diff --git a/docs/client/client-gajim_xmpp_client.md b/docs/client/client-gajim_xmpp_client.md deleted file mode 100644 index 85e6ff194..000000000 --- a/docs/client/client-gajim_xmpp_client.md +++ /dev/null @@ -1 +0,0 @@ -# WIP diff --git a/docs/firststeps-rp.md b/docs/firststeps-rp.md index d33d03a0b..d3ef9ba9b 100644 --- a/docs/firststeps-rp.md +++ b/docs/firststeps-rp.md @@ -48,13 +48,11 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work **Take care of highlighted lines.** -``` apache hl_lines="2 5 6 12 13 19 22 23 26 27 28 29 34 35" +``` apache hl_lines="2 10 11 17 22 23 24 25 30 31" ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* - ServerAlias xmpp_prefix_if_any.domain - ServerAlias *.xmpp_prefix_if_any.domain RewriteEngine on RewriteCond %{HTTPS} off @@ -70,8 +68,6 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* - ServerAlias xmpp_prefix_if_any.domain - ServerAlias *.xmpp_prefix_if_any.domain # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 @@ -106,13 +102,13 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine. server { listen 80 default_server; listen [::]:80 default_server; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; diff --git a/docs/index.md b/docs/index.md index ef76ed5ef..d8b09f192 100644 --- a/docs/index.md +++ b/docs/index.md @@ -67,7 +67,6 @@ Each container represents a single application. - [ACME](https://letsencrypt.org/) - [ClamAV](https://www.clamav.net/) (optional) - [Dovecot](https://www.dovecot.org/) -- [ejabberd](https://www.ejabberd.im/) - [MariaDB](https://mariadb.org/) - [Memcached](https://www.memcached.org/) - [Netfilter](https://www.netfilter.org/) (Fail2ban-like integration by [@mkuron](https://github.com/mkuron)) @@ -94,6 +93,4 @@ Each container represents a single application. - sogo-web-vol-1 - solr-vol-1 - vmail-index-vol-1 -- vmail-vol-1 -- xmpp-upload-vol-1 -- xmpp-vol-1 +- vmail-vol-1 \ No newline at end of file diff --git a/docs/prerequisite-system.md b/docs/prerequisite-system.md index 8ece0257c..6c5df19f3 100644 --- a/docs/prerequisite-system.md +++ b/docs/prerequisite-system.md @@ -70,9 +70,6 @@ If you have a firewall in front of mailcow, please make sure that these ports ar | Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` | | Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` | | HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` | -| XMPP (c2s) | TCP | 5222 | ejabberd-mailcow | `${XMPP_C2S_PORT}` | -| XMPP (s2s) | TCP | 5269 | ejabberd-mailcow | `${XMPP_C2S_PORT}` | -| XMPP (upload) | TCP | 5443 | ejabberd-mailcow | `${XMPP_HTTPS_PORT}` | To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25` diff --git a/docs/u_e-xmpp-enable.md b/docs/u_e-xmpp-enable.md deleted file mode 100644 index 3d4dc0adf..000000000 --- a/docs/u_e-xmpp-enable.md +++ /dev/null @@ -1,98 +0,0 @@ -XMPP is provided by ejabberd, which describes itself as robust, scalable and extensible XMPP Server. - -So first of all, thanks to ejabberd and its contributers! - -## Enable XMPP in mailcow - -To enable XMPP for a domain, you need to edit the given domain in mailcow UI: - -![Screen1](https://i.imgur.com/oLyHBke.png) - -The chosen prefix will be used to derive your XMPP login. - -A prefix **xmpp_prefix** for the mailbox user `cowboy@develcow.de` would equal to the JID `cowboy@xmpp_prefix.develcow.de`. - -!!! info - The login passwords for mail and XMPP are the same. XMPP users are authenticated against mailcow. - -Before enabling XMPP for a domain, you should create two CNAME records in DNS: - -``` -# CNAMES -# Name Type Value -xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) -*.xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) -``` - -These two CNAMEs are essential for acquiring a certificate. Please **do not** add "xmpp_prefix.domain.tld" as name to `ADDITIONAL_SAN`. - -Make sure your CNAMEs are correct. Enable XMPP for your domain now. - -If you enabled XMPP first and then added your DNS records there is no need to worry. You will just need to wait for ejabberd to automatically acquire the certificates or -simply restart ejabberd-mailcow to trigger the process immediately: `docker-compose restart ejabberd-mailcow`. - -Once ejabberd is enabled, you may want to re-run the DNS check in the mailcow UI where you will find two more SRV records: - -![Screen2](https://i.imgur.com/IxlUZ7y.png) - -``` -# SRV records -# Name Type Value -_xmpp-client._tcp.xmpp_prefix IN SRV 10 1 5222 mail.example.org. (your ${MAILCOW_HOSTNAME}) -_xmpp-server._tcp.xmpp_prefix IN SRV 10 1 5269 mail.example.org. (your ${MAILCOW_HOSTNAME}) -``` - -There is no need to restart ejabberd, add these SRV records whenever you like. These records are crucial for autoconfiguration of XMPP clients and server-to-server connections. - -## ACL - -A domain administrator can be given the right to toggle XMPP access for domains and mailboxes, promoting users to XMPP administrators (WIP) and to change the prefix: - -![Screen3](https://i.imgur.com/OxKuDFU.png) - -## Verify certificates - -Once everything is setup, make sure ejabberd was able to acquire certificates: - -If you see a message similar to... - -``` -ejabberd-mailcow_1 | 2021-02-13 14:40:19.507956+01:00 [error] Failed to request certificate for im.example.org, pubsub.im.example.org and 3 more hosts: Challenge failed for domain conference.im.example.org: ACME server reported: DNS problem: NXDOMAIN looking up A for conference.im.example.org - check that a DNS record exists for this domain (error type: dns) -``` - -...you may need to recheck your DNS configuration or restart ejabberd-mailcow to restart the process in case of slow DNS propagation. - -Opening `https://xmpp_prefix.domain.tld:5443/upload` should point you to a 404 page with a valid certificate. - -## Why can't we use no prefix? - -It does not matter which server name we point our SRV to, Jabber will always rely on the domain given in a JID. We would need to acquire a certificate for the SLD `domain.tld`, which hardly anyone wants to point to its mail system. - -We are sorry for this circumstance. As soon as we implemented Servercows DNS API, this may be reconsidered. - -## My reverse proxy does not work anymore - -If your reverse proxy is configured to point to a site like `webmail.domain.tld` **which mailcow is not aware of** (as in MAILCOW_HOSTNAME does **not** match `webmail.domain.tld`), you may now be redirected to the default ejabberd Nginx site. - -That's because mailcow does not know it should respond to `webmail.domain.tld` with mailcow UI. - -### Method 1 - -A more simple approach is defining `ADDITIONAL_SERVER_NAMES` in `mailcow.conf`: - -``` -ADDITIONAL_SERVER_NAMES=webmail.domain.tld -``` - -Run `docker-compose up -d` to apply. - -### Method 2 - -In your reverse proxy configuration, make sure you set a "Host" header that mailcow actually services, similar to this (Nginx example): - -``` -proxy_set_header Host MAILCOW_HOSTNAME; -# Instead of proxy_set_header Host $http_host; -``` - -Now you can use whatever name you like, as long mailcow receives a known "Host" header. diff --git a/docs/u_e-xmpp-faq.md b/docs/u_e-xmpp-faq.md deleted file mode 100644 index eef2d45b3..000000000 --- a/docs/u_e-xmpp-faq.md +++ /dev/null @@ -1,76 +0,0 @@ -## FAQ - -Please find the most frequently asked questions with their corresponding configuration in `data/conf/ejabberd/ejabberd.yml` (if any). - -- **I do not want to run ejabberd, is there a `SKIP_XMPP` variable?** - -No, there is not. But you don't need one either. - -The xmppd behaves the same way as SOGo or Solr do when disabled. A shell will be idling and ejabberd will **not** be started (but open unconnected ports). - -As soon as a domain is enabled for XMPP, the container will be restarted and ejabberd bootstrapped. - -ejabberd is **very** light on resources, you may want to give it a try. - -- **Are messages stored on the server?** - -Not by default. The default setting is to disable the message archive via mod_mam but allow users to enable the function if they want to: - -``` - mod_mam: - clear_archive_on_room_destroy: true - default: never - compress_xml: true - request_activates_archiving: true -``` - -- **Are uploaded files stored on the server?** - -Yes, uploaded files are stored in the volume `xmpp-uploads-vol-1`. - -The retention policy saves them for 30 days: - -``` - mod_http_upload_quota: - max_days: 30 -``` - -- **Are messages stored when a JID is offline?** - -Yes, up to 1000 messages are stored for "normal" users and administrators: - -``` -shaper_rules: - max_user_offline_messages: - 1000: admin - 1000: all -``` - -- **Are messages written in group chats stored?** - -No, messages are not stored: - -``` - mod_muc: - default_room_options: - mam: false -``` - -- **Are group chats persistent when the last participant leaves?** - -No, they will vanish: - -``` - mod_muc: - default_room_options: - persistent: false -``` - -- **How many client sessions can be open at the same time?** - -10 sessions are allowed per user. - -``` -shaper_rules: - max_user_sessions: 10 -``` diff --git a/mkdocs.yml b/mkdocs.yml index 65a3b113a..6f64f5853 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -99,9 +99,6 @@ nav: - 'Redis': 'u_e-redis.md' - 'Rspamd': 'u_e-rspamd.md' - 'SOGo': 'u_e-sogo.md' - - 'XMPP': - - 'FAQ': 'u_e-xmpp-faq.md' - - 'Enable XMPP': 'u_e-xmpp-enable.md' - 'Docker': - 'Customize Dockerfiles': 'u_e-docker-cust_dockerfiles.md' - 'Docker Compose Bash Completion': 'u_e-docker-dc_bash_compl.md' @@ -114,7 +111,6 @@ nav: - 'Android': 'client/client-android.md' - 'Apple macOS / iOS': 'client/client-apple.md' - 'eM Client': 'client/client-emclient.md' - - 'Gajim XMPP client': 'client/client-gajim_xmpp_client.md' - 'KDE Kontact': 'client/client-kontact.md' - 'Microsoft Outlook': 'client/client-outlook.md' - 'Mozilla Thunderbird': 'client/client-thunderbird.md'