search

jappix / jappix

:speech_balloon: Jappix, a full-featured XMPP web-client (Jappix Desktop, Jappix Mobile & Jappix Mini).
Other
433 stars 143 forks source link

Jappix/metronome #500

Closed Mizukamakiri closed 10 years ago

Mizukamakiri commented 10 years ago

Hi, Having trouble getting these to work together... here is my metronome config:

-- Metronome Configuration File
--
-- Information on configuring Metronome can be found on our
-- website at http://www.lightwitch.org/metronome/documentation
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running: luac -p metronome.cfg.lua
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
-- blanks. Good luck, and happy Jabbering!

---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- Example: admins = { "valerian@snoik.com", "julien@snoik.com" }
admins = { "root@localhost"}

-- Server PID
pidfile = "/var/run/metronome/metronome.pid"

-- ulimit
metronome_max_files_soft = 200000
metronome_max_files_hard = 200000

-- HTTP server
--http_ports = { 5280 }
--http_interfaces = { "127.0.0.1", "::1" }

--https_ports = { 5281 }
--https_interfaces = { "127.0.0.1", "::1" }

--
admin_telnet_strict_host_checks = false

-- Enable IPv6
use_ipv6 = true

-- This is the list of modules Metronome will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
modules_enabled = {

    -- Generally required
        "roster"; -- Allow users to have a roster. Recommended ;)
        "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
        --"tls"; -- Add support for secure TLS on c2s/s2s connections
        --"dialback"; -- s2s dialback support
        "disco"; -- Service discovery
        "discoitems"; -- Service discovery items
        "extdisco"; -- External Service Discovery

    -- Not essential, but recommended
        --"private"; -- Private XML storage (for room bookmarks, etc.)
        "vcard"; -- Allow users to set vCards

    -- These are commented by default as they have a performance impact
        "compression"; -- Stream compression

    -- Nice to have
        "version"; -- Replies to server version requests
        "uptime"; -- Report how long server has been running
        "time"; -- Let others know the time here on this server
        "ping"; -- Replies to XMPP pings with pongs
        --"pep"; -- Enables users to publish their mood, activity, playing music and more
        "register"; -- Allow users to register on this server using a client and change passwords

    -- Admin interfaces
        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
        "admin_telnet"; -- Opens telnet console interface on localhost port 5582

    -- HTTP modules
        "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
        "websockets"; -- Enable WebSocket clients
       --"http_files"; -- Serve static files from a directory over HTTP

    -- Other specific functionality
        "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
        "bidi"; -- Bidirectional Streams for S2S connections
        "groups"; -- Shared roster support
        "announce"; -- Send announcement to all online users
        --"welcome"; -- Welcome users who register accounts
        "watchregistrations"; -- Alert admins of registrations
        --"motd"; -- Send a message to users when they log in
        --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
};

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
    -- "offline"; -- Store offline messages
    -- "c2s"; -- Handle client connections
    -- "s2s"; -- Handle server-to-server connections
};

-- Discovery items
disco_items = {
    { "muc.snoik.com" },
    { "proxy.snoik.com" },
    { "pubsub.snoik.com" },
    { "vjud.snoik.com" }
};

-- External Service Discovery (mod_extdisco)
external_services = {
    ["stun.snoik.com"] = {
        [1] = {
            port = "3478",
            transport = "udp",
            type = "stun"
        },

        [2] = {
            port = "3478",
            transport = "tcp",
            type = "stun"
        }
    }
};

-- Bidirectional Streams configuration (mod_bidi)
bidi_exclusion_list = { "jabber.org" }

-- BOSH configuration (mod_bosh)
bosh_max_inactivity = 30
consider_bosh_secure = true
cross_domain_bosh = true

-- WebSocket configuration (mod_websockets)
consider_websockets_secure = true
cross_domain_websockets = true

-- Disable account creation by default, for security
allow_registration = true

-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
--ssl = {
--    key = "/srv/data_jappix/certs/snoik.com.key";
--    certificate = "/srv/data_jappix/certs/snoik.com_ca.crt";
--}

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

--c2s_require_encryption = true

-- Force servers to use encrypted connections? This option will
-- prevent servers from connecting unless they are using encryption.

--s2s_require_encryption = false

-- Allow servers to use an unauthenticated encryption channel

--s2s_allow_encryption = true

-- Select the authentication backend to use. The 'internal' providers
-- use Metronome's configured data storage to store the authentication data.
-- To allow Metronome to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please use internal_hashed below, to note that this will disable
-- DIGEST-MD5 as SASL mechanism.

authentication = "internal_plain"

-- Logging configuration
log = {
    --info = "/var/log/metronome/metronome.log"; -- Change 'info' to 'debug' for verbose logging
    error = "/var/log/metronome/metronome.err";
    -- "*syslog"; -- Uncomment this for logging to syslog
    -- "*console"; -- Log to the console, useful for debugging with daemonize=false
}

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Metronome to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

VirtualHost "snoik.com"
    enabled = true

    modules_enabled = {
        -- Generally required
            "roster"; -- Allow users to have a roster. Recommended ;)

        -- Not essential, but recommended
            "private"; -- Private XML storage (for room bookmarks, etc.)
            "vcard"; -- Allow users to set vCards

        -- These are commented by default as they have a performance impact
            "mam"; -- Message Archive Management
            "privacy"; -- Support privacy lists

        -- Nice to have
            "lastactivity"; -- Logs the user last activity timestamp
            "pep"; -- Enables users to publish their mood, activity, playing music and more
            "message_carbons"; -- Allow clients to keep in sync with messages send on other resources
            "register"; -- Allow users to register on this server using a client and change passwords
            "register_redirect"; -- Redirects users registering to the registration form
            "public_service"; -- Provides some information about the XMPP server

        -- Admin interfaces
            --"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
    }

    mam_stores_cap = 20000

    no_registration_whitelist = true
    registration_url = "http://snoik.com/chat/jappix/"
    registration_text = "Please register your account on Jappix itself (open snoik.com in your Web browser). Then you'll be able to use it anywhere you want."

--    public_service_vcard = {
--        name = "STEM XMPP service",
--        url = "http://snoik.com/chat/jappix/",
--        foundation_year = "20",
--        country = "FR",
--        email = "root@snoik.com",
--        admin_jid = "root@snoik.com",
--        geo = "48.87,2.33",
--        ca = { name = "StartSSL", url = "https://www.startssl.com/" },
--        oob_registration_uri = "https://snoik.com/"
--    }

--VirtualHost "anonymous.snoik.com"
--    enabled = true
--    authentication = "anonymous"
--    allow_anonymous_multiresourcing = true
--    allow_anonymous_s2s = true
--    anonymous_jid_gentoken = "Jappix Anonymous User"
--    anonymous_randomize_for_trusted_addresses = { "127.0.0.1", "::1" }

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.

---Set up a MUC (multi-user chat) room server on muc.snoik.com:
Component "muc.snoik.com" "muc"
    name = "Jappix Chatrooms"

    modules_enabled = {
        "muc_limits";
        --"muc_log";
        --"muc_log_http";
        "pastebin";
    }

    muc_event_rate = 0.5
    muc_burst_factor = 10

    muc_log_http_config = {
        url_base = "logs";
        theme = "metronome";
    }

    pastebin_url = "https://muc.snoik.com/paste/"
    pastebin_path = "/paste/"
    pastebin_expire_after = 0
    pastebin_trigger = "!paste"

---Set up a PubSub server
Component "pubsub.snoik.com" "pubsub"
    name = "Jappix Publish/Subscribe"

    --unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)

---Set up a VJUD service
Component "vjud.snoik.com" "vjud"
    ud_disco_name = "Jappix User Directory"

    synchronize_to_host_vcards = "snoik.com"

---Set up a BOSH service
Component "bind.snoik.com" "http"
    modules_enabled = { "bosh" }

---Set up a WebSocket service
Component "websocket.snoik.com" "http"
    modules_enabled = { "websockets" }

---Set up a BOSH + WebSocket service
Component "me.snoik.com" "http"
    modules_enabled = { "bosh", "websockets" }

---Set up a statistics service
Component "stats.snoik.com" "http"
    modules_enabled = { "server_status" }

    server_status_basepath = "/xmppd/"
    server_status_show_hosts = { "snoik.com", "anonymous.snoik.com" }
    server_status_show_comps = { "muc.snoik.com", "proxy.snoik.com", "pubsub.snoik.com", "vjud.snoik.com" }

-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
Component "proxy.snoik.com" "proxy65"
    proxy65_acl = { "snoik.com", "anonymous.snoik.com" }

i can create users with metronomectl adduser, and can also login after i create them with that command. But i cant create users using Jappix. Also, the users created using metronomectl adduser don't show on Jappix - Users.

Some help?

Mizukamakiri commented 10 years ago

Here is my main.xml

<?xml version="1.0" encoding="utf-8" ?>
<jappix xmlns="jappix:conf:main">
    <name>Snoik Chat</name>
    <desc>a free social network</desc>
    <owner_name>Snoik</owner_name>
    <owner_website>http://snoik.com</owner_website>
    <legal>http://snoik.com/legal.htm</legal>
    <language>all</language>
    <resource>Snoik</resource>
    <lock>off</lock>
    <anonymous>off</anonymous>
    <http_auth>on</http_auth>
    <registration>on</registration>
    <manager_link>on</manager_link>
    <groupchats_join>test@muc.snoik.com</groupchats_join>
    <groupchats_suggest>on</groupchats_suggest>
    <encryption>on</encryption>
    <https_storage>off</https_storage>
    <https_force>off</https_force>
    <compression>off</compression>
    <caching>on</caching>
    <analytics_track>off</analytics_track>
    <analytics_url></analytics_url>
    <analytics_id></analytics_id>
    <ads_enable>off</ads_enable>
    <ads_standard></ads_standard>
    <ads_content></ads_content>
    <gads_client></gads_client>
    <gads_slot></gads_slot>
    <multi_files>off</multi_files>
    <developer>off</developer>
    <statistics>on</statistics>
    <register_api>on</register_api>
    <xmppd_ctl>/usr/local/bin/metronomectl</xmppd_ctl>
    <xmppd>metronome</xmppd>
</jappix>
valeriansaliou commented 10 years ago

Please check that your webserver is able to execute the metronomectl binary. This is most likely caused by www-data:www-data not being able to run metronomectl, UNIX-wise.

(check that by logging in to this user in a shell, using sudo su).

Mizukamakiri commented 10 years ago

Thank you for answering! =)

However...

root@ubuntu:~# su www-data
www-data@ubuntu:/root$ sudo /usr/local/bin/metronomectl adduser wwtest@snoik.com wwtest
User successfully added
www-data@ubuntu:/root$

and in sudoers:

www-data ALL= NOPASSWD: /usr/local/bin/metronomectl
Mizukamakiri commented 10 years ago

Also, in Chrome console with Jappix in dev mode i get this when i try to register.

Name.getNick ReferenceError {stack: (...), message: "con is not defined"}
valeriansaliou commented 10 years ago

This is because Jappix couldn't connect. Can I have an access to your instance for debugging purposes? Just on the Web-side.

Mizukamakiri commented 10 years ago

Sure thing, what do you need?

Mizukamakiri commented 10 years ago

oh, apache error log shows

sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted

Getting close. Any ideas what can be causing this?

valeriansaliou commented 10 years ago

Apache is unable to execute metronomectl via PHP-CGI.

You need to allow this command in the sudoers file.

Mizukamakiri commented 10 years ago

my sudoers contains:

# User privilege specification
root    ALL=(ALL:ALL) ALL
www-data ALL=(ALL:ALL) NOPASSWD: /usr/local/bin/metronomectl

isnt this correct?

valeriansaliou commented 10 years ago

Ours (Jappix.com):

# metronomectl command access from PHP
www-data ALL= NOPASSWD: /usr/local/bin/metronomectl
Mizukamakiri commented 10 years ago

No joy...

i even tried the now commented ones, but that didnt work either. i can run metronomectl from the command line as www-data with no problems..

# User privilege specification
root    ALL=(ALL:ALL) ALL
www-data ALL= NOPASSWD: /usr/local/bin/metronomectl

# www-data ALL=(ALL) NOPASSWD: /usr/local/bin/metronomectl
# www-data ALL=NOPASSWD: ALL

running this on a test.php also gives the same error...

<?php

exec('sudo -u www-data /usr/local/bin/metronomectl adduser www2@snoik.com www2');

?>

Im sure it's running as www-data

root@ubuntu:/home/websites/snoik.com/http/server# ps aux | grep apache2
www-data 27284  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27285  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27286  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27287  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27288  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27297  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27298  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27299  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27300  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
www-data 27301  0.0  0.4 395600  8856 ?        S    11:02   0:00 /usr/sbin/apache2 -k start
root     28004  0.0  0.0  13444   916 pts/0    S+   11:13   0:00 grep --color=auto apache2
root     58128  0.0  1.0 395568 21932 ?        Ss   02:39   0:02 /usr/sbin/apache2 -k start
root@ubuntu:/home/websites/snoik.com/http/server#

Running out of ideas here..... =(

Mizukamakiri commented 10 years ago

Fixed:

Disabled mpm_itk module in apache.