![]() # You can define one or several, for example: # rotation: Disable ejabberd's internal log rotation, as the Debian package # loglevel: Verbosity of log files generated by ejabberd # ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* # ******* YAML IS INDENTATION SENSITIVE ******* # The configuration file is written in YAML. ![]() # The parameters used in this configuration file are explained at We can find the config in: /etc/ejabberd/ejabberd.yml # I want to try to do the same but on a subdomain, like instead of banana.io (these are fictional domains) Ejabberd config: # (the IPs and domain are fictional) DNS config: #Īnd some SRV records for clients and servers, see: I've used a VPS that has a local IP and a Public ip, but the second one is not directly on the network interface of our VM. A OUTPUT -p tcp -m tcp -dport 80 -j REDIRECT -to-ports 5280 A PREROUTING -i eth0 -p tcp -m tcp -dport 80 -j REDIRECT -to-ports 5280 A INPUT -m state -state RELATED,ESTABLISHED -j ACCEPT A INPUT -p icmp -m icmp -icmp-type 8 -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -m multiport -dports 49152:65535 -m comment -comment "stun TCP" -j ACCEPT A INPUT -i eth0 -p udp -m udp -m multiport -dports 49152:65535 -m comment -comment "stun UDP" -j ACCEPT A INPUT -i eth0 -p udp -m udp -dport 3478 -m comment -comment "ejabberd_stun UDP" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5349 -m comment -comment "ejabberd_stun TCP" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5280 -m comment -comment "ejabberd_http plain" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5443 -m comment -comment "ejabberd_http TLS" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5270 -m comment -comment "ejabberd_s2s_in tls" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5269 -m comment -comment "ejabberd_s2s_in plain" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5223 -m comment -comment "ejabberd_c2s tls" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 5222 -m comment -comment "ejabberd_c2s plain" -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 80 -j ACCEPT A INPUT -i eth0 -p tcp -m tcp -dport 22 -j ACCEPT A INPUT -p tcp -m multiport -dports 22 -j fail2ban-ssh Iptables config: # Generated by iptables-save v1.8.7 on Sun Jan 23 17:33:37 2022 The redirection of port 80 to 5280 is used to allow certbot to generate certificates for our installation, ejabberd will run as a non-privileged user so it won't be able to open ports under 1000. Install Ejabberd: # apt install ejabberd Firewalling: #
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |