How to install Jabber/XMPP Server on CentOS / RHEL (redhat)

Jabber Chat Server:

This Documentation is to setup the jabber Chat server:
Pre-Installation Steps:


Check for the UID existance in the /etc/passwd file

#grep 400 /etc/passwd


Create a user for jabber process with UID < 500, without new home directory for the user and setting the installed directory of the jabber server as the home directory


#useradd -u 400 -M -d /usr/local/jabber jabber


#passwd jabber


Changing password for user jabber.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.


Check for the following prerequisites:


1. OpenSSL (version 0.9.6b or higher)
#rpm -qa | grep openssl
openssl-devel-0.9.7a-43.1
openssl-0.9.7a-43.1
xmlsec1-openssl-1.2.6-3


2. Libidn (version 0.3.0 or higher)
#rpm -qa | grep libidn
libidn-0.5.6-1
libidn-devel-0.5.6-1


3. Data Storage Package ( Any Datbase mysql, postgresql, etc.,)
# rpm -qa | grep mysql-server


Preparing... ########################################### [100%]
1:MySQL-standard-debuginf########################################### [ 20%]
2:MySQL-client-standard ########################################### [ 40%]
3:MySQL-devel-standard ########################################### [ 60%]
4:MySQL-server-standard ########################################### [ 80%]
5:MySQL-shared-standard ########################################### [100%]
start the mysql daemon:

[root@linux0120 jabberd-2.0s8]# /etc/init.d/mysqld start
Initializing MySQL database: [ OK ]
Starting MySQL: [ OK ]


Setting password for mysql server database:
#/usr/bin/mysqladmin -u root password 'mysql4dm1n'


4. Authentication Package ( Database or LDAP as of required )
# rpm -qa | grep ldap
(or)
# rpm -qa | grep mysql-server


Download the source from the following URL:
http://jabberd.jabberstudio.org/2/


Unpack the distribution
#tar -zxvf tar -zxvf jabberd-2.0s8.tar.gz
OUTPUT TRUNCATED..................


#cd jabberd-2.0s8


#./configure --help


#./configure --prefix=/usr/local/jabber –enable- ssl=/usr/include/openssl/ --enable-idn --enable-mysql=/usr/include/mysql --enable-ldap --enable-debug


#make


#make install


Create pid and log files:
#mkdir -p /usr/local/jabber/pid


#mkdir -p /usr/local/jabber/log


#chown -R jabber:jabber /usr/local/jabber


======================================================
Set Ownership of Configuration Files
Jabberd configuration files contain passwords; therefore, you should set ownership and permissions on these files so that they are only readable by your jabber user and writable by root only. Using the location of your configuration files and your jabber user, set ownership of these files:


#chown -R root:jabber /usr/local/jabber/etc/jabberd/*


#chmod -R 770 /usr/local/jabber/etc/jabberd/*
=======================================================


4. Basic Configuration
Jabberd 2 is configured via its six XML files.
# su - jabber


#cd etc/jabberd/
-bash-3.00$ cp sm.xml sm.xml_orig
-bash-3.00$ cp c2s.xml c2s.xml_orig
-bash-3.00$ cp s2s.xml s2s.xml_orig
-bash-3.00$ cp router.xml router.xml_orig
-bash-3.00$ cp resolver.xml resolver.xml_orig


4.1. Set Host Name in sm.xml and c2s.xml
Your server hostname (network ID) must be set in both c2s.xml and sm.xml so that the ID provides a network resolvable reference for your server.


# vi sm.xml
In sm.xml file:
Under <sm> tag:


<id>linux0120.dev02.newindia.com</id>
<pidfile>/usr/local/jabber/pid/sm.pid</pidfile>


========================================================
Enable the following certificate tag
<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>
========================================================
Change the log type to file, disable the facility tag and enable the file tag:
<log type='file'>
<!-- <ident>jabberd/sm</ident> -->
<!-- <facility>local3</facility> -->
<file>/usr/local/jabber/log/sm.log</file>


# vi c2s.xml
In c2s.xml file:


<pidfile>/usr/local/jabber/pid/c2s.pid</pidfile>
======================================================
Enable the certificate to use to set up an encrypted channel:
<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>
======================================================
Change the log type to file, disable the facility tag and enable the file tag:
<log type='file'>
<!-- <ident>jabberd/sm</ident> -->
<!-- <facility>local3</facility> -->
<file>/usr/local/jabber/log/c2s.log</file>


Set the id in the Local Network Configuration as follows:
<id>lnux0120.dev02.newindia.com</id>


======================================================
Enable the certificate to use to set up an encrypted channel:
<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>
<cachain>/usr/local/jabber/etc/jabberd/cachain.pem</cachain>
<require-starttls/>
<ssl-port>5223</ssl-port>
=======================================================


4.2. Provision and Configure for Storage and Authentication Package(s)


4.4. Provision and Configure for MySQL
Getting Jabberd 2 to work with your choice of external storage and authentication packages involves these steps:
1. Provision external package(s) to work with Jabberd 2
2. Configure sm.xml for your choice of storage package
3. Configure c2s.xml for your choice of authentication package


Most Jabberd 2 installations rely on a single package, such as MySQL, to provide both storage and authentication services. If your installation relies
on a single package, you will need to configure this package for Jabberd 2 and then enter similar connection details in both sm.xml and c2s.xml.


Storage Package : ( Mysql )
In order to set up MySQL for Jabberd, you must run the setup script included in the Jabberd 2 distribution. After the script is run, you should create a user and then grant that user access to the database.


4.4.1. Provision for mysql:
First, run the MySQL setup script. This script is located in '[Jabberd SourceFiles]/tools'. Switch to the tools directory and start the MySQL console (the
MySQL server should already be running). Then, run the db-setup.mysql script
from the MySQL console:


mysql -u root -p
mysql>\. db-setup.mysql


Now that a database for Jabberd exists in the MySQL data directory, create a MySQL user that Jabberd can use to connect to the MySQL server.

#cd /usr/local/src/jabberd-2.0s8/tools/
#ls db-setup.mysql
#mysql -u root -p
mysql>\. db-setup.mysql


MySQL User and Password:
GRANT select,insert,delete,update ON jabberd2.* to jabberd2@linux0120.dev02.newindia.com IDENTIFIED by 'j4bb3r4dm1n';


Check the mysql login for jabberd2:
[root@linux0120 jabberd]# mysql -u jabberd2 -p -h linux0120.dev02.newindia.com
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15 to server version: 4.1.12


Type 'help;' or '\h' for help. Type '\c' to clear the buffer.


mysql> exit
Bye
MySQL is now ready to be used with Jabberd.


Note: Default MySQL Socket
Jabberd 2 stable 3 connects to the MySQL server socket at /tmp/mysql.sock.
The default socket when installing MySQL from source is
/var/lib/mysql/mysql.sock. You will need to create a symlink to /tmp/mysql.sock if it does not exist:
# ls -l /tmp/mysql.sock
ls: /tmp/mysql.sock: No such file or directory
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock


If you are unsure as to where your MySQL server socket is, consult your MySQL configuration file (usually located in /etc/my.cnf or /etc/mysql/my.cnf).


Default MySQL Socket:
ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock


4.4.2 Configure Storage using MySQL:

Most installations using MySQL for storage will require only the setting of the driver, user and password.


In sm.xml under the section labeled Storage database configuration, make sure that the driver is to use mysql. (The driver should be set to mysql by default.):
# vi sm.xml


<driver>mysql</driver>


In sm.xml under the section labeled MySQL driver configuration, replace secret with your MySQL password. Change the user if you are not using the
default user (jabberd2):


<host>linux0120.dev02.newindia.com</host>
<pass>jabberadmin</pass>


Note that you should change the host setting only if your MySQL server is running on a different host. You should change the port setting only if your MySQL server is running on a non-standard port (port 3306 is the default for MySQL installations). The transaction support section is self-explanatory.


Jabberd 2 is now configured to use MySQL for storage.


4.7. Provision and Configure for OpenLDAP ( For Authentication )


4.7.2. Configure for Authentication using OpenLDAP (c2s.xml)


OpenLDAP configuration is more detailed because configuration requires host and connection settings in addition to query settings.


In c2s.xml under the section labeled Authentication/registration database configuration, edit the driver to use ldap (OpenLDAP):
# vi c2s.xml


<module>ldap<module>


Users cannot create their own accounts when using OpenLDAP for authentication. Therefore, public account registration should be disabled, while auto-create should be enabled so that the session manager can create
accounts the first time users log on.
Commenting the enable tag as below will disable public registration:
Disable the account Registration:
<!-- <enable/> -->


The first part of the LDAP module configuration in c2s.xml deals with the settings required to connect to your OpenLDAP server. The host must either be a hostname resolvable by the server or the IP address of the OpenLDAP server. Port 389 is the default port for OpenLDAP servers, so in most cases, port
should be left as is. The v3 tag specifies whether your OpenLDAP server is v3. Uncomment this tag if it is. Leave the v3 tag commented for OpenLDAP v2
servers. Lastly, uncomment either the starttls or ssl tag if your server supports encryption (see notes below):


<host>linux0120.dev02.newindia.com</host>


Enable and set the bindn as follows:
<binddn>cn=root,dc=newindia,dc=com</binddn>
<bindpw>ld4p4dm1n</bindpw>


Set the basedn tag as follows:
<!-- <basedn realm='company'>o=Company.com</basedn> -->
<basedn>dc=newindia,dc=com</basedn>


In sm.xml under the section labeled User options (near the bottom of the file), uncomment the auto-create tag as below so that the session manager will create a new Jabberd2 account the first time a user logs on:
#vi sm.xml


<auto-create/>


To have the default buddylist to be exported to the client when logs for the first time, enable the following tag:
<roster>/usr/local/jabber/etc/jabberd/templates/roster.xml</roster>


4.8 Configure the router.xml as follows:
#vi router.xml


<pidfile>/usr/local/jabber/pid/router.pid</pidfile>


Change the log type to file, disable the facility tag and enable the file tag:
<log type='file'>
<!-- <ident>jabberd/sm</ident> -->
<!-- <facility>local3</facility> -->
<file>/usr/local/jabber/log/router.log</file>


=======================================================
Enable the certificate to use to set up an encrypted channel:
<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>



4.9 Configure the resolver.xml as follows:
# vi resolver.xml


<pidfile>/usr/local/jabber/pid/resolver.pid</pidfile>


=====================================================
Enable the certificate to use to set up an encrypted channel:
<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>
=====================================================
Change the log type to file, disable the facility tag and enable the file tag:
<log type='file'>
<!-- <ident>jabberd/sm</ident> -->
<!-- <facility>local3</facility> -->
<file>/usr/local/jabber/log/resolver.log</file>


4.10 Configure the s2s.xml as follows:
# vi s2s.xml


<pidfile>/usr/local/jabber/pid/s2s.pid</pidfile>


==================================================
Enable the certificate to use to set up an encrypted channel:
<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>
======================================================
Change the log type to file, disable the facility tag and enable the file tag:
<log type='file'>
<!-- <ident>jabberd/sm</ident> -->
<!-- <facility>local3</facility> -->
<file>/usr/local/jabber/log/resolver.log</file>


======================================================
Enable the certificate to use to set up an encrypted channel:

<pemfile>/usr/local/jabber/etc/jabberd/jabberd-cert.pem</pemfile>

Set the Permissions as follows:
#chmod 750 /usr/local/jabber/etc/ -R
#chmod 750 /usr/local/jabber/bin/ -R
#chmod 750 /usr/local/jabber


Your Jabberd 2 configuration for storage and authentication is now complete.


4.8. Test Server


Checkpoint: Start Your Server
You should be able to start and test your Jabberd 2 server by using the Jabberd 2 startup script (as your jabber user):


su – jabber
./bin/jabberd &
A.6. Generating a Self-Signed SSL Certificate
A.6.1. Generate Key Pair


From a working directory, enter the command below to begin an interactive key
generation process:


#cd
#mkdir KEYS
#cd KEYS
[root@linux0135 KEYS]# openssl req -new -x509 -newkey rsa:1024 -days 3650
-keyout privkey.pem -out server.pem
Generating a 1024 bit RSA private key
........................................++++++
................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Tamilnadu
Locality Name (eg, city) [Newbury]:Chennai
Organization Name (eg, company) [My Company Ltd]:newindia India Pvt Ltd
Organizational Unit Name (eg, section) []:Chennai
Common Name (eg, your name or your server's hostname) []:newindia.com
Email Address []:sysadmin-india@newindia.com


[root@linux0135 KEYS]# openssl rsa -in privkey.pem -out privkey.pem
Enter pass phrase for privkey.pem:
writing RSA key


[root@linux0135 KEYS]#


Generate the key pair and the csr as follows:
Create the key pair and the csr on the JABBER SERVER as follows:
Modify the openssl.cnf file:


[root@sysadminbox root]# find / -name openssl.cnf
/usr/share/ssl/openssl.cnf
/usr/local/src/openssl-0.9.7b/apps/openssl.cnf
/usr/ssl/openssl.cnf


[root@sysadminbox root]# cd /usr/share/ssl/
[root@lnxdev0003 ssl]# vi openssl.cnf
dir = ./CA/
countryName_default = IN
stateOrProvinceName_default = TamilNadu
localityName_default = Chennai
0.organizationName_default = New India Pvt Ltd
organizationalUnitName_default = Development
emailAddress = bharath@newindia.com


[root@linux0120 ssl]# openssl req -new -nodes -config openssl.cnf -keyout /usr/local/jabber/etc/jabberd/jabberd-key.pem -out /usr/local/jabber/etc/jabberd/jabberd.csr
Generating a 1024 bit RSA private key
..................++++++
.........................++++++
writing new private key to '/usr/local/jabber/etc/jabberd/jabberd-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [IN]:
State or Province Name (full name) [TamilNadu]:
Locality Name (eg, city) [Chennai]:
Organization Name (eg, company) [New India Pvt Ltd]:
Organizational Unit Name (eg, section) []:Development
Common Name (eg, your name or your server's hostname) []:linux0120.dev02.newindia.com
logarajan@newindia.com []:


Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


Send the File to the CA for signing:


[root@linux0120 ssl]# openssl ca -config openssl.cnf -out CA/newcerts/jabberd-cert.pem -in /usr/local/jabber/etc/jabberd/jabberd.csr
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Apr 13 05:10:27 2006 GMT
Not After : Apr 13 05:10:27 2007 GMT
Subject:
countryName = IN
stateOrProvinceName = TamilNadu
organizationName = New India Pvt Ltd
organizationalUnitName = Development
commonName = linux0120.dev02.newindia.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
74:52:75:5B:7C:2F:73:BB:7F:1D:8F:9E:49:5D:74:B7:C8:6E:4F:17
X509v3 Authority Key Identifier:
keyid:3B:8B:3A:75:A0:F7:2E:36:C9:21:F9:9D:59:25:6B:00:4F:CD:D6:F3
DirName:/C=IN/ST=TamilNadu/L=Chennai/O=New Break India Pvt Ltd/OU=Development/CN=linux0120.dev02.newindia.com
serial:00


Certificate is to be certified until Apr 13 05:10:27 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated


Send the Signed file and the ca file to the client:


[root@linux0120 ssl]# cp CA/newcerts/jabberd-cert.pem /usr/local/jabber/etc/jabberd/


[root@linux0120 ssl]# cp CA/cacert.pem /usr/local/jabber/etc/jabberd/


Set the following ownerships and permissions:


[root@linux0120 jabberd]# chown root:jabber jabberd-cert.pem cacert.pem


[root@linux0120 jabberd]# chmod 640 jabberd-cert.pem cacert.pem