Remove mentions of XMPP
Dieser Commit ist enthalten in:
Ursprung
ac761b5af3
Commit
bae054e799
7 geänderte Dateien mit 4 neuen und 193 gelöschten Zeilen
|
@ -1 +0,0 @@
|
||||||
# WIP
|
|
|
@ -48,13 +48,11 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work
|
||||||
|
|
||||||
**Take care of highlighted lines.**
|
**Take care of highlighted lines.**
|
||||||
|
|
||||||
``` apache hl_lines="2 5 6 12 13 19 22 23 26 27 28 29 34 35"
|
``` apache hl_lines="2 10 11 17 22 23 24 25 30 31"
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName CHANGE_TO_MAILCOW_HOSTNAME
|
ServerName CHANGE_TO_MAILCOW_HOSTNAME
|
||||||
ServerAlias autodiscover.*
|
ServerAlias autodiscover.*
|
||||||
ServerAlias autoconfig.*
|
ServerAlias autoconfig.*
|
||||||
ServerAlias xmpp_prefix_if_any.domain
|
|
||||||
ServerAlias *.xmpp_prefix_if_any.domain
|
|
||||||
RewriteEngine on
|
RewriteEngine on
|
||||||
|
|
||||||
RewriteCond %{HTTPS} off
|
RewriteCond %{HTTPS} off
|
||||||
|
@ -70,8 +68,6 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work
|
||||||
ServerName CHANGE_TO_MAILCOW_HOSTNAME
|
ServerName CHANGE_TO_MAILCOW_HOSTNAME
|
||||||
ServerAlias autodiscover.*
|
ServerAlias autodiscover.*
|
||||||
ServerAlias autoconfig.*
|
ServerAlias autoconfig.*
|
||||||
ServerAlias xmpp_prefix_if_any.domain
|
|
||||||
ServerAlias *.xmpp_prefix_if_any.domain
|
|
||||||
|
|
||||||
# You should proxy to a plain HTTP session to offload SSL processing
|
# You should proxy to a plain HTTP session to offload SSL processing
|
||||||
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
|
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
|
||||||
|
@ -106,13 +102,13 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine.
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain;
|
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain;
|
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
||||||
|
|
||||||
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
|
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
|
||||||
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
|
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
|
||||||
|
|
|
@ -67,7 +67,6 @@ Each container represents a single application.
|
||||||
- [ACME](https://letsencrypt.org/)
|
- [ACME](https://letsencrypt.org/)
|
||||||
- [ClamAV](https://www.clamav.net/) (optional)
|
- [ClamAV](https://www.clamav.net/) (optional)
|
||||||
- [Dovecot](https://www.dovecot.org/)
|
- [Dovecot](https://www.dovecot.org/)
|
||||||
- [ejabberd](https://www.ejabberd.im/)
|
|
||||||
- [MariaDB](https://mariadb.org/)
|
- [MariaDB](https://mariadb.org/)
|
||||||
- [Memcached](https://www.memcached.org/)
|
- [Memcached](https://www.memcached.org/)
|
||||||
- [Netfilter](https://www.netfilter.org/) (Fail2ban-like integration by [@mkuron](https://github.com/mkuron))
|
- [Netfilter](https://www.netfilter.org/) (Fail2ban-like integration by [@mkuron](https://github.com/mkuron))
|
||||||
|
@ -95,5 +94,3 @@ Each container represents a single application.
|
||||||
- solr-vol-1
|
- solr-vol-1
|
||||||
- vmail-index-vol-1
|
- vmail-index-vol-1
|
||||||
- vmail-vol-1
|
- vmail-vol-1
|
||||||
- xmpp-upload-vol-1
|
|
||||||
- xmpp-vol-1
|
|
||||||
|
|
|
@ -70,9 +70,6 @@ If you have a firewall in front of mailcow, please make sure that these ports ar
|
||||||
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
|
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
|
||||||
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
|
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
|
||||||
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |
|
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |
|
||||||
| XMPP (c2s) | TCP | 5222 | ejabberd-mailcow | `${XMPP_C2S_PORT}` |
|
|
||||||
| XMPP (s2s) | TCP | 5269 | ejabberd-mailcow | `${XMPP_C2S_PORT}` |
|
|
||||||
| XMPP (upload) | TCP | 5443 | ejabberd-mailcow | `${XMPP_HTTPS_PORT}` |
|
|
||||||
|
|
||||||
To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25`
|
To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25`
|
||||||
|
|
||||||
|
|
|
@ -1,98 +0,0 @@
|
||||||
XMPP is provided by ejabberd, which describes itself as robust, scalable and extensible XMPP Server.
|
|
||||||
|
|
||||||
So first of all, thanks to ejabberd and its contributers!
|
|
||||||
|
|
||||||
## Enable XMPP in mailcow
|
|
||||||
|
|
||||||
To enable XMPP for a domain, you need to edit the given domain in mailcow UI:
|
|
||||||
|
|
||||||
![Screen1](https://i.imgur.com/oLyHBke.png)
|
|
||||||
|
|
||||||
The chosen prefix will be used to derive your XMPP login.
|
|
||||||
|
|
||||||
A prefix **xmpp_prefix** for the mailbox user `cowboy@develcow.de` would equal to the JID `cowboy@xmpp_prefix.develcow.de`.
|
|
||||||
|
|
||||||
!!! info
|
|
||||||
The login passwords for mail and XMPP are the same. XMPP users are authenticated against mailcow.
|
|
||||||
|
|
||||||
Before enabling XMPP for a domain, you should create two CNAME records in DNS:
|
|
||||||
|
|
||||||
```
|
|
||||||
# CNAMES
|
|
||||||
# Name Type Value
|
|
||||||
xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME})
|
|
||||||
*.xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME})
|
|
||||||
```
|
|
||||||
|
|
||||||
These two CNAMEs are essential for acquiring a certificate. Please **do not** add "xmpp_prefix.domain.tld" as name to `ADDITIONAL_SAN`.
|
|
||||||
|
|
||||||
Make sure your CNAMEs are correct. Enable XMPP for your domain now.
|
|
||||||
|
|
||||||
If you enabled XMPP first and then added your DNS records there is no need to worry. You will just need to wait for ejabberd to automatically acquire the certificates or
|
|
||||||
simply restart ejabberd-mailcow to trigger the process immediately: `docker-compose restart ejabberd-mailcow`.
|
|
||||||
|
|
||||||
Once ejabberd is enabled, you may want to re-run the DNS check in the mailcow UI where you will find two more SRV records:
|
|
||||||
|
|
||||||
![Screen2](https://i.imgur.com/IxlUZ7y.png)
|
|
||||||
|
|
||||||
```
|
|
||||||
# SRV records
|
|
||||||
# Name Type Value
|
|
||||||
_xmpp-client._tcp.xmpp_prefix IN SRV 10 1 5222 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
|
||||||
_xmpp-server._tcp.xmpp_prefix IN SRV 10 1 5269 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
|
||||||
```
|
|
||||||
|
|
||||||
There is no need to restart ejabberd, add these SRV records whenever you like. These records are crucial for autoconfiguration of XMPP clients and server-to-server connections.
|
|
||||||
|
|
||||||
## ACL
|
|
||||||
|
|
||||||
A domain administrator can be given the right to toggle XMPP access for domains and mailboxes, promoting users to XMPP administrators (WIP) and to change the prefix:
|
|
||||||
|
|
||||||
![Screen3](https://i.imgur.com/OxKuDFU.png)
|
|
||||||
|
|
||||||
## Verify certificates
|
|
||||||
|
|
||||||
Once everything is setup, make sure ejabberd was able to acquire certificates:
|
|
||||||
|
|
||||||
If you see a message similar to...
|
|
||||||
|
|
||||||
```
|
|
||||||
ejabberd-mailcow_1 | 2021-02-13 14:40:19.507956+01:00 [error] Failed to request certificate for im.example.org, pubsub.im.example.org and 3 more hosts: Challenge failed for domain conference.im.example.org: ACME server reported: DNS problem: NXDOMAIN looking up A for conference.im.example.org - check that a DNS record exists for this domain (error type: dns)
|
|
||||||
```
|
|
||||||
|
|
||||||
...you may need to recheck your DNS configuration or restart ejabberd-mailcow to restart the process in case of slow DNS propagation.
|
|
||||||
|
|
||||||
Opening `https://xmpp_prefix.domain.tld:5443/upload` should point you to a 404 page with a valid certificate.
|
|
||||||
|
|
||||||
## Why can't we use no prefix?
|
|
||||||
|
|
||||||
It does not matter which server name we point our SRV to, Jabber will always rely on the domain given in a JID. We would need to acquire a certificate for the SLD `domain.tld`, which hardly anyone wants to point to its mail system.
|
|
||||||
|
|
||||||
We are sorry for this circumstance. As soon as we implemented Servercows DNS API, this may be reconsidered.
|
|
||||||
|
|
||||||
## My reverse proxy does not work anymore
|
|
||||||
|
|
||||||
If your reverse proxy is configured to point to a site like `webmail.domain.tld` **which mailcow is not aware of** (as in MAILCOW_HOSTNAME does **not** match `webmail.domain.tld`), you may now be redirected to the default ejabberd Nginx site.
|
|
||||||
|
|
||||||
That's because mailcow does not know it should respond to `webmail.domain.tld` with mailcow UI.
|
|
||||||
|
|
||||||
### Method 1
|
|
||||||
|
|
||||||
A more simple approach is defining `ADDITIONAL_SERVER_NAMES` in `mailcow.conf`:
|
|
||||||
|
|
||||||
```
|
|
||||||
ADDITIONAL_SERVER_NAMES=webmail.domain.tld
|
|
||||||
```
|
|
||||||
|
|
||||||
Run `docker-compose up -d` to apply.
|
|
||||||
|
|
||||||
### Method 2
|
|
||||||
|
|
||||||
In your reverse proxy configuration, make sure you set a "Host" header that mailcow actually services, similar to this (Nginx example):
|
|
||||||
|
|
||||||
```
|
|
||||||
proxy_set_header Host MAILCOW_HOSTNAME;
|
|
||||||
# Instead of proxy_set_header Host $http_host;
|
|
||||||
```
|
|
||||||
|
|
||||||
Now you can use whatever name you like, as long mailcow receives a known "Host" header.
|
|
|
@ -1,76 +0,0 @@
|
||||||
## FAQ
|
|
||||||
|
|
||||||
Please find the most frequently asked questions with their corresponding configuration in `data/conf/ejabberd/ejabberd.yml` (if any).
|
|
||||||
|
|
||||||
- **I do not want to run ejabberd, is there a `SKIP_XMPP` variable?**
|
|
||||||
|
|
||||||
No, there is not. But you don't need one either.
|
|
||||||
|
|
||||||
The xmppd behaves the same way as SOGo or Solr do when disabled. A shell will be idling and ejabberd will **not** be started (but open unconnected ports).
|
|
||||||
|
|
||||||
As soon as a domain is enabled for XMPP, the container will be restarted and ejabberd bootstrapped.
|
|
||||||
|
|
||||||
ejabberd is **very** light on resources, you may want to give it a try.
|
|
||||||
|
|
||||||
- **Are messages stored on the server?**
|
|
||||||
|
|
||||||
Not by default. The default setting is to disable the message archive via mod_mam but allow users to enable the function if they want to:
|
|
||||||
|
|
||||||
```
|
|
||||||
mod_mam:
|
|
||||||
clear_archive_on_room_destroy: true
|
|
||||||
default: never
|
|
||||||
compress_xml: true
|
|
||||||
request_activates_archiving: true
|
|
||||||
```
|
|
||||||
|
|
||||||
- **Are uploaded files stored on the server?**
|
|
||||||
|
|
||||||
Yes, uploaded files are stored in the volume `xmpp-uploads-vol-1`.
|
|
||||||
|
|
||||||
The retention policy saves them for 30 days:
|
|
||||||
|
|
||||||
```
|
|
||||||
mod_http_upload_quota:
|
|
||||||
max_days: 30
|
|
||||||
```
|
|
||||||
|
|
||||||
- **Are messages stored when a JID is offline?**
|
|
||||||
|
|
||||||
Yes, up to 1000 messages are stored for "normal" users and administrators:
|
|
||||||
|
|
||||||
```
|
|
||||||
shaper_rules:
|
|
||||||
max_user_offline_messages:
|
|
||||||
1000: admin
|
|
||||||
1000: all
|
|
||||||
```
|
|
||||||
|
|
||||||
- **Are messages written in group chats stored?**
|
|
||||||
|
|
||||||
No, messages are not stored:
|
|
||||||
|
|
||||||
```
|
|
||||||
mod_muc:
|
|
||||||
default_room_options:
|
|
||||||
mam: false
|
|
||||||
```
|
|
||||||
|
|
||||||
- **Are group chats persistent when the last participant leaves?**
|
|
||||||
|
|
||||||
No, they will vanish:
|
|
||||||
|
|
||||||
```
|
|
||||||
mod_muc:
|
|
||||||
default_room_options:
|
|
||||||
persistent: false
|
|
||||||
```
|
|
||||||
|
|
||||||
- **How many client sessions can be open at the same time?**
|
|
||||||
|
|
||||||
10 sessions are allowed per user.
|
|
||||||
|
|
||||||
```
|
|
||||||
shaper_rules:
|
|
||||||
max_user_sessions: 10
|
|
||||||
```
|
|
|
@ -99,9 +99,6 @@ nav:
|
||||||
- 'Redis': 'u_e-redis.md'
|
- 'Redis': 'u_e-redis.md'
|
||||||
- 'Rspamd': 'u_e-rspamd.md'
|
- 'Rspamd': 'u_e-rspamd.md'
|
||||||
- 'SOGo': 'u_e-sogo.md'
|
- 'SOGo': 'u_e-sogo.md'
|
||||||
- 'XMPP':
|
|
||||||
- 'FAQ': 'u_e-xmpp-faq.md'
|
|
||||||
- 'Enable XMPP': 'u_e-xmpp-enable.md'
|
|
||||||
- 'Docker':
|
- 'Docker':
|
||||||
- 'Customize Dockerfiles': 'u_e-docker-cust_dockerfiles.md'
|
- 'Customize Dockerfiles': 'u_e-docker-cust_dockerfiles.md'
|
||||||
- 'Docker Compose Bash Completion': 'u_e-docker-dc_bash_compl.md'
|
- 'Docker Compose Bash Completion': 'u_e-docker-dc_bash_compl.md'
|
||||||
|
@ -114,7 +111,6 @@ nav:
|
||||||
- 'Android': 'client/client-android.md'
|
- 'Android': 'client/client-android.md'
|
||||||
- 'Apple macOS / iOS': 'client/client-apple.md'
|
- 'Apple macOS / iOS': 'client/client-apple.md'
|
||||||
- 'eM Client': 'client/client-emclient.md'
|
- 'eM Client': 'client/client-emclient.md'
|
||||||
- 'Gajim XMPP client': 'client/client-gajim_xmpp_client.md'
|
|
||||||
- 'KDE Kontact': 'client/client-kontact.md'
|
- 'KDE Kontact': 'client/client-kontact.md'
|
||||||
- 'Microsoft Outlook': 'client/client-outlook.md'
|
- 'Microsoft Outlook': 'client/client-outlook.md'
|
||||||
- 'Mozilla Thunderbird': 'client/client-thunderbird.md'
|
- 'Mozilla Thunderbird': 'client/client-thunderbird.md'
|
||||||
|
|
Laden …
In neuem Issue referenzieren