Nextcloud ejabberd: Difference between revisions

From Newroco Tech Docs
Jump to navigationJump to search
Line 20: Line 20:
<pre>hosts:
<pre>hosts:
   - "nextcloud.domain.com"
   - "nextcloud.domain.com"
captcha: false    ###for port 5280
 
-
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
    ## "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: false
    tls: true
    certfile: "/etc/ejabberd/ejabberd.pem"
 
s2s_use_starttls: required
s2s_use_starttls: required
#auth_method: internal
#auth_method: internal
Line 30: Line 44:
<pre>service ejabberd restart</pre>
<pre>service ejabberd restart</pre>


Copy the certificates for nextcloud.domain.com from the NC server to the ejabberd server using this script as a daily crontab
Copy the certificates for nextcloud.domain.com from the NC server (or proxy) to the ejabberd server using this script as a daily crontab
<pre>/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log
<pre>/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log



Revision as of 09:12, 28 August 2017

Nextcloud has a chat app (ojsxc) that could use an internal XMPP/Jabber with limited functionality or use an external server. This page will describe how to build an external XMPP/Jabber server (ejabberd in this case) and integrate it with Nextcloud.

Ejabberd Installation

Install these packages

apt-get install ejabberd git python python-requests python-configargparse python-bcrypt

Go to /opt dir

cd /opt

Clone the git repository for the external authentication script

git clone https://github.com/jsxc/xmpp-cloud-auth

Go to /opt/xmpp-cloud-auth dir

 cd /opt/xmpp-cloud-auth

And install the external authentication script

./install.sh

Edit the following lines in /etc/ejabberd/ejabberd.yml

hosts:
  - "nextcloud.domain.com"

- 
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: false
    tls: true
    certfile: "/etc/ejabberd/ejabberd.pem"

s2s_use_starttls: required
#auth_method: internal
auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/xcauth.sh"
use_auth_cache: false    ###if you use a version of ejabberd >= 17.06

Restart the ejabberd service

service ejabberd restart

Copy the certificates for nextcloud.domain.com from the NC server (or proxy) to the ejabberd server using this script as a daily crontab

/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log

cat /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/privkey.pem /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/fullchain.pem > /etc/ejabberd/ejabberd.pem

service ejabberd restart

Don't forget to make the script executable and manually run the script for the initial certificate copy

Copy xcauth.conf file to /etc, change permissions/ownership and open it

cp /opt/xmpp-cloud-auth/xcauth.conf /etc/
chown ejabberd:ejabberd /etc/xcauth.conf
chmod 600 /etc/xcauth.conf
vi /etc/xcauth.conf

Uncomment these lines in /etc/xcauth.conf and keep the file open, we'll need to get some values from Nextcloud

type=ejabberd
secret=...
url=...

Nextcloud Configuration

Now go to the Nextcloud apache VirtualHost and add these line

ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPreserveHost On
SSLProxyEngine On

Enable the apache modules and reload it

a2enmod proxy proxy_http
service apache2 reload

Assuming you already installed/enabled the ojsxc app, go to Nextcloud interface to Admin->JavaScript Xmpp Client:

  • Select "External" XMPP server
  • Enter <nextcloud.domain.com> in the "XMPP Domain" field
  • Enter https://<nextcloud.domain.com>/http-bind/ in the "BOSH URL" field
  • Click the "Save settings" button at the bottom of the page
  • Copy the values from fields "API URL" and "Secure API token" to the file from ejabber server that you kept open

No everything should be set, logout and login back in to see if the chat works

Tip

If you cannot login to Nextcloud after you set the chat app, something probably is configured wrong. In this case you can press "Log in without chat".