aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorBadlop <badlop@process-one.net>2009-01-12 20:03:02 +0000
committerBadlop <badlop@process-one.net>2009-01-12 20:03:02 +0000
commitba2eb355909b474284c4ab68226fcddf60c742d3 (patch)
tree9b5b7a23d56b3c775c4ad4671e89cf89819e727e /doc
parent* src/web/ejabberd_web_admin.erl: New appearance of WebAdmin logo, (diff)
* src/ejabberd_listener.erl: New way to configure IP address and
IP version of listener. Support for definition of IP address in string format, and implicit definition of IP version (EJAB-388). Support for defining several listeners: all with same port number but different IP addresses (EJAB-389)(thanks to Fabrice Colliot and Sergei Golovan). Better report in WebAdmin of problem when starting a listener. The old configuration method of ip tuple and inet6 is fully supported for backwards compatibility, but is not documented in the Guide anymore. * src/ejabberd_config.erl: Likewise * src/mod_proxy65/mod_proxy65_stream.erl: Likewise * src/mod_proxy65/mod_proxy65_service.erl: Likewise * src/web/ejabberd_web_admin.erl: Likewise * doc/guide.tex: Document the new way to configure IP address and IP version of listener, undocument options ip and inet6 * doc/guide.html: Likewise SVN Revision: 1812
Diffstat (limited to 'doc')
-rw-r--r--doc/guide.html144
-rw-r--r--doc/guide.tex157
2 files changed, 208 insertions, 93 deletions
diff --git a/doc/guide.html b/doc/guide.html
index 9d0fde157..3282fc3d8 100644
--- a/doc/guide.html
+++ b/doc/guide.html
@@ -622,31 +622,59 @@ other different modules for some specific virtual hosts:
will listen and what services will be run on them. Each element of the list is a
tuple with the following elements:
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
-Port number.
-</LI><LI CLASS="li-itemize">Module that serves this port.
-</LI><LI CLASS="li-itemize">Options to this module.
-</LI></UL><P>
+Port number. Optionally also the IP address.
+</LI><LI CLASS="li-itemize">Listening module that serves this port.
+</LI><LI CLASS="li-itemize">Options for the TCP socket and for the listening module.
+</LI></UL><P>With the basic syntax the ports will listen on all IPv4 network addresses:
+</P><PRE CLASS="verbatim">{listen, [
+ {&lt;port-number&gt;, &lt;module&gt;, [&lt;options&gt;]},
+ {&lt;port-number&gt;, &lt;module&gt;, [&lt;options&gt;]},
+ ...
+ {&lt;port-number&gt;, &lt;module&gt;, [&lt;options&gt;]}
+ ]}.
+</PRE><P>It is possible to specify the IP address for a port using the full syntax:
+</P><PRE CLASS="verbatim"> {{&lt;port-number&gt;, &lt;ip-address&gt;}, &lt;module&gt;, [&lt;options&gt;]}
+</PRE><P> <A NAME="listened-port"></A> </P><!--TOC subsubsection Port Number and IP Address-->
+<H4 CLASS="subsubsection"><!--SEC ANCHOR --><A HREF="#listened-port">Port Number and IP Address</A></H4><!--SEC END --><P> <A NAME="listened-port"></A> </P><P>The port number defines which port to listen for incoming connections.
+It can be a Jabber/XMPP standard port
+(see section <A HREF="#firewall">5.1</A>) or any other valid port number.</P><P>The IP address can be represented with a string
+or an Erlang tuple with decimal or hexadecimal numbers.
+The socket will listen only in that network interface.
+It is possible to specify a generic address,
+so <TT>ejabberd</TT> will listen in all addresses.
+Depending in the type of the IP address, IPv4 or IPv6 will be used.</P><P>Some example values for IP address:
+</P><UL CLASS="itemize"><LI CLASS="li-itemize">
+<CODE>"0.0.0.0"</CODE> to listen in all IPv4 network interfaces. This is the default value when no IP is specified.
+</LI><LI CLASS="li-itemize"><CODE>"::"</CODE> to listen in all IPv6 network interfaces
+</LI><LI CLASS="li-itemize"><CODE>"10.11.12.13"</CODE> is the IPv4 address <CODE>10.11.12.13</CODE>
+</LI><LI CLASS="li-itemize"><CODE>"::FFFF:127.0.0.1"</CODE> is the IPv6 address <CODE>::FFFF:127.0.0.1/128</CODE>
+</LI><LI CLASS="li-itemize"><CODE>{10, 11, 12, 13}</CODE> is the IPv4 address <CODE>10.11.12.13</CODE>
+</LI><LI CLASS="li-itemize"><CODE>{0, 0, 0, 0, 0, 65535, 32512, 1}</CODE> is the IPv6 address <CODE>::FFFF:127.0.0.1/128</CODE>
+</LI><LI CLASS="li-itemize"><CODE>{16#fdca, 16#8ab6, 16#a243, 16#75ef, 0, 0, 0, 1}</CODE> is the IPv6 address <CODE>FDCA:8AB6:A243:75EF::1/128</CODE>
+</LI></UL><P> <A NAME="listened-module"></A> </P><!--TOC subsubsection Listening Module-->
+<H4 CLASS="subsubsection"><!--SEC ANCHOR --><A HREF="#listened-module">Listening Module</A></H4><!--SEC END --><P> <A NAME="listened-module"></A> </P><P>
The available modules, their purpose and the options allowed by each one are:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>ejabberd_c2s</TT></B></DT><DD CLASS="dd-description">
Handles c2s connections.<BR>
- Options: <TT>access</TT>, <TT>certfile</TT>, <TT>inet6</TT>,
-<TT>ip</TT>, <TT>max_stanza_size</TT>, <TT>shaper</TT>,
+ Options: <TT>access</TT>, <TT>certfile</TT>,
+<TT>max_stanza_size</TT>, <TT>shaper</TT>,
<TT>starttls</TT>, <TT>starttls_required</TT>, <TT>tls</TT>,
<TT>zlib</TT>
</DD><DT CLASS="dt-description"><B><TT>ejabberd_s2s_in</TT></B></DT><DD CLASS="dd-description">
Handles incoming s2s connections.<BR>
- Options: <TT>inet6</TT>, <TT>ip</TT>, <TT>max_stanza_size</TT>
+ Options: <TT>max_stanza_size</TT>
</DD><DT CLASS="dt-description"><B><TT>ejabberd_service</TT></B></DT><DD CLASS="dd-description">
Interacts with an <A HREF="http://www.ejabberd.im/tutorials-transports">external component</A>
(as defined in the Jabber Component Protocol (<A HREF="http://www.xmpp.org/extensions/xep-0114.html">XEP-0114</A>).<BR>
- Options: <TT>access</TT>, <TT>hosts</TT>, <TT>inet6</TT>,
-<TT>ip</TT>, <TT>shaper</TT>, <TT>service_check_from</TT>
+ Options: <TT>access</TT>, <TT>hosts</TT>,
+<TT>shaper</TT>, <TT>service_check_from</TT>
</DD><DT CLASS="dt-description"><B><TT>ejabberd_http</TT></B></DT><DD CLASS="dd-description">
Handles incoming HTTP connections.<BR>
Options: <TT>certfile</TT>, <TT>http_bind</TT>, <TT>http_poll</TT>,
-<TT>inet6</TT>, <TT>ip</TT>, <TT>request_handlers</TT>, <TT>tls</TT>, <TT>web_admin</TT><BR>
-</DD></DL><P>This is a detailed description of each option allowed by the listening modules:
+<TT>request_handlers</TT>, <TT>tls</TT>, <TT>web_admin</TT><BR>
+</DD></DL><P> <A NAME="listened-options"></A> </P><!--TOC subsubsection Options-->
+<H4 CLASS="subsubsection"><!--SEC ANCHOR --><A HREF="#listened-options">Options</A></H4><!--SEC END --><P> <A NAME="listened-options"></A> </P><P>This is a detailed description of each option allowed by the listening modules:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>{access, &lt;access rule&gt;}</TT></B></DT><DD CLASS="dd-description"> This option defines
access to the port. The default value is <TT>all</TT>.
@@ -685,13 +713,7 @@ do not allow outgoing sockets on port 5222.<P>If HTTP Polling is enabled, it wil
is also needed in the Jabber client. Remark also that HTTP Polling can be
interesting to host a web-based Jabber client such as
<A HREF="http://jwchat.sourceforge.net/">JWChat</A>.
-</P></DD><DT CLASS="dt-description"><B><TT>inet6</TT></B></DT><DD CLASS="dd-description"> Set up the socket for IPv6 instead of IPv4.
-Note: this option is not required for S2S outgoing connections,
-because when ejabberd attempts to establish a S2S outgoing connection
-it first tries IPv4, and if that fails it attempts with IPv6.
-</DD><DT CLASS="dt-description"><B><TT>{ip, IPAddress}</TT></B></DT><DD CLASS="dd-description"> This option specifies which network
-interface to listen for. For example <CODE>{ip, {192, 168, 1, 1}}</CODE>.
-</DD><DT CLASS="dt-description"><B><TT>{max_stanza_size, Size}</TT></B></DT><DD CLASS="dd-description">
+</P></DD><DT CLASS="dt-description"><B><TT>{max_stanza_size, Size}</TT></B></DT><DD CLASS="dd-description">
This option specifies an
approximate maximum size in bytes of XML stanzas. Approximate,
because it is calculated with the precision of one block of readed
@@ -736,7 +758,7 @@ is available on connections to the port. Client connections cannot use
stream compression and stream encryption simultaneously. Hence, if you
specify both <TT>tls</TT> (or <TT>ssl</TT>) and <TT>zlib</TT>, the latter
option will not affect connections (there will be no stream compression).
-</DD></DL><P>There are some additional global options:
+</DD></DL><P>There are some additional global options that can be specified in the ejabberd configuration file (outside <TT>listen</TT>):
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>{s2s_use_starttls, true|false}</TT></B></DT><DD CLASS="dd-description">
This option defines whether to
@@ -759,17 +781,18 @@ with a small list of trusted servers, or to block some specific servers.
</DD><DT CLASS="dt-description"><B><TT>{s2s_max_retry_delay, Seconds}</TT></B></DT><DD CLASS="dd-description">
The maximum allowed delay for retry to connect after a failed connection attempt.
Specified in seconds. The default value is 300 seconds (5 minutes).
-</DD></DL><P>For example, the following simple configuration defines:
+</DD></DL><P> <A NAME="listened-examples"></A> </P><!--TOC subsubsection Examples-->
+<H4 CLASS="subsubsection"><!--SEC ANCHOR --><A HREF="#listened-examples">Examples</A></H4><!--SEC END --><P> <A NAME="listened-examples"></A> </P><P>For example, the following simple configuration defines:
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
There are three domains. The default certificate file is <TT>server.pem</TT>.
However, the c2s and s2s connections to the domain <TT>example.com</TT> use the file <TT>example_com.pem</TT>.
</LI><LI CLASS="li-itemize">Port 5222 listens for c2s connections with STARTTLS,
and also allows plain connections for old clients.
</LI><LI CLASS="li-itemize">Port 5223 listens for c2s connections with the old SSL.
-</LI><LI CLASS="li-itemize">Port 5269 listens for s2s connections with STARTTLS.
+</LI><LI CLASS="li-itemize">Port 5269 listens for s2s connections with STARTTLS. The socket is set for IPv6 instead of IPv4.
</LI><LI CLASS="li-itemize">Port 5280 listens for HTTP requests, and serves the HTTP Poll service.
</LI><LI CLASS="li-itemize">Port 5281 listens for HTTP requests, and serves the Web Admin using HTTPS as explained in
-section&#XA0;<A HREF="#webadmin">4.2</A>.
+section&#XA0;<A HREF="#webadmin">4.2</A>. The socket only listens connections to the IP address 127.0.0.1.
</LI></UL><PRE CLASS="verbatim">{hosts, ["example.com", "example.org", "example.net"]}.
{listen,
[
@@ -785,17 +808,17 @@ section&#XA0;<A HREF="#webadmin">4.2</A>.
tls, {certfile, "/etc/ejabberd/server.pem"},
{max_stanza_size, 65536}
]},
- {5269, ejabberd_s2s_in, [
- {shaper, s2s_shaper},
- {max_stanza_size, 131072}
- ]},
+ {{5269, "::"}, ejabberd_s2s_in, [
+ {shaper, s2s_shaper},
+ {max_stanza_size, 131072}
+ ]},
{5280, ejabberd_http, [
http_poll
]},
- {5281, ejabberd_http, [
- web_admin,
- tls, {certfile, "/etc/ejabberd/server.pem"},
- ]}
+ {{5281, "127.0.0.1"}, ejabberd_http, [
+ web_admin,
+ tls, {certfile, "/etc/ejabberd/server.pem"},
+ ]}
]
}.
{s2s_use_starttls, true}.
@@ -803,21 +826,23 @@ section&#XA0;<A HREF="#webadmin">4.2</A>.
{domain_certfile, "example.com", "/etc/ejabberd/example_com.pem"}.
</PRE><P>In this example, the following configuration defines that:
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
-c2s connections are listened for on port 5222 and 5223 (SSL) and denied
+c2s connections are listened for on port 5222 (all IPv4 addresses) and
+on port 5223 (SSL, IP 192.168.0.1 and fdca:8ab6:a243:75ef::1) and denied
for the user called &#X2018;<TT>bad</TT>&#X2019;.
-</LI><LI CLASS="li-itemize">s2s connections are listened for on port 5269 with STARTTLS for secured
-traffic enabled.
+</LI><LI CLASS="li-itemize">s2s connections are listened for on port 5269 (all IPv4 addresses)
+with STARTTLS for secured traffic enabled.
Incoming and outgoing connections of remote Jabber servers are denied,
only two servers can connect: "jabber.example.org" and "example.com".
-</LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service. Note
+</LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service
+in all the IPv4 addresses. Note
that it is also possible to serve them on different ports. The second
example in section&#XA0;<A HREF="#webadmin">4.2</A> shows how exactly this can be done.
-</LI><LI CLASS="li-itemize">All users except for the administrators have a traffic of limit
+</LI><LI CLASS="li-itemize">All users except for the administrators have a traffic of limit
1,000&#XA0;Bytes/second
</LI><LI CLASS="li-itemize">The
<A HREF="http://www.ejabberd.im/pyaimt">AIM transport</A>
-<TT>aim.example.org</TT> is connected to port 5233 with password
-&#X2018;<TT>aimsecret</TT>&#X2019;.
+<TT>aim.example.org</TT> is connected to port 5233 on localhost IP addresses
+(127.0.0.1 and ::1) with password &#X2018;<TT>aimsecret</TT>&#X2019;.
</LI><LI CLASS="li-itemize">The ICQ transport JIT (<TT>icq.example.org</TT> and
<TT>sms.example.org</TT>) is connected to port 5234 with password
&#X2018;<TT>jitsecret</TT>&#X2019;.
@@ -843,13 +868,32 @@ connected to port 5237 with password &#X2018;<TT>ggsecret</TT>&#X2019;.
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{listen,
- [{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
- {5223, ejabberd_c2s, [{access, c2s},
- ssl, {certfile, "/path/to/ssl.pem"}]},
- {5269, ejabberd_s2s_in, []},
- {5280, ejabberd_http, [http_poll, web_admin]},
- {5233, ejabberd_service, [{hosts, ["aim.example.org"],
- [{password, "aimsecret"}]}]},
+ [{5222, ejabberd_c2s, [
+ {access, c2s},
+ {shaper, c2s_shaper}
+ ]},
+ {{5223, {192, 168, 0, 1}}, ejabberd_c2s, [
+ {access, c2s},
+ ssl, {certfile, "/path/to/ssl.pem"}
+ ]},
+ {{5223, {16#fdca, 16#8ab6, 16#a243, 16#75ef, 0, 0, 0, 1}},
+ ejabberd_c2s, [
+ {access, c2s},
+ ssl, {certfile, "/path/to/ssl.pem"}
+ ]},
+ {5269, ejabberd_s2s_in, []},
+ {{5280, {0, 0, 0, 0}}, ejabberd_http, [
+ http_poll,
+ web_admin
+ ]},
+ {{5233, {127, 0, 0, 1}}, ejabberd_service, [
+ {hosts, ["aim.example.org"],
+ [{password, "aimsecret"}]}
+ ]},
+ {{5233, "::1"}, ejabberd_service, [
+ {hosts, ["aim.example.org"],
+ [{password, "aimsecret"}]}
+ ]},
{5234, ejabberd_service, [{hosts, ["icq.example.org", "sms.example.org"],
[{password, "jitsecret"}]}]},
{5235, ejabberd_service, [{hosts, ["msn.example.org"],
@@ -3073,16 +3117,20 @@ administer the virtual host <TT>example.com</TT>.
</PRE></LI><LI CLASS="li-itemize">For security reasons, you can serve the Web Admin on a secured
connection, on a port differing from the HTTP Polling interface, and bind it
to the internal LAN IP. The Web Admin will be accessible by pointing your
-web browser to <CODE>https://192.168.1.1:5280/admin/</CODE>:
+web browser to <CODE>https://192.168.1.1:5282/admin/</CODE>:
<PRE CLASS="verbatim">
{hosts, ["example.org"]}.
{listen,
[
...
- {5270, ejabberd_http, [http_poll]},
- {5280, ejabberd_http, [web_admin, {ip, {192, 168, 1, 1}},
- tls, {certfile, "/usr/local/etc/server.pem"}]},
+ {5280, ejabberd_http, [
+ http_poll
+ ]},
+ {{5282, "192.168.1.1"}, ejabberd_http, [
+ web_admin,
+ tls, {certfile, "/usr/local/etc/server.pem"}
+ ]},
...
]}.
</PRE></LI></UL><P>Certain pages in the ejabberd Web Admin contain a link to a related
diff --git a/doc/guide.tex b/doc/guide.tex
index 6e2422af5..bcf79b568 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -735,34 +735,80 @@ The option \option{listen} defines for which addresses and ports \ejabberd{}
will listen and what services will be run on them. Each element of the list is a
tuple with the following elements:
\begin{itemize}
-\item Port number.
-\item Module that serves this port.
-\item Options to this module.
+\item Port number. Optionally also the IP address.
+\item Listening module that serves this port.
+\item Options for the TCP socket and for the listening module.
\end{itemize}
+With the basic syntax the ports will listen on all IPv4 network addresses:
+\begin{verbatim}
+{listen, [
+ {<port-number>, <module>, [<options>]},
+ {<port-number>, <module>, [<options>]},
+ ...
+ {<port-number>, <module>, [<options>]}
+ ]}.
+\end{verbatim}
+
+It is possible to specify the IP address for a port using the full syntax:
+\begin{verbatim}
+ {{<port-number>, <ip-address>}, <module>, [<options>]}
+\end{verbatim}
+
+
+\makesubsubsection{listened-port}{Port Number and IP Address}
+
+The port number defines which port to listen for incoming connections.
+It can be a Jabber/XMPP standard port
+(see section \ref{firewall}) or any other valid port number.
+
+The IP address can be represented with a string
+or an Erlang tuple with decimal or hexadecimal numbers.
+The socket will listen only in that network interface.
+It is possible to specify a generic address,
+so \ejabberd{} will listen in all addresses.
+Depending in the type of the IP address, IPv4 or IPv6 will be used.
+
+Some example values for IP address:
+\begin{itemize}
+\item \verb|"0.0.0.0"| to listen in all IPv4 network interfaces. This is the default value when no IP is specified.
+\item \verb|"::"| to listen in all IPv6 network interfaces
+\item \verb|"10.11.12.13"| is the IPv4 address \verb|10.11.12.13|
+\item \verb|"::FFFF:127.0.0.1"| is the IPv6 address \verb|::FFFF:127.0.0.1/128|
+\item \verb|{10, 11, 12, 13}| is the IPv4 address \verb|10.11.12.13|
+\item \verb|{0, 0, 0, 0, 0, 65535, 32512, 1}| is the IPv6 address \verb|::FFFF:127.0.0.1/128|
+\item \verb|{16#fdca, 16#8ab6, 16#a243, 16#75ef, 0, 0, 0, 1}| is the IPv6 address \verb|FDCA:8AB6:A243:75EF::1/128|
+\end{itemize}
+
+
+\makesubsubsection{listened-module}{Listening Module}
+
\ind{modules!ejabberd\_c2s}\ind{modules!ejabberd\_s2s\_in}\ind{modules!ejabberd\_service}\ind{modules!ejabberd\_http}\ind{protocols!XEP-0114: Jabber Component Protocol}
The available modules, their purpose and the options allowed by each one are:
\begin{description}
\titem{\texttt{ejabberd\_c2s}}
Handles c2s connections.\\
- Options: \texttt{access}, \texttt{certfile}, \texttt{inet6},
- \texttt{ip}, \texttt{max\_stanza\_size}, \texttt{shaper},
+ Options: \texttt{access}, \texttt{certfile},
+ \texttt{max\_stanza\_size}, \texttt{shaper},
\texttt{starttls}, \texttt{starttls\_required}, \texttt{tls},
\texttt{zlib}
\titem{\texttt{ejabberd\_s2s\_in}}
Handles incoming s2s connections.\\
- Options: \texttt{inet6}, \texttt{ip}, \texttt{max\_stanza\_size}
+ Options: \texttt{max\_stanza\_size}
\titem{\texttt{ejabberd\_service}}
Interacts with an \footahref{http://www.ejabberd.im/tutorials-transports}{external component}
(as defined in the Jabber Component Protocol (\xepref{0114}).\\
- Options: \texttt{access}, \texttt{hosts}, \texttt{inet6},
- \texttt{ip}, \texttt{shaper}, \texttt{service\_check\_from}
+ Options: \texttt{access}, \texttt{hosts},
+ \texttt{shaper}, \texttt{service\_check\_from}
\titem{\texttt{ejabberd\_http}}
Handles incoming HTTP connections.\\
Options: \texttt{certfile}, \texttt{http\_bind}, \texttt{http\_poll},
- \texttt{inet6}, \texttt{ip}, \texttt{request\_handlers}, \texttt{tls}, \texttt{web\_admin}\\
+ \texttt{request\_handlers}, \texttt{tls}, \texttt{web\_admin}\\
\end{description}
+
+\makesubsubsection{listened-options}{Options}
+
This is a detailed description of each option allowed by the listening modules:
\begin{description}
\titem{\{access, <access rule>\}} \ind{options!access}This option defines
@@ -808,13 +854,7 @@ This is a detailed description of each option allowed by the listening modules:
is also needed in the \Jabber{} client. Remark also that HTTP Polling can be
interesting to host a web-based \Jabber{} client such as
\footahref{http://jwchat.sourceforge.net/}{JWChat}.
- \titem{inet6} \ind{options!inet6}\ind{IPv6}Set up the socket for IPv6 instead of IPv4.
- Note: this option is not required for S2S outgoing connections,
- because when ejabberd attempts to establish a S2S outgoing connection
- it first tries IPv4, and if that fails it attempts with IPv6.
- \titem{\{ip, IPAddress\}} \ind{options!ip}This option specifies which network
- interface to listen for. For example \verb|{ip, {192, 168, 1, 1}}|.
- \titem{\{max\_stanza\_size, Size\}}
+ \titem{\{max\_stanza\_size, Size\}}
\ind{options!max\_stanza\_size}This option specifies an
approximate maximum size in bytes of XML stanzas. Approximate,
because it is calculated with the precision of one block of readed
@@ -861,7 +901,7 @@ This is a detailed description of each option allowed by the listening modules:
option will not affect connections (there will be no stream compression).
\end{description}
-There are some additional global options:
+There are some additional global options that can be specified in the ejabberd configuration file (outside \term{listen}):
\begin{description}
\titem{\{s2s\_use\_starttls, true|false\}}
\ind{options!s2s\_use\_starttls}\ind{STARTTLS}This option defines whether to
@@ -886,6 +926,8 @@ There are some additional global options:
Specified in seconds. The default value is 300 seconds (5 minutes).
\end{description}
+\makesubsubsection{listened-examples}{Examples}
+
For example, the following simple configuration defines:
\begin{itemize}
\item There are three domains. The default certificate file is \term{server.pem}.
@@ -893,10 +935,10 @@ However, the c2s and s2s connections to the domain \term{example.com} use the fi
\item Port 5222 listens for c2s connections with STARTTLS,
and also allows plain connections for old clients.
\item Port 5223 listens for c2s connections with the old SSL.
-\item Port 5269 listens for s2s connections with STARTTLS.
+\item Port 5269 listens for s2s connections with STARTTLS. The socket is set for IPv6 instead of IPv4.
\item Port 5280 listens for HTTP requests, and serves the HTTP Poll service.
\item Port 5281 listens for HTTP requests, and serves the Web Admin using HTTPS as explained in
- section~\ref{webadmin}.
+ section~\ref{webadmin}. The socket only listens connections to the IP address 127.0.0.1.
\end{itemize}
\begin{verbatim}
{hosts, ["example.com", "example.org", "example.net"]}.
@@ -914,17 +956,17 @@ However, the c2s and s2s connections to the domain \term{example.com} use the fi
tls, {certfile, "/etc/ejabberd/server.pem"},
{max_stanza_size, 65536}
]},
- {5269, ejabberd_s2s_in, [
- {shaper, s2s_shaper},
- {max_stanza_size, 131072}
- ]},
+ {{5269, "::"}, ejabberd_s2s_in, [
+ {shaper, s2s_shaper},
+ {max_stanza_size, 131072}
+ ]},
{5280, ejabberd_http, [
http_poll
]},
- {5281, ejabberd_http, [
- web_admin,
- tls, {certfile, "/etc/ejabberd/server.pem"},
- ]}
+ {{5281, "127.0.0.1"}, ejabberd_http, [
+ web_admin,
+ tls, {certfile, "/etc/ejabberd/server.pem"},
+ ]}
]
}.
{s2s_use_starttls, true}.
@@ -934,21 +976,23 @@ However, the c2s and s2s connections to the domain \term{example.com} use the fi
In this example, the following configuration defines that:
\begin{itemize}
-\item c2s connections are listened for on port 5222 and 5223 (SSL) and denied
+\item c2s connections are listened for on port 5222 (all IPv4 addresses) and
+ on port 5223 (SSL, IP 192.168.0.1 and fdca:8ab6:a243:75ef::1) and denied
for the user called `\term{bad}'.
-\item s2s connections are listened for on port 5269 with STARTTLS for secured
- traffic enabled.
+\item s2s connections are listened for on port 5269 (all IPv4 addresses)
+ with STARTTLS for secured traffic enabled.
Incoming and outgoing connections of remote Jabber servers are denied,
only two servers can connect: "jabber.example.org" and "example.com".
-\item Port 5280 is serving the Web Admin and the HTTP Polling service. Note
+\item Port 5280 is serving the Web Admin and the HTTP Polling service
+ in all the IPv4 addresses. Note
that it is also possible to serve them on different ports. The second
example in section~\ref{webadmin} shows how exactly this can be done.
-\item All users except for the administrators have a traffic of limit
+\item All users except for the administrators have a traffic of limit
1,000\,Bytes/second
\item \ind{transports!AIM}The
\footahref{http://www.ejabberd.im/pyaimt}{AIM transport}
- \jid{aim.example.org} is connected to port 5233 with password
- `\term{aimsecret}'.
+ \jid{aim.example.org} is connected to port 5233 on localhost IP addresses
+ (127.0.0.1 and ::1) with password `\term{aimsecret}'.
\item \ind{transports!ICQ}The ICQ transport JIT (\jid{icq.example.org} and
\jid{sms.example.org}) is connected to port 5234 with password
`\term{jitsecret}'.
@@ -976,13 +1020,32 @@ In this example, the following configuration defines that:
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{listen,
- [{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
- {5223, ejabberd_c2s, [{access, c2s},
- ssl, {certfile, "/path/to/ssl.pem"}]},
- {5269, ejabberd_s2s_in, []},
- {5280, ejabberd_http, [http_poll, web_admin]},
- {5233, ejabberd_service, [{hosts, ["aim.example.org"],
- [{password, "aimsecret"}]}]},
+ [{5222, ejabberd_c2s, [
+ {access, c2s},
+ {shaper, c2s_shaper}
+ ]},
+ {{5223, {192, 168, 0, 1}}, ejabberd_c2s, [
+ {access, c2s},
+ ssl, {certfile, "/path/to/ssl.pem"}
+ ]},
+ {{5223, {16#fdca, 16#8ab6, 16#a243, 16#75ef, 0, 0, 0, 1}},
+ ejabberd_c2s, [
+ {access, c2s},
+ ssl, {certfile, "/path/to/ssl.pem"}
+ ]},
+ {5269, ejabberd_s2s_in, []},
+ {{5280, {0, 0, 0, 0}}, ejabberd_http, [
+ http_poll,
+ web_admin
+ ]},
+ {{5233, {127, 0, 0, 1}}, ejabberd_service, [
+ {hosts, ["aim.example.org"],
+ [{password, "aimsecret"}]}
+ ]},
+ {{5233, "::1"}, ejabberd_service, [
+ {hosts, ["aim.example.org"],
+ [{password, "aimsecret"}]}
+ ]},
{5234, ejabberd_service, [{hosts, ["icq.example.org", "sms.example.org"],
[{password, "jitsecret"}]}]},
{5235, ejabberd_service, [{hosts, ["msn.example.org"],
@@ -3940,7 +4003,7 @@ Examples:
\item For security reasons, you can serve the Web Admin on a secured
connection, on a port differing from the HTTP Polling interface, and bind it
to the internal LAN IP. The Web Admin will be accessible by pointing your
- web browser to \verb|https://192.168.1.1:5280/admin/|:
+ web browser to \verb|https://192.168.1.1:5282/admin/|:
\begin{verbatim}
{hosts, ["example.org"]}.
@@ -3948,9 +4011,13 @@ Examples:
{listen,
[
...
- {5270, ejabberd_http, [http_poll]},
- {5280, ejabberd_http, [web_admin, {ip, {192, 168, 1, 1}},
- tls, {certfile, "/usr/local/etc/server.pem"}]},
+ {5280, ejabberd_http, [
+ http_poll
+ ]},
+ {{5282, "192.168.1.1"}, ejabberd_http, [
+ web_admin,
+ tls, {certfile, "/usr/local/etc/server.pem"}
+ ]},
...
]}.
\end{verbatim}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 12:43:55 +0000