_deflate,ppp_async
slhc                    5813  1 ppp_generic

Second, you have to tweak the VPS’s conf file:

vzctl stop [VEnumber]

vzctl set [VEnumber] --features ppp:on --save

vzctl start [VEnumber]

vzctl set [VEnumber] --devices c:108:0:rw --save

vzctl exec [VEnumber] mknod /dev/ppp c 108 0

vzctl exec [VEnumber] chmod 600 /dev/ppp

After that, you might need to uncomment the require-mppe-128 or mppe required,stateless line in /etc/ppp/options.pptp (depending on the VPN server). You may also need to manually create a static route to the network, with route add -net 10.1.1.0 netmask 255.255.255.0 ppp0.

You can check /var/log/messages for details about negotiation errors.

MegaRaid RAID controller

To confirms the server has indeed a MegaRaid RAID controller installed.

lspci | grep -i lsi | grep -i megaraid
02:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2208 [Thunderbolt] (rev 05)

You can use MegaCli command to list available RAID arrays,

MegaCli -LDInfo -Lall -aALL

==

Adapter 0 — Virtual Drive Information:
Virtual Disk: 0 (Target Id: 0)
Name:
RAID Level: Primary-1, Secondary-0, RAID Level Qualifier-0
Size:223.062 GB
State: Optimal
Stripe Size: 256 KB
Number Of Drives:2
Span Depth:1
Default Cache Policy: WriteBack, ReadAdaptive, Direct, No Write Cache if Bad BBU
Current Cache Policy: WriteBack, ReadAdaptive, Direct, No Write Cache if Bad BBU
Access Policy: Read/Write
Disk Cache Policy: Enabled
Encryption Type: None
Virtual Disk: 1 (Target Id: 1)
Name:
RAID Level: Primary-1, Secondary-0, RAID Level Qualifier-0
Size:1.818 TB
State: Optimal
Stripe Size: 256 KB
Number Of Drives:2
Span Depth:1
Default Cache Policy: WriteBack, ReadAdaptive, Direct, No Write Cache if Bad BBU
Current Cache Policy: WriteBack, ReadAdaptive, Direct, No Write Cache if Bad BBU
Access Policy: Read/Write
Disk Cache Policy: Disk’s Default
Encryption Type: None

Exit Code: 0x00

===

Checking hard drives’ state

First, you must list the Device Id for each drives in order to fully test them with smartmontools:

MegaCli -PDList -aAll | egrep 'Slot\ Number|Device\ Id|Inquiry\ Data|Raw|Firmware\ state' | sed 's/Slot/\nSlot/g'

Slot Number: 0
Device Id: 5
Raw Size: 223.570 GB [0x1bf244b0 Sectors]
Firmware state: Online
Inquiry Data: CVWL426004GZ240NGN INTEL SSDSC2BB240G4 D2010370

Slot Number: 1
Device Id: 4
Raw Size: 223.570 GB [0x1bf244b0 Sectors]
Firmware state: Online
Inquiry Data: CVWL426004D7240NGN INTEL SSDSC2BB240G4 D2010370

Slot Number: 2
Device Id: 7
Raw Size: 1.819 TB [0xe8e088b0 Sectors]
Firmware state: Online
Inquiry Data: PN2134P5G7SEGXHGST HUS724020ALA640 MF6OAA70

Slot Number: 3
Device Id: 6
Raw Size: 1.819 TB [0xe8e088b0 Sectors]
Firmware state: Online
Inquiry Data: PN2134P6JKVSTVHGST HUS724020ALA640 MF6OAA70

For details, Please check the url.
http://docs.ovh.ca/en/guides-raid-hard.html

Subnet Mask Cheat Sheet

Subnet Mask Cheat Sheet
Addresses  Hosts  Netmask  Amount of a Class C
/30             4          2              255.255.255.252 1/64
/29             8          6              255.255.255.248 1/32
/28           16        14              255.255.255.240 1/16
/27           32        30              255.255.255.224 1/8
/26           64        62              255.255.255.192 1/4
/25         128      126              255.255.255.128 1/2
/24         256      254              255.255.255.0 1
/23         512      510              255.255.254.0 2
/22       1024    1022              255.255.252.0 4
/21       2048    2046              255.255.248.0 8
/20       4096    4094              255.255.240.0 16
/19       8192    8190              255.255.224.0 32
/18      16384 16382              255.255.192.0 64
/17      32768 32766              255.255.128.0 128
/16      65536 65534              255.255.0.0 256

 

apf commands

1. Command to start apf

# apf -s

2. Command to restart apf

# apf -r

3. Command to stop/flush apf

# apf -f

4. Command to list all firewall rules.

# apf -l

5. Command to output firewall status log.

# apf -t

6. To refresh & resolve dns names in trust rules.

# apf -e

7. To output all configuration options.

# apf -o

Example:

# apf -o
---
APF version 9.7 <apf@r-fx.org>
Copyright (C) 2002-2011, R-fx Networks <proj@r-fx.org>
Copyright (C) 2011, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL

DEVEL_MODE "0"
INSTALL_PATH "/etc/apf"
IFACE_IN "eth0"
IFACE_OUT "eth0"
IFACE_TRUSTED ""
SET_VERBOSE "1"
SET_FASTLOAD "0"
---

8. To remove host from [glob]*_hosts.rules and immediately remove rule from firewall.

# apf -u

9. White-list an IP address:

# apf -a IP
or
edit /etc/apf/allow_hosts.rules

Always restart apf after white-listing an IP in apf.

10. For blocking an IP in apf

# apf -d IP
or
edit /etc/apf/deny_hosts.rules

10 APF (Advance Policy Firewall) commands in Linux – Simple usages

RETRY CONFIGURATION in exim

To re-edit retry configuration in exim.

Open exim.conf

# vi /etc/exim.conf

Then search for RETRY CONFIGURATION in configuration file and do the needed changes.

Example :

====

# Domain      Error       Retries

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h

===

This single retry rule applies to all domains and all errors. It specifies retries every 15 minutes for 2 hours, then increasing retry intervals, starting at 1 hour and increasing each time by a factor of 1.5, up to 16 hours, then retries every 8 hours until 4 days have passed since the first failed delivery.