Nextcloud ejabberd

From Newroco Tech Docs
Jump to navigationJump to search

Nextcloud has a chat app (ojsxc) that could use an internal XMPP/Jabber with limited functionality or use an external server. This page will describe how to build an external XMPP/Jabber server (ejabberd in this case) and integrate it with Nextcloud.

Ejabberd Installation

Install these packages 

apt-get install ejabberd git python python-requests python-configargparse python-bcrypt

Go to /opt dir 

cd /opt

Clone the git repository for the external authentication script 

git clone https://github.com/jsxc/xmpp-cloud-auth

Go to /opt/xmpp-cloud-auth dir 

 cd /opt/xmpp-cloud-auth

And install the external authentication script 

./install.sh

Edit the following lines in /etc/ejabberd/ejabberd.yml 

hosts:
  - "nextcloud.domain.com"
captcha: false    ###for port 5280
s2s_use_starttls: required
#auth_method: internal
auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/xcauth.sh"
use_auth_cache: false    ###if you use a version of ejabberd >= 17.06

Restart the ejabberd service 

service ejabberd restart

Copy the certificates for nextcloud.domain.com from the NC server to the ejabberd server using this script as a daily crontab 

/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log

cat /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/privkey.pem /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/fullchain.pem > /etc/ejabberd/ejabberd.pem

service ejabberd restart

Don't forget to make the script executable and manually run the script for the initial certificate copy

Copy xcauth.conf file to /etc, change permissions/ownership and open it 

cp /opt/xmpp-cloud-auth/xcauth.conf /etc/
chown ejabberd:ejabberd /etc/xcauth.conf
chmod 600 /etc/xcauth.conf
vi /etc/xcauth.conf

Uncomment these lines in /etc/xcauth.conf and keep the file open, we'll need to get some values from Nextcloud 

type=ejabberd
secret=...
url=...

Nextcloud Configuration

Now go to the Nextcloud apache VirtualHost and add these line 

ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPreserveHost On
SSLProxyEngine On

Enable the apache modules and reload it 

a2enmod proxy proxy_http
service apache2 reload

Assuming you already installed/enabled the ojsxc app, go to Nextcloud interface to Admin->JavaScript Xmpp Client:

  • Select "External" XMPP server
  • Enter <nextcloud.domain.com> in the "XMPP Domain" field
  • Enter https://<nextcloud.domain.com>/http-bind/ in the "BOSH URL" field
  • Click the "Save settings" button at the bottom of the page
  • Copy the values from fields "API URL" and "Secure API token" to the file from ejabber server that you kept open

No everything should be set, logout and login back in to see if the chat works

Tip

If you cannot login to Nextcloud after you set the chat app, something probably is configured wrong. In this case you can press "Log in without chat".

Retrieved from "https://docswiki-failover.newro.co/index.php?title=Nextcloud_ejabberd&oldid=1009"