Nextcloud ejabberd

From Newroco Tech Docs
Revision as of 11:43, 28 August 2017 by Emilian.mitocariu (talk | contribs) (→‎Nextcloud Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Nextcloud has a chat app (ojsxc) that could use an internal XMPP/Jabber with limited functionality or use an external server. This page will describe how to build an external XMPP/Jabber server (ejabberd in this case) and integrate it with Nextcloud.

Ejabberd Installation

Install these packages 

apt-get install ejabberd git python python-requests python-configargparse python-bcrypt

Go to /opt dir 

cd /opt

Clone the git repository for the external authentication script 

git clone https://github.com/jsxc/xmpp-cloud-auth

Go to /opt/xmpp-cloud-auth dir 

 cd /opt/xmpp-cloud-auth

And install the external authentication script 

./install.sh

Edit the following lines in /etc/ejabberd/ejabberd.yml 

hosts:
  - "nextcloud.domain.com"

- 
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: false
    tls: true
    certfile: "/etc/ejabberd/ejabberd.pem"

s2s_use_starttls: required
#auth_method: internal
auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/xcauth.sh"
use_auth_cache: false    ###if you use a version of ejabberd >= 17.06

Restart the ejabberd service 

service ejabberd restart

Copy the certificates for nextcloud.domain.com from the NC server (or proxy) to the ejabberd server using this script as a daily crontab 

/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log

cat /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/privkey.pem /etc/letsencrypt-nextcloud/live/<nextcloud.domain.com>/fullchain.pem > /etc/ejabberd/ejabberd.pem

service ejabberd restart

Don't forget to make the script executable and manually run the script for the initial certificate copy

Copy xcauth.conf file to /etc, change permissions/ownership and open it 

cp /opt/xmpp-cloud-auth/xcauth.conf /etc/
chown ejabberd:ejabberd /etc/xcauth.conf
chmod 600 /etc/xcauth.conf
vi /etc/xcauth.conf

Uncomment these lines in /etc/xcauth.conf and keep the file open, we'll need to get some values from Nextcloud 

type=ejabberd
secret=...
url=...

Nextcloud Configuration

Now go to the Nextcloud apache VirtualHost and add these line (or on the proxy if the servers are behind one) 

ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPreserveHost On
SSLProxyEngine On

Enable the apache modules and reload it 

a2enmod proxy proxy_http
service apache2 reload

Assuming you already installed/enabled the ojsxc app, go to Nextcloud interface to Admin->JavaScript Xmpp Client:

  • Select "External" XMPP server
  • Enter <nextcloud.domain.com> in the "XMPP Domain" field
  • Enter https://<nextcloud.domain.com>/http-bind/ in the "BOSH URL" field
  • Click the "Save settings" button at the bottom of the page
  • Copy the values from fields "API URL" and "Secure API token" to the file from ejabber server that you kept open

No everything should be set, logout and login back in to see if the chat works

Tip

If you cannot login to Nextcloud after you set the chat app, something probably is configured wrong. In this case you can press "Log in without chat".

Retrieved from "http://docswiki.newro.co/index.php?title=Nextcloud_ejabberd&oldid=1011"