Nextcloud ejabberd: Difference between revisions
(One intermediate revision by the same user not shown) | |||
Line 20: | Line 20: | ||
<pre>hosts: | <pre>hosts: | ||
- "nextcloud.domain.com" | - "nextcloud.domain.com" | ||
- | |||
port: 5280 | |||
ip: "::" | |||
module: ejabberd_http | |||
request_handlers: | |||
"/websocket": ejabberd_http_ws | |||
## "/pub/archive": mod_http_fileserver | |||
web_admin: true | |||
http_bind: true | |||
## register: true | |||
captcha: false | |||
tls: true | |||
certfile: "/etc/ejabberd/ejabberd.pem" | |||
s2s_use_starttls: required | s2s_use_starttls: required | ||
#auth_method: internal | #auth_method: internal | ||
Line 30: | Line 44: | ||
<pre>service ejabberd restart</pre> | <pre>service ejabberd restart</pre> | ||
Copy the certificates for nextcloud.domain.com from the NC server to the ejabberd server using this script as a daily crontab | Copy the certificates for nextcloud.domain.com from the NC server (or proxy) to the ejabberd server using this script as a daily crontab | ||
<pre>/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log | <pre>/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log | ||
Line 53: | Line 67: | ||
==Nextcloud Configuration== | ==Nextcloud Configuration== | ||
Now go to the Nextcloud apache VirtualHost and add these line | Now go to the Nextcloud apache VirtualHost and add these line (or on the proxy if the servers are behind one) | ||
<pre>ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/ | <pre>ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/ | ||
ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/ | ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/ |
Latest revision as of 11:43, 28 August 2017
Nextcloud has a chat app (ojsxc) that could use an internal XMPP/Jabber with limited functionality or use an external server. This page will describe how to build an external XMPP/Jabber server (ejabberd in this case) and integrate it with Nextcloud.
Ejabberd Installation
Install these packages
apt-get install ejabberd git python python-requests python-configargparse python-bcrypt
Go to /opt dir
cd /opt
Clone the git repository for the external authentication script
git clone https://github.com/jsxc/xmpp-cloud-auth
Go to /opt/xmpp-cloud-auth dir
cd /opt/xmpp-cloud-auth
And install the external authentication script
./install.sh
Edit the following lines in /etc/ejabberd/ejabberd.yml
hosts: - "nextcloud.domain.com" - port: 5280 ip: "::" module: ejabberd_http request_handlers: "/websocket": ejabberd_http_ws ## "/pub/archive": mod_http_fileserver web_admin: true http_bind: true ## register: true captcha: false tls: true certfile: "/etc/ejabberd/ejabberd.pem" s2s_use_starttls: required #auth_method: internal auth_method: external extauth_program: "/opt/xmpp-cloud-auth/xcauth.sh" use_auth_cache: false ###if you use a version of ejabberd >= 17.06
Restart the ejabberd service
service ejabberd restart
Copy the certificates for nextcloud.domain.com from the NC server (or proxy) to the ejabberd server using this script as a daily crontab
/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log cat /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/privkey.pem /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/fullchain.pem > /etc/ejabberd/ejabberd.pem service ejabberd restart
Don't forget to make the script executable and manually run the script for the initial certificate copy
Copy xcauth.conf file to /etc, change permissions/ownership and open it
cp /opt/xmpp-cloud-auth/xcauth.conf /etc/ chown ejabberd:ejabberd /etc/xcauth.conf chmod 600 /etc/xcauth.conf vi /etc/xcauth.conf
Uncomment these lines in /etc/xcauth.conf and keep the file open, we'll need to get some values from Nextcloud
type=ejabberd secret=... url=...
Nextcloud Configuration
Now go to the Nextcloud apache VirtualHost and add these line (or on the proxy if the servers are behind one)
ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/ ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/ ProxyPreserveHost On SSLProxyEngine On
Enable the apache modules and reload it
a2enmod proxy proxy_http service apache2 reload
Assuming you already installed/enabled the ojsxc app, go to Nextcloud interface to Admin->JavaScript Xmpp Client:
- Select "External" XMPP server
- Enter <nextcloud.domain.com> in the "XMPP Domain" field
- Enter https://<nextcloud.domain.com>/http-bind/ in the "BOSH URL" field
- Click the "Save settings" button at the bottom of the page
- Copy the values from fields "API URL" and "Secure API token" to the file from ejabber server that you kept open
No everything should be set, logout and login back in to see if the chat works
Tip
If you cannot login to Nextcloud after you set the chat app, something probably is configured wrong. In this case you can press "Log in without chat".