I have an ejabberd server set up on Windows Server 2012, which works I have opened the API on port 5280 using the following config in my ejabberd.yml:
-
port: 5280
ip: "0.0.0.0"
module: ejabberd_http
starttls: true
tls: true
certfile: 'CERTFILE'
protocol_options: 'TLSOPTS'
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: false
I have a wildcard SSL certificate, which I have also converted to a .pem file, currently stored in C:\ProgramData\ejabberd\conf\domaincert.pem and referenced at the top of the file in CERTFILE as follows:
## Define common macros used by listeners
define_macro:
'CERTFILE': "/conf/domaincert.pem"
## 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH"
'TLSOPTS':
## - "no_sslv2"
- "no_sslv3"
## - "no_tlsv1"
## - "no_tlsv1_1"
## - "cipher_server_preference"
## - "no_compression"
## 'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
Accessing over non-https (http://chat.domain.com:5280/http-bind ) shows:
ejabberd mod_bosh
An implementation of XMPP over BOSH (XEP-0206)
This web page is only informative. To use HTTP-Bind you need a Jabber/XMPP client that supports it.
I'm struggling to get HTTP-BIND to be served up over HTTPS (https://chat.domain.com:5280/http-bind) with the error:
This site can’t be reached
chat.domain.com unexpectedly closed the connection.
I can't work out if this is an issue with my windows setup, firewall, or if I need to make some changes to the ejabberd config.
Solved!
Needed to use
netsh http add sslcert ipport=0.0.0.0:5280
ejabberd was then crashing as a result of
starttls: true
which is an invalid parameter. I then moved the certificate to it's own directory under C: and referenced as follows:
'CERTFILE': "/Root_Web/domaincert.pem"