Nextcloud ejabberd

From Newroco Tech Docs
Jump to navigationJump to search

Nextcloud has a chat app (ojsxc) that could use an internal XMPP/Jabber with limited functionality or use an external server. This page will describe how to build an external XMPP/Jabber server (ejabberd in this case) and integrate it with Nextcloud.

Ejabberd Installation

Install these packages

apt-get install ejabberd git python python-requests python-configargparse python-bcrypt

Go to /opt dir

cd /opt

Clone the git repository for the external authentication script

git clone

Go to /opt/xmpp-cloud-auth dir

 cd /opt/xmpp-cloud-auth

And install the external authentication script


Edit the following lines in /etc/ejabberd/ejabberd.yml

  - ""

    port: 5280
    ip: "::"
    module: ejabberd_http
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: false
    tls: true
    certfile: "/etc/ejabberd/ejabberd.pem"

s2s_use_starttls: required
#auth_method: internal
auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/"
use_auth_cache: false    ###if you use a version of ejabberd >= 17.06

Restart the ejabberd service

service ejabberd restart

Copy the certificates for from the NC server (or proxy) to the ejabberd server using this script as a daily crontab

/usr/bin/rsync -rl --safe-links --rsync-path="/usr/bin/sudo /usr/bin/rsync" letsencrypt_sync@<nc.ser.ver.ip>:/etc/letsencrypt/ /etc/letsencrypt-nextcloud/ 2>&1 >> /var/log/letsencrypt_sync.log

cat /etc/letsencrypt-nextcloud/live/<>/privkey.pem /etc/letsencrypt-nextcloud/live/<>/fullchain.pem > /etc/ejabberd/ejabberd.pem

service ejabberd restart

Don't forget to make the script executable and manually run the script for the initial certificate copy

Copy xcauth.conf file to /etc, change permissions/ownership and open it

cp /opt/xmpp-cloud-auth/xcauth.conf /etc/
chown ejabberd:ejabberd /etc/xcauth.conf
chmod 600 /etc/xcauth.conf
vi /etc/xcauth.conf

Uncomment these lines in /etc/xcauth.conf and keep the file open, we'll need to get some values from Nextcloud


Nextcloud Configuration

Now go to the Nextcloud apache VirtualHost and add these line (or on the proxy if the servers are behind one)

ProxyPass /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPassReverse /http-bind/ https://<ejabberd-server-ip>:5280/http-bind/
ProxyPreserveHost On
SSLProxyEngine On

Enable the apache modules and reload it

a2enmod proxy proxy_http
service apache2 reload

Assuming you already installed/enabled the ojsxc app, go to Nextcloud interface to Admin->JavaScript Xmpp Client:

  • Select "External" XMPP server
  • Enter <> in the "XMPP Domain" field
  • Enter https://<>/http-bind/ in the "BOSH URL" field
  • Click the "Save settings" button at the bottom of the page
  • Copy the values from fields "API URL" and "Secure API token" to the file from ejabber server that you kept open

No everything should be set, logout and login back in to see if the chat works


If you cannot login to Nextcloud after you set the chat app, something probably is configured wrong. In this case you can press "Log in without chat".