Open Tinostarn opened 5 years ago
I notice when I use my own ejabberd.yml
ejabberd | 22:25:47.187 [info] ejabberd 18.09 is started in the node ejabberd@localhost in 2.83s
ERLANG_NODE in docker-compose.yml seems to be skipped
When I don't use it, ejabberd starts well on ERLANG_NODE specified in environment
ejabberd | 22:13:40.747 [info] ejabberd 18.09 is started in the node 'ejabberd@mydomain.com' in 2.62s
Could it be the cause of this issue ?
For all practical purpose, my ejabberd.yml
###
### ejabberd configuration file
###
###
### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/
### =======
### LOGGING
loglevel: 4
log_rotate_size: 10485760
log_rotate_count: 0
log_rate_limit: 100
## watchdog_admins:
## - "bob@example.com"
### ================
### SERVED HOSTNAMES
hosts:
- "mydomain.com"
##
## route_subdomains: Delegate subdomains to other XMPP servers.
## For example, if this ejabberd serves example.org and you want
## to allow communication with an XMPP server called im.example.org.
##
## route_subdomains: s2s
### ===============
### LISTENING PORTS
listen:
-
port: 5222
module: ejabberd_c2s
starttls_required: true
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
tls_compression: false
ciphers: "HIGH:!aNULL:!3DES"
-
port: 5269
module: ejabberd_s2s_in
-
port: 4560
module: ejabberd_xmlrpc
access_commands:
configure:
all: []
-
port: 5280
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
tls: true
tls_compression: false
ciphers: "HIGH:!aNULL:!3DES"
-
port: 5443
module: ejabberd_http
request_handlers:
"": mod_http_upload
tls: true
tls_compression: false
ciphers: "HIGH:!aNULL:!3DES"
### CERTIFICATES
### ================
certfiles:
- "/opt/ejabberd/ssl/host.pem"
- "/opt/ejabberd/ssl/mydomain.com.pem"
### SERVER TO SERVER
### ================
s2s_use_starttls: required
s2s_protocol_options:
- "no_sslv3"
- "no_tlsv1"
s2s_ciphers: "HIGH:!aNULL:!3DES"
### ==============
### AUTHENTICATION
auth_method:
- internal
auth_password_format: scram
## LDAP authentication
### ===============
### TRAFFIC SHAPERS
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 1000
### ====================
### ACCESS CONTROL LISTS
acl:
admin:
user:
- "admin": "mydomain.com"
local:
user_regexp: ""
### ============
### ACCESS RULES
access:
## Maximum number of simultaneous sessions allowed for a single user:
max_user_sessions:
all: 10
## Maximum number of offline messages that users can have:
max_user_offline_messages:
admin: 5000
all: 100
## This rule allows access only for local users:
local:
local: allow
## Only non-blocked users can use c2s connections:
c2s:
blocked: deny
all: allow
## For C2S connections, all users except admins use the "normal" shaper
c2s_shaper:
admin: none
all: normal
## All S2S connections use the "fast" shaper
s2s_shaper:
all: fast
## Only admins can send announcement messages:
announce:
admin: allow
## Only admins can use the configuration interface:
configure:
admin: allow
## Admins of this server are also admins of the MUC service:
muc_admin:
admin: allow
## Only accounts of the local ejabberd server, or only admins can create rooms, depending o
muc_create:
local: allow
## All users are allowed to use the MUC service:
muc:
all: allow
## Only accounts on the local ejabberd server can create Pubsub nodes:
pubsub_createnode:
local: allow
## In-band registration allows registration of any possible username.
register:
all: allow
## Only allow to register from localhost
trusted_network:
loopback: allow
soft_upload_quota:
all: 400 # MiB
hard_upload_quota:
all: 500 # MiB
language: "en"
### =======
### MODULES
modules:
mod_adhoc: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state:
queue_chat_states: true
queue_presence: false
mod_configure: {} # requires mod_adhoc
mod_disco: {}
## mod_echo: {}
## mod_http_fileserver:
## docroot: "/var/www"
## accesslog: "/var/log/ejabberd/access.log"
mod_http_upload:
docroot: "/opt/ejabberd/upload"
put_url: "https://@HOST@:5443"
mod_http_upload_quota:
max_days: 10
mod_last: {}
mod_mam:
default: always
use_cache: true
mod_muc:
host: "conference.@HOST@"
access: muc
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin
history_size: 50
default_room_options:
persistent: true
mam : true
## mod_muc_log: {}
## mod_multicast: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
## mod_pres_counter:
## count: 5
## interval: 60
mod_privacy: {}
mod_private: {}
mod_proxy65:
host: "proxy.@HOST@"
name: "File Transfer Proxy"
port: 5277
mod_pubsub:
access_createnode: pubsub_createnode
force_node_config:
"eu.siacs.conversations.axolotl.*":
access_model: open
## reduces resource comsumption, but XEP incompliant
ignore_pep_from_offline: true
## XEP compliant, but increases resource comsumption
ignore_pep_from_offline: false
last_item_cache: true
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
mod_register:
##
## Set the minimum informational entropy for passwords.
##
## password_strength: 32
##
## After successful registration, the user receives
## a message with this subject and body.
##
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
##
## Only clients in the server machine can register accounts
##
access: register
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stats: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_time: {}
mod_vcard: {}
### ============
### HOST CONFIG
certfiles:
- "/opt/ejabberd/ssl/*.pem"
### =====================
### SESSION MANAGEMENT DB
sm_db_type: mnesia
The only workaround I've found is to build my own Dockerfile and copy my ejabberd.yml.tpl
FROM rroemhild/ejabberd
ADD ./ejabberd.yml.tpl /opt/ejabberd/conf/ejabberd.yml.tpl
This way, the network works. But no idea why it would not work in the case of fully mounting the conf directory.
@Tinostarn First, I think you should learn about how docker stages are work. https://docs.docker.com/get-started/part2/ And you should notice that the ejabberd.yml file is generated using your env variables. @Tinostarn please, ask again if I misunderstood.
Hi,
I'm having some difficulties to make ejabberd container working. I can't neither access web admin via https://mydomain:5280/admin (EMPTY_RESPONSE), nor make websocket connection via wss://mydomain:5280/websocket I'm suspecting some network misconfiguration, but I'm not good enough with Docker to debug it.
I am under Win10 with Docker v 18.09.0
First, It works when I leave the container with its original configuration files :
But if I include my own
ejabberd.yml
file, the container doesn't want to start listening connectionsMy docker-compose.yml
The log :
I also tried to copy locally
ejabberdctl.cfg
andinetrc
files that seems to work in original configuration. So, the three configuration files are exactly the same than the generated ones... Without success.I also tried to run some command in the container, but i'm stuck as netstat is not available. Is there anything that must be done at the container network level ? I don't get why it doesn't work only when I mount my files...
Any tips are welcome. Thanks in advance