Closed APoniatowski closed 11 months ago
Did you setup conference.
as needed in the webserver?
I'm not sure where to configure this, as I am using the docker image via docker compose.
I am using the example config file, with very slightly modified attributes
You've opened port 80 and 5280?
Do you have proxy that deliver requests from port 80 on your domain to 5280 on ejabberd? Is that also accepting connections from conference.domain.com?
ports are open (managed by cloud provider firewall and it is open) and not using an external nginx frontend. Unless the docker image has one
Can you list the docker command you use to run?
I use docker compose:
version: '3.7'
services:
main:
image: ghcr.io/processone/ejabberd
container_name: ejabberd
environment:
- CTL_ON_CREATE=register admin DOMAIN.ORG SOME_PASS
- CTL_ON_START=registered_users DOMAIN.ORG ;
registered_vhosts ;
status
ports:
- "5222:5222"
- "5269:5269"
- "5280:5280"
- "5443:5443"
volumes:
- ./ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml:ro
- ./database:/opt/ejabberd/database
- ./logs:/opt/ejabberd/logs
- ./upload:/opt/ejabberd/upload
And 80 should redirect to 5280 as said, yes?
I followed the documentation, so no mention of a redirect on the docker image. I could try and change '5280:5208' to '80:5280'? if that is what you meant
The docs say to open port 80 and redirect to 5280 though, your command does not open 80 on the docker, right?
Note that the ACME protocol requires challenges to be sent on port 80. Since this is a privileged port, ejabberd cannot listen on it directly without root privileges. Thus you need some mechanism to forward port 80 to the port defined by the listener (port 5280 in the example above). There are several ways to do this: using NAT, setcap (Linux only), or HTTP front-ends (e.g. sslh, nginx, haproxy and so on). Pick one that fits your installation the best, but DON'T run ejabberd as root.
https://docs.ejabberd.im/admin/configuration/basic/#setting-up-acme
I was using this doc to set it up:
https://github.com/processone/ejabberd/blob/master/CONTAINER.md
So it might need to be updated, as there is no mention of a redirect (I assumed nginx is preinstalled on the container, and configured to use 5280 out of the box, but I was wrong)
I have however check if one of my other services are taking that port, and noticed that it has. So I will need to make some changes to it.
Thanks for the help in finding the root cause of my issue
https://github.com/processone/ejabberd/blob/master/CONTAINER.md
That's the generic intro, there's no mention of ACME there.
Once that is ready you still need to read ejabberd docs: https://docs.ejabberd.im ;)
Before creating a ticket, please consider if this should fit the discussion forum better.
Environment
erl +V
Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml
Errors from error.log/crash.log
ejabberd | 2023-08-09 12:37:45.005087+00:00 [error] Failed to request certificate for DOMAIN.ORG, pubsub.DOMAIN.ORG and 3 more hosts: Challenge failed for domain conference.DOMAIN.ORG: ACME server reported: IP_ADDRESS: Invalid response from http://conference.DOMAIN.ORG/.well-known/acme-challenge/yozIpF6GR9GiZ2qx4WgkjHqd-QkFgW-FiKHdEtHbilE: 404 (error type: unauthorized)
Bug description
getting the following when trying to reach the admin panel: An error occurred during a connection to DOMAIN.ORG:5443. PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
I am also using a .dev domain name, if that helps. I hope there is a simple and quick fix for this, as I'd rather use ejabberd over prosody