In recent years security and privacy become central focus of users and system administrators. Here is brief guide on setting up secure ejabberd TLS connections and keeping them private.
ejabberd have number of options that control security:
- certfiles: List of full paths to files containing SSL certificates (available since ejabberd 17.11)
- ciphers: OpenSSL ciphers list in the same format accepted by ‘openssl ciphers’ command
- protocol_options: List of supported SSL protocols
- dhfile: Full path to a file containing custom parameters for Diffie-Hellman key exchange
- starttls: This option specifies that STARTTLS encryption is available on connections to the port
- starttls_required: This option specifies that STARTTLS encryption is required on connections to the port.
- tls: This option specifies that traffic on the port will be encrypted using SSL immediately after connecting. This method is nowadays deprecated and not recommended
- tls_compression: Whether to enable or disable ejabberd TLS compression.
- s2s_use_starttls: This option defines if s2s connections are encrypted
- s2s_dhfile: Full path to a file containing custom DH parameters
- s2s_ciphers: OpenSSL ciphers list in the same format accepted by ‘openssl ciphers’ command
- s2s_protocol_options: List of supported SSL protocols
- s2s_tls_compression: Whether to enable or disable ejabberd TLS s2s compression
For more configuration options and description refer to ejabberd documentation.
Looking for even more enterprise-grade security advice on ejabberd?
Contact our experts »
ejabberd TLS settings: recommended vs compatibility
For many years security was something that was not primary concern in many cases in internet standards. ProcessOne team stands on the point that security is one of the primary factors thus we will recommend strong settings but also provide compatibility for reference only for those who want and need to retain support for insecure, legacy clients and servers but understand that this settings may jeopardize security and privacy. In below table you can find defaults for legacy and recommended settings:
Option | Legacy | Recommended |
---|---|---|
certfiles | path: /etc/ssl/ejabberd/domain.pem | path: /etc/ssl/ejabberd/domain.pem |
ciphers | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 |
protocol_options | no_sslv2, no_sslv3 | no_sslv2, no_sslv3, no_tlsv1,no_tlsv1_1 |
dhfile | path: /etc/ssl/ejabberd/dh1024.pem | path: /etc/ssl/ejabberd/dh2048.pem |
starttls | TRUE | TRUE |
starttls_required | FALSE | TRUE |
tls | FALSE | FALSE |
tls_compression | FALSE | FALSE |
s2s_use_starttls | OPTIONAL | REQUIRED |
s2s_dhfile | path: /etc/ssl/ejabberd/dh1024.pem | path: /etc/ssl/ejabberd/dh2048.pem |
s2s_ciphers | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 |
s2s_protocol_options | no_sslv2, no_sslv3 | no_sslv2, no_sslv3, no_tlsv1,no_tlsv1_1 |
s2s_tls_compression | FALSE | FALSE |
ejabberd TLS configuration examples
Example 1 – Strong settings for c2s settings
This config disables protocols from SSLv2 up to TLSv1.1 and allows only “modern” (as of 2016) protocol TLSv1.2 and related ciphers.
certfiles:
- /etc/ssl/ejabberd/domain.pem
listen:
-
port: 5222
module: ejabberd_c2s
protocol_options:
- no_sslv2
- no_sslv3
- no_tlsv1
- no_tlsv1_1
ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
shaper: c2s_shaper
access: c2s
starttls: true
starttls_required: true
tls_compression: false
dhfile: /etc/ssl/ejabberd/dh2048.pem
Note: Clients that do not support TLS1.2 will not be allowed to connect to c2s port.
Example 2 – Compatible settings for c2s
listen:
-
port: 5222
module: ejabberd_c2s
protocol_options:
- no_sslv
- no_sslv3
ciphers: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
shaper: c2s_shaper
access: c2s
starttls: true
starttls_required: false
tls_compression: false
dhfile: /etc/ssl/ejabberd/dh1024.pem
Note: Clients that can connect to c2s ports need support at last TLS1.0. SSLv2 and SSLv3 have serious security flaws and have to be disabled. Also DH parameter is lowered here to 1024 bit as some older Java do not support higher grades.
Server-to-Server connections
s2s connections are more complex then client connections. If we want to federate with broad spectrum of XMPP servers, we have to allow unencrypted connections to that port. There are still lot of servers that do not support encryption. On the other hand, we have 2016 and it is hard to believe that there are still servers that sends data using plain-text. Choice is always up to server administrators, but ProcessOne strongly recommend to allow only secure, encrypted connections to port s2s:
Example 1 – Strong settings for s2s connections
Global section:
certfiles:
- /etc/ssl/ejabberd/domain.pem
s2s_use_starttls: required
s2s_dhfile: /etc/ssl/ejabberd/dh2048.pem
s2s_ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
Listening ports:
listen:
-
port: 5269
module: ejabberd_s2s_in
protocol_options:
- no_sslv2
- no_sslv3
- no_tlsv1
- no_tlsv1_1
Note: Only TLSv1.2 connections are allowed and all s2s connections are required to be encrypted
Example 2 – Legacy and unsafe s2s settings
Global section:
certfiles:
- /etc/ssl/ejabberd/domain.pem
s2s_use_starttls: optional
s2s_dhfile: /etc/ssl/ejabberd/dh1024.pem
s2s_ciphers: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
Listening ports:
listen:
-
port: 5269
module: ejabberd_s2s_in
protocol_options:
- no_sslv2
- no_sslv3
Note: Allow unencrypted connections for servers that do not require it. If connections are encrypted – allow only protocol up from TLSv1. Also DH is lowered to 1024 bits.
Appendix: Create PEM files and DH paramerers
ejabberd TLS supports certificates in PEM format. Certificate should also contain certificate-chain that comes from certificate provider. Here is how certificates in PEM file should stack-up:
——— Main Certificate (xmpp.example.com) ———
——— Intermediate certificate, chain certs ———
——— Private Key for Main Certificate ———
PEM file should be only readable by process running ejabberd.
ejabberd TLS configuration allow to use custom DH parameters, this is important as recent research revealed weakness of widely and common used DH files (see https://weakdh.org). We are recommending to use at last 2048-bit DH parameters. To generate DH use openssl command, for example:
openssl dhparam -out /etc/ssl/ejabberd/dh2048.pem 2048
and add proper ejabberd TLS config option (see previous section). If you need to support some old software like Java7, set DH size to 1024.
Appendix: Generating private key and certificate requests
You can generate self-signed certificates for your connections, however nowadays we strongly recommend that anyone use signed certificates by trusted and known Certificate Authority (CA). You can easily find commercial CA with pricing starting as low as $15 per year. There is also option of using free certificates from https://letsencrypt.org – see their docs for automated process of issuing certificates.
Generate Private Key (PK):
openssl genrsa -out xmpp_example_com.key 2048
this will generate PK – keep it safe, do not share. It is 2048 bit long, if you need bigger key, go for 4096 bits. Now you need to generate Certificate Signing Request (CSR) – that need to be send (usually copy&paste) to CA to generate certificate for you:
openssl req -out xmpp_example_com.csr -key xmpp_example_com.key -new -sha256
you will have to answer range of questions, and most important is: “Common Name (e.g. server FQDN or YOUR name)” this is where you place your domain name, like: xmpp.example.com , you can use wildcard names as well if you use certificate for other sub-domains.
After submitting CSR to CA you will get CRT – file that is actually public part of your key pair. Usually with your CRT, CA also provides certificate chain that need to be included in PEM file (see appendix about creating PEM files).
If you want to generate a self-signed certificate and not yet ask a certificate to a CA, you can use the following command. It is not recommended for production, but can be helpful for testing:
openssl x509 -req -days 365 -in xmpp_example_com.csr -signkey xmpp_example_com.key -out xmpp_example_com.crt
Then, all what you need to do is to combine files into single PEM file. Using names from above examples, that can be done using cat command (step-by-step):
Let’s assume that CA sent you xmpp_example_com.crt and ca_intermediate_certificate.crt:
# create PEM file with certificate
cat xmpp_example_com.crt > xmpp_example_com.pem
# add intermediate CA certificate to PEM
cat ca_intermediate_certificate.crt >> xmpp_example_com.pem
# finally add private key to file
cat xmpp_example_com.key >> xmpp_example_com.pem
Ensure that PEM file do not have any garbage, it should be nice and smooth text file like:
-----BEGIN CERTIFICATE-----
MIIHEjCCBfqgAwIBAgIQCI9arD288vK6p24B8dArzjANBgkqhkiG9w0BAQUFADBm
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
....
....
XJqV43tRs8oaymPzU9NVbLutjva+ln/ml2IcEoE7a8x0UbdcYfQKpFI9cjr9yIki
sn5Y+o5sMjse8gXZtFMttmE3yypBt5BR4yLoQB2BSocmZkhWGjQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGWDCCBUCgAwIBAgIQCl8RTQNbF5EX0u/UA4w/OzANBgkqhkiG9w0BAQUFADBs
....
....
Ib4p1I5eFdZCSucyb6Sxa1GDWL4/bcf72gMhy2oWGU4K8K2Eyl2Us1p292E=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIyyiKCA35wtuube64IQM5hYnSzNL8HLJLYVfEl5vSrDO5KwLZ/P71BPrhx
....
....
hddA/p+zRteyTvBJaXAJwrreSjeJL4HGyf0E9z4TLE5qNMF81bXFso0+2FGDrh0t
-----END RSA PRIVATE KEY-----
Photo by Markus Spiske on Unsplash
I followed this guide and everything seems OK, but
Tested my ejabberd on xmpp.net and saw following
SASL
Pre-TLS
PLAIN <———————–
SCRAM-SHA-1
X-OAUTH2
server must not offer this pre-tls
Seems to be some misconfiguration from my side. Any ideas?
found :
starttls_required: true
Now :
SASL
Pre-TLS
None
If I’m using a self signed certificate, in the last step to create the PEM file, is it ok to only do the following 2 steps?
cat xmpp_example_com.crt > xmpp_example_com.pem (create PEM file with certificate)
cat xmpp_example_com.key >> xmpp_example_com.pem (finally add private key to file)
Thanks
Yes, should be working this way, however I strongly recommend using trusted certificates – like https://letsencrypt.org – they are free and now ejabberd can handle automatically renewal process. See latest ejabberd release.
Hi
In my case I need to append first the private key, then the certificate and at last the chain file (all from letsencrypt).
Then everything works fine. If the pem file is in any other order, either the chain certificate is not found or the clients cannot connect.
Hi
have problems with ejabberd 18.01 and ubuntu 18.04.
In my ejabberd.yml have tried many things and I see problems in some cases with certificate.
The ejabberd.log looks like:
root@sielstetten:/var/log/ejabberd# cat ejabberd.log
2018-06-18 16:17:52.311 [info] Application lager started on node ejabberd@localhost
2018-06-18 16:17:52.311 [notice] @lager_file_backend:146 Changed loghwm of /var/log/ejabberd/error.log to 100
2018-06-18 16:17:52.311 [notice] @lager_file_backend:146 Changed loghwm of /var/log/ejabberd/ejabberd.log to 100
2018-06-18 16:17:52.328 [info] Application crypto started on node ejabberd@localhost
2018-06-18 16:17:52.347 [info] Application sasl started on node ejabberd@localhost
2018-06-18 16:17:52.360 [info] Application asn1 started on node ejabberd@localhost
2018-06-18 16:17:52.360 [info] Application public_key started on node ejabberd@localhost
2018-06-18 16:17:52.398 [info] Application ssl started on node ejabberd@localhost
2018-06-18 16:17:52.405 [info] Application p1_utils started on node ejabberd@localhost
2018-06-18 16:17:52.427 [info] Application fast_yaml started on node ejabberd@localhost
2018-06-18 16:17:52.459 [info] Application fast_tls started on node ejabberd@localhost
2018-06-18 16:17:52.490 [info] Application fast_xml started on node ejabberd@localhost
2018-06-18 16:17:52.521 [info] Application stringprep started on node ejabberd@localhost
2018-06-18 16:17:52.533 [info] Application xmpp started on node ejabberd@localhost
2018-06-18 16:17:52.557 [info] Application cache_tab started on node ejabberd@localhost
2018-06-18 16:17:52.586 [info] Application eimp started on node ejabberd@localhost
2018-06-18 16:17:52.586 [info] @ejabberd_config:start:73 Loading configuration from /etc/ejabberd/ejabberd.yml
2018-06-18 16:17:54.594 [info] Application mnesia started on node ejabberd@localhost
2018-06-18 16:17:54.772 [info] Application os_mon started on node ejabberd@localhost
2018-06-18 16:17:54.774 [info] @cyrsasl_digest:start:62 FQDN used to check DIGEST-MD5 SASL authentication: sielstetten.selfhost.me
2018-06-18 16:17:54.783 [warning] Disk is almost full on “/snap/core/4486”
2018-06-18 16:17:54.956 [info] Application fs started on node ejabberd@localhost
2018-06-18 16:17:55.151 [info] Application p1_mysql started on node ejabberd@localhost
2018-06-18 16:17:55.369 [info] Application inets started on node ejabberd@localhost
2018-06-18 16:17:55.420 [warning] @ejabberd_pkix:handle_call:255 No certificate found matching ‘conference.sielstetten.selfhost.me’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
2018-06-18 16:17:55.507 [warning] @ejabberd_pkix:handle_call:255 No certificate found matching ‘upload.sielstetten.selfhost.me’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
2018-06-18 16:17:55.540 [warning] @ejabberd_pkix:handle_call:255 No certificate found matching ‘echo.sielstetten.selfhost.me’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
2018-06-18 16:17:55.579 [warning] @ejabberd_pkix:handle_call:255 No certificate found matching ‘pubsub.sielstetten.selfhost.me’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
2018-06-18 16:17:55.618 [info] Application iconv started on node ejabberd@localhost
2018-06-18 16:17:55.619 [warning] @ejabberd_pkix:handle_call:255 No certificate found matching ‘irc.sielstetten.selfhost.me’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
2018-06-18 16:17:55.666 [info] @ejabberd_cluster_mnesia:wait_for_sync:124 Waiting for Mnesia synchronization to complete
2018-06-18 16:17:55.667 [info] @ejabberd_app:start:59 ejabberd 18.01 is started in the node ejabberd@localhost in 3.90s
2018-06-18 16:17:55.671 [info] Application ejabberd started on node ejabberd@localhost
2018-06-18 16:17:55.672 [info] @ejabberd_listener:init_tcp:140 Start accepting TCP connections at 0.0.0.0:5222 for ejabberd_c2s
2018-06-18 16:17:55.672 [info] @ejabberd_listener:init_tcp:140 Start accepting TCP connections at 0.0.0.0:5269 for ejabberd_s2s_in
2018-06-18 16:17:55.672 [info] @ejabberd_listener:init_tcp:140 Start accepting TCP connections at 0.0.0.0:5280 for ejabberd_http
2018-06-18 16:17:55.672 [info] @ejabberd_listener:init_tcp:140 Start accepting TCP connections at 0.0.0.0:5444 for ejabberd_http
2018-06-18 16:27:55.509 [error] @mod_http_upload_quota:handle_info:214 Cannot open document root home/server/upload: no such file or directory
How can I solve the problems with certificate?
Many thanks
Thomas
Hi,
Were you able to resolve the issue?
Same problem
5 No certificate found matching ‘irc.sielstetten.selfhost.me’: strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let’s Encrypt (www.letsencrypt.org)
From my experience, you should first try & copy fullchain.pem and privkey.pem from /etc/letsencrypt/live/example.com to /opt/ejabberd/conf. For some reason symlinks or direct path to LE in config.yml directory doesn’t work. Possibly a permission issue. If this works, you can investigate further. Or setup cron that copies these two files regularly.
Hi Marek,
thank you for the detailed information!
I tried this setup but it does not work for me :(
Also tried with way less options / config still without any success.
I tried to ask on the ejabberd chatroom but can’t find how to register…
I also opened a question on serverfault
I post the link here if by any change you had a second to take a look…
https://serverfault.com/questions/1017743/ejabberd-starttls-setup-on-port-5222
Hi,
I am trying to generate a self signed certificate using Open SSL . I followed the docs and I have successfully generated all he files but confusion is I don’t know the exact configuration of certificates inside ejabberd config file.
Can somebody guide me the complete details that which files do I need to copy into conf folder secondly can someone share the configuration code .
I am using ejabberd on windows environement.
Thanks
This document should be REMOVED, or updated as it is NOT current!!!
2021-10-17 13:56:14.489594+11:00 [critical] @ejabberd_app:start/2:72 Failed to start ejabberd application: Unknown option: certfile. Did you mean certfiles?
The document is VALID, it’s simply outdated in one of the options, which ejabberd detects and explains you how to update… Sir, the rumours of my death have been greatly exaggerated.
Hello ,
I have installed my ejabberd server over the ubuntu machine and opened all the ports
I want to configure the same in my application based over flutter.
Its running over the HTTP ( Not secure )
But i need to secure this server and run over the HTTPS
Guide me regarding that