-
Notifications
You must be signed in to change notification settings - Fork 126
Usage: externaljid
Thanks to its design, Archipel can use external JID to acces the GUI (ArchipelClient):
- You log in with your entreprise JID, your password, and you put the WS service URL from your external server (propbably wss://external.jabber.im:5280/xmpp)
Using an external xmpp server like ejabberd or Openfire have been tested (For Openfire, the ArchipelClient must have been build after the 25/02) If you cannot log in,
- Verify that no firewall blocks access to port 4080 (or wathever port used in the BOSH URL) and your browser
- Verify that you can access the BOSH url from your web browser: going with a browser on the BOSH URL should give you some text, probably an
Jetty: HTTP ERROR 400, bad request
for openfire, orejabberd mod_http_bind
for ejabberd server
All the security is based on the ejabberd server where your register all hypervisors and VMs. the connection with an external jabber server is made through S2S
You should restrict the registration to known hosts (for example the hypervisors, so only these computers can create account (of course, no users can access these servers)
When using external jid, S2S is used between jabber servers. If you want to restrict the list of servers which can connect, change the access rules section for S2S to specify the servers: In ejabberd.yml
port: 5269
module: ejabberd_s2s_in
shaper: s2s_shaper
max_stanza_size: 131072
s2s_policy: s2s_access
s2s_use_starttls: optional
s2s_certfile: "/etc/ejabberd/server.pem"
### ============
### ACCESS RULES
access:
s2s_access:
"your.allowed.server.im": allow
all: deny