After the last updates to ejabberd, upload and bosh seem configured but mam stopped working. I can message individually from each of my clients but, these messages arent syncing in all of them (didn’t have this problem before).
I believe it may have to do with the order of mods in the ejabberd.yml file, though not sure
Information
FreedomBox version: FreedomBox version 23.4
Hardware: Raspberry Pi4
How did you install FreedomBox?: FBX on top of Pi image of Debian
Not sure but this may also be in the XEP. Nevertheless, in neither Conversations nor Dino have I come across a policy change option for this. I’m guessing it might be better if default value is set to always.
The issue is back. I’ve been searching for an explanation online but cant seem to find one.
Not sure if this is an ejabberd bug or something with freedombox.
P.S. I’ve got my configuration adjusted to use ejabberd TURN/STUN servers so it may look different than your typical FBX configuration. Also, I have no need for BOSH so using a custom UPLOAD folder under /var/www
Sharing my configuration file below:
###
### ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### ******* !!! WARNING !!! *******
### ******* YAML IS INDENTATION SENSITIVE *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
###
# loglevel: Verbosity of log files generated by ejabberd
loglevel: info
# rotation: Disable ejabberd's internal log rotation, as the Debian package
# uses logrotate(8).
log_rotate_count: 0
# hosts: Domains served by ejabberd.
# You can define one or several, for example:
# hosts:
# - "example.net"
# - "example.com"
# - "example.org"
hosts:
- my_domain.com
certfiles:
- "/etc/ejabberd/ejabberd.pem"
# - /etc/letsencrypt/live/localhost/fullchain.pem
# - /etc/letsencrypt/live/localhost/privkey.pem
# TLS configuration
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
- "cipher_server_preference"
- "no_compression"
# 'DH_FILE': "/path/to/dhparams.pem"
# generated with: openssl dhparam -out dhparams.pem 2048
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
# c2s_dhfile: 'DH_FILE'
# s2s_dhfile: 'DH_FILE'
listen:
- port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
protocol_options: 'TLS_OPTIONS'
- port: 5223
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
tls: false
protocol_options: 'TLS_OPTIONS'
- port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
- port: 5443
ip: "::"
module: ejabberd_http
tls: true
protocol_options: 'TLS_OPTIONS'
request_handlers:
/api: mod_http_api
/bosh: mod_bosh
## /captcha: ejabberd_captcha
/upload: mod_http_upload
/ws: ejabberd_http_ws
- port: 5280
ip: "::"
module: ejabberd_http
tls: false
protocol_options: 'TLS_OPTIONS'
request_handlers:
/admin: ejabberd_web_admin
/.well-known/acme-challenge: ejabberd_acme
- port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
# https:uwot.eu / www.process-one.net/blog
- port: 3478
transport: udp
module: ejabberd_stun
use_turn: true
turn_min_port: 49152
turn_max_port: 50175
turn_ip: my_static_ip
auth_type: user
- port: 5349
transport: tcp
module: ejabberd_stun
use_turn: true
tls: true
turn_min_port: 49152
turn_max_port: 50175
ip: "::"
turn_ip: my_static_ip
# --
## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
## password storage (see auth_password_format option).
disable_sasl_mechanisms:
- "digest-md5"
- "X-OAUTH2"
s2s_use_starttls: required
## Store the plain passwords or hashed for SCRAM:
auth_password_format: scram
## Full path to a script that generates the image.
## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
acl:
admin:
user:
- ""
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: admin
configure:
allow: admin
muc_create:
allow: local
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
access:
allow:
- acl: loopback
- acl: admin
oauth:
scope: "ejabberd:admin"
access:
allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
ip: 127.0.0.1/8
what:
- status
- connected_users_number
shaper:
normal:
rate: 3000
burst_size: 20000
fast: 200000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
## mod_delegation: {} # for xep0356
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: https://@HOST@:5443/upload
docroot: /var/www/upload
custom_headers:
"Access-Control-Allow-Origin": "https://@HOST@"
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
"Access-Control-Allow-Headers": "Content-Type"
mod_last: {}
## mod_mam:
## ## Mnesia is limited to 2GB, better to use an SQL backend
## ## For small servers SQLite is a good fit and is very easy
## ## to configure. Uncomment this when you have SQL configured:
## ## db_type: sql
## assume_mam_usage: true
## default: always
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_pres_counter:
count: 5
interval: 60
mod_privacy: {}
mod_private: {}
## mod_proxy65:
## access: local
## max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
"eu.siacs.conversations.axolotl.*":
access_model: open
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
## mod_register:
## ## Only accept registration requests from the "trusted"
## ## network (see access_rules section above).
## ## Think twice before enabling registration from any
## ## address. See the Jabber SPAM Manifesto for details:
## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
## ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_sic: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_stun_disco:
credentials_lifetime: 1000d
secret: secret
services:
- host: my_domain.com
port: 3478
type: stun
transport: tcp
- host: my_domain.com
port: 3478
type: stun
transport: udp
- host: my_domain.com
port: 3478
type: turn
transport: tcp
- host: my_domain.com
port: 3478
type: turn
transport: udp
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_version: {}
mod_mam:
db_type: mnesia
default: always
request_activates_archiving: false
assume_mam_usage: false
cache_size: 1000
cache_life_time: 3600
auth_method: ldap
ldap_servers:
- "localhost"
ldap_base: "ou=users,dc=thisbox"
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
s2s_certfile: "/etc/ejabberd/letsencrypt/my_domain.com/ejabberd.pem"
So here’s what’s happening for anyone (like me) who has no idea about the internals of the application.
In the FBX setup, ejabberd is configured to use its own database (mnesia) to store mam messages. This database is limited to a size of 2GB (if you need anything more, you need to revert to another sql database - i.e. sqlite or postgresql).
When testing for the culprit, my system log threw me a [error] MAM archives too large, won't store message for me@mydomain.com eroor.
Apperantly, the database on my server had reached its limits and was not storing any more messages. The following command can be used to clear the database:
ejabberdctl delete_old_mam_messages all 0
use with sudo
Explanation:
If you do a ejabberdctl help delete_old_mam_messages the notation will explain to select “chat, groupchat or all.” The “0” at the end is to specify messages “older than days”
So, the command above is trigerred for “all” messages “older than 0” days old.