{"id":13588147,"url":"https://github.com/rroemhild/docker-ejabberd","last_synced_at":"2025-02-25T02:13:49.811Z","repository":{"id":53912879,"uuid":"15500001","full_name":"rroemhild/docker-ejabberd","owner":"rroemhild","description":"Dockerfile for Ejabberd server","archived":false,"fork":false,"pushed_at":"2021-03-11T13:17:20.000Z","size":374,"stargazers_count":269,"open_issues_count":35,"forks_count":160,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-02-18T01:11:44.896Z","etag":null,"topics":["docker","docker-image","ejabberd","xmpp","xmpp-servers"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rroemhild.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-12-28T22:40:14.000Z","updated_at":"2024-11-30T08:27:05.000Z","dependencies_parsed_at":"2022-08-13T04:10:11.982Z","dependency_job_id":null,"html_url":"https://github.com/rroemhild/docker-ejabberd","commit_stats":null,"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rroemhild%2Fdocker-ejabberd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rroemhild%2Fdocker-ejabberd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rroemhild%2Fdocker-ejabberd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rroemhild%2Fdocker-ejabberd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rroemhild","download_url":"https://codeload.github.com/rroemhild/docker-ejabberd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240587477,"owners_count":19825005,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-image","ejabberd","xmpp","xmpp-servers"],"created_at":"2024-08-01T15:06:32.145Z","updated_at":"2025-02-25T02:13:49.781Z","avatar_url":"https://github.com/rroemhild.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# rroemhild/ejabberd\n\n![Docker Build Status](https://img.shields.io/docker/cloud/build/rroemhild/ejabberd) ![Docker Stars](https://img.shields.io/docker/stars/rroemhild/ejabberd.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/rroemhild/ejabberd.svg)\n\n- [Introduction](#introduction)\n    - [Version](#version)\n- [Quick Start](#quick-start)\n- [Usage](#usage)\n    - [Persistence](#persistence)\n    - [SSL Certificates](#ssl-certificates)\n    - [Base Image](#base-image)\n    - [Run as root](#run-as-root)\n    - [Cluster Example](#cluster-example)\n- [Runtime Configuration](#runtime-configuration)\n    - [Served Hostnames](#served-hostnames)\n    - [Authentication](#authentication)\n    - [Admins](#admins)\n    - [Users](#users)\n    - [SSL](#ssl)\n    - [Erlang](#erlang)\n    - [Modules](#modules)\n    - [Logging](#logging)\n    - [Mount Configurations](#mount-configurations)\n    - [MySQL Everything](#mysql-everything)\n- [Maintenance](#maintenance)\n    - [Register Users](#register-users)\n    - [Creating Backups](#creating-backups)\n    - [Restoring Backups](#restoring-backups)\n- [Debug](#debug)\n    - [Erlang Shell](#erlang-shell)\n    - [System Shell](#system-shell)\n    - [System Commands](#system-commands)\n- [Exposed Ports](#exposed-ports)\n\n# Introduction\n\nDockerfile to build an [ejabberd][] container image.\n\n*Since version 16.12, ejabberd has it's own docker container based on the work of this container included in the source tree. See more [in this blogpost][]. We can expect more work on this in the future.*\n\n[ejabberd]: https://www.ejabberd.im/\n[in this blogpost]: https://blog.process-one.net/ejabberd-16-12/\n\n## Version\n\nCurrent Version: `21.01`\n\nDocker Tag Names are based on ejabberd versions in git [branches][] and [tags][]. The image tag `:latest` is based on the master branch.\n\n[tags]: https://github.com/rroemhild/docker-ejabberd/tags\n[branches]: https://github.com/rroemhild/docker-ejabberd/branches\n\n# Quick Start\n\nYou can start of with the following container:\n\n```bash\ndocker run -d \\\n    --name \"ejabberd\" \\\n    -p 5222:5222 \\\n    -p 5269:5269 \\\n    -p 5280:5280 \\\n    -h 'xmpp.example.de' \\\n    -e \"XMPP_DOMAIN=example.de\" \\\n    -e \"EJABBERD_ADMINS=admin@example.de admin2@example.de\" \\\n    -e \"EJABBERD_USERS=admin@example.de:password1234 admin2@example.de\" \\\n    -e \"TZ=Europe/Berlin\" \\\n    rroemhild/ejabberd\n```\n\nor with the [docker-compose](examples/docker-compose/docker-compose.yml) example\n\n```bash\nwget https://raw.githubusercontent.com/rroemhild/docker-ejabberd/master/examples/docker-compose/docker-compose.yml\ndocker-compose up\n```\n\n# Usage\n\n## Persistence\n\nFor storage of the application data, you can mount volumes at\n\n* `/opt/ejabberd/ssl`\n* `/opt/ejabberd/backup`\n* `/opt/ejabberd/upload`\n* `/opt/ejabberd/database`\n\nor use a data container\n\n```bash\ndocker create --name ejabberd-data rroemhild/ejabberd-data\ndocker run -d --name ejabberd --volumes-from ejabberd-data rroemhild/ejabberd\n```\n\n## SSL Certificates\n\nTLS is enabled by default and the run script will auto-generate two snake-oil certificates during boot if you don't provide your SSL certificates.\n\nTo use your own certificates, there are two options.\n\n1. Mount the volume `/opt/ejabberd/ssl` to a local directory with the `.pem` files:\n\n    * /tmp/ssl/host.pem (SERVER_HOSTNAME)\n    * /tmp/ssl/xmpp_domain.pem (XMPP_DOMAIN)\n\n    Make sure that the certificate and private key are in one `.pem` file. If one file is missing it will be auto-generated. I.e. you can provide your certificate for your **XMMP_DOMAIN** and use a snake-oil certificate for the `SERVER_HOSTNAME`.\n\n2. Specify the certificates via environment variables: **EJABBERD_SSLCERT_HOST** and **EJABBERD_SSLCERT_EXAMPLE_COM**. For the\ndomain certificates, make sure you match the domain names given in **XMPP_DOMAIN** and replace dots and dashes with underscore.\n\n## Base Image\n\nBuild your own ejabberd container image and add your config templates, certificates or [extend](#cluster-example) it for your needs.\n\n```\nFROM rroemhild/ejabberd\nADD ./ejabberd.yml.tpl /opt/ejabberd/conf/ejabberd.yml.tpl\nADD ./ejabberdctl.cfg.tpl /opt/ejabberd/conf/ejabberdctl.cfg.tpl\nADD ./example.com.pem /opt/ejabberd/ssl/example.com.pem\n```\n\nIf you need root privileges switch to `USER root` and go back to `USER ejabberd` when you're done.\n\n## Run as root\n\nBy default ejabberd runs as user ejabberd(999). To run ejabberd as root add the `-u root` argument to `docker run`.\n\n```bash\ndocker run -d -u root -P rroemhild/ejabberd\n```\n\n## Cluster Example\n\nThe [docker-compose-cluster](examples/docker-compose-cluster) example demonstrates how to extend this container image to setup a multi-master cluster.\n\n# Runtime Configuration\n\nYou can additionally provide extra runtime configuration in a downstream image by replacing the config template `ejabberd.yml.tpl` with one based on this image's template and include extra interpolation of environment variables. The template is parsed by Jinja2 with the runtime environment (equivalent to Python's `os.environ` available as `env`).\n\n## Served Hostnames\n\nBy default the container will serve the XMPP domain `localhost`. In order to serve a different domain at runtime, provide the **XMPP_DOMAIN** variable with a domain name. You can add more domains separated with whitespace.\n\n```\nXMPP_DOMAIN=example.ninja xyz.io test.com\n```\n\n## Authentication\n\nAuthentication methods can be set with the **EJABBERD_AUTH_METHOD** environment variable. The default authentication mode is `internal`.\n\nSupported authentication methods:\n\n* anonymous\n* internal\n* external\n* ldap\n\nInternal and anonymous authentication example:\n\n```\nEJABBERD_AUTH_METHOD=internal anonymous\n```\n\n[External authentication](http://docs.ejabberd.im/admin/guide/configuration/#external-script) example:\n```\nEJABBERD_AUTH_METHOD=external\nEJABBERD_EXTAUTH_PROGRAM=\"/opt/ejabberd/scripts/authenticate-user.sh\"\nEJABBERD_EXTAUTH_INSTANCES=3\nEJABBERD_EXTAUTH_CACHE=600\n```\n**EJABBERD_EXTAUTH_INSTANCES** must be an integer with a minimum value of 1. **EJABBERD_EXTAUTH_CACHE** can be set to \"false\" or an integer value representing cache time in seconds. Note that caching should not be enabled if internal auth is also enabled.\n\n### Password format\n\nThe variable `EJABBERD_AUTH_PASSWORD_FORMAT` controls in which format user passwords are\nstored. Possible values are `plain` and `scram`. The default is to store\n[SCRAM](https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism)bled\npasswords, meaning that it is impossible to obtain the original plain password from the\nstored information.\n\nNOTE: SCRAM does not work with SIP/TURN foreign authentication methods. In this case, you\nmay have to disable the option. More details can be found here:\nhttps://docs.ejabberd.im/admin/configuration/#internal\n\nIf using SCRAM with an SQL database that has plaintext passwords stored, use the command\n\n```\nejabberdctl convert_to_scram example.org\n```\n\nto convert all your existing plaintext passwords to scrambled format.\n\n### MySQL Authentication\n\nSet `EJABBERD_AUTH_METHOD=external` and `EJABBERD_EXTAUTH_PROGRAM=/opt/ejabberd/scripts/lib/auth_mysql.py` to enable MySQL authentication. Use the following environment variables to configure the database connection and the layout of the database. Password changing, registration, and unregistration are optional features and are enabled only if the respective queries are provided.\n\n- **AUTH_MYSQL_HOST**: The MySQL host\n- **AUTH_MYSQL_USER**: Username to connect to the MySQL host\n- **AUTH_MYSQL_PASSWORD**: Password to connect to the MySQL host\n- **AUTH_MYSQL_DATABASE**: Database name where to find the user information\n- **AUTH_MYSQL_HASHALG**: Format of the password in the database. Default is cleartext. Options are `crypt`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`. `crypt` is recommended, as it is salted. When setting the password, `crypt` uses SHA-512 (prefix `$6$`).\n- **AUTH_MYSQL_QUERY_GETPASS**: Get the password for a user. Use the placeholders `%(user)s`, `%(host)s`. Example: `SELECT password FROM users WHERE username = CONCAT(%(user)s, '@', %(host)s)`\n- **AUTH_MYSQL_QUERY_SETPASS**: Update the password for a user. Leave empty to disable. Placeholder `%(password)s` contains the hashed password. Example: `UPDATE users SET password = %(password)s WHERE username = CONCAT(%(user)s, '@', %(host)s)`\n- **AUTH_MYSQL_QUERY_REGISTER**: Register a new user. Leave empty to disable. Example: `INSERT INTO users ( username, password ) VALUES ( CONCAT(%(user)s, '@', %(host)s), %(password)s )`\n- **AUTH_MYSQL_QUERY_UNREGISTER**: Removes a user. Leave empty to disable. Example: `DELETE FROM users WHERE username = CONCAT(%(user)s, '@', %(host)s)`\n\nNote that the MySQL authentication script writes a debug log into the file `/var/log/ejabberd/extauth.log`. To get its content, execute the following command:\n\n```bash\ndocker exec -ti ejabberd tail -n50 -f /var/log/ejabberd/extauth.log\n```\n\nTo find out more about the mysql authentication script, check out the [ejabberd-auth-mysql](https://github.com/rankenstein/ejabberd-auth-mysql) repository.\n\n### LDAP Auth\n\nFull documentation http://docs.ejabberd.im/admin/guide/configuration/#ldap.\n\nConnection\n\n- **EJABBERD_LDAP_SERVERS**: List of IP addresses or DNS names of your LDAP servers. This option is required.\n- **EJABBERD_LDAP_ENCRYPT**: The value `tls` enables encryption by using LDAP over SSL. The default value is: `none`.\n- **EJABBERD_LDAP_TLS_VERIFY**: `false|soft|hard` This option specifies whether to verify LDAP server certificate or not when TLS is enabled. The default is `false` which means no checks are performed.\n- **EJABBERD_LDAP_TLS_CACERTFILE**: Path to file containing PEM encoded CA certificates.\n- **EJABBERD_LDAP_TLS_DEPTH**: Specifies the maximum verification depth when TLS verification is enabled. The default value is 1.\n- **EJABBERD_LDAP_PORT**: The default port is `389` if encryption is disabled; and `636` if encryption is enabled.\n- **EJABBERD_LDAP_ROOTDN**: Bind DN. The default value is \"\" which means ‘anonymous connection’.\n- **EJABBERD_LDAP_PASSWORD**: Bind password. The default value is \"\".\n- **EJABBERD_LDAP_DEREF_ALIASES**: `never|always|finding|searching`\n   Whether or not to dereference aliases. The default is `never`.\n\nAuthentication\n\n- **EJABBERD_LDAP_BASE**: LDAP base directory which stores users accounts. This option is required.\n- **EJABBERD_LDAP_UIDS**: `ldap_uidattr:ldap_uidattr_format` The default attributes are `uid:%u`.\n- **EJABBERD_LDAP_FILTER**: RFC 4515 LDAP filter. The default Filter value is undefined.\n- **EJABBERD_LDAP_DN_FILTER**: `{ Filter: FilterAttrs }` This filter is applied on the results returned by the main filter. By default ldap_dn_filter is undefined.\n\n## Admins\n\nSet one or more admin user (seperated by whitespace) with the **EJABBERD_ADMINS** environment variable. You can register admin users with the **EJABBERD_USERS** environment variable during container startup, use you favorite XMPP client or the `ejabberdctl` command line utility.\n\n```\nEJABBERD_ADMINS=admin@example.ninja\n```\n\n## Users\n\nAutomatically register users during container startup. Uses random password if you don't provide a password for the user. Format is `JID:PASSWORD`. Register more users separated with whitespace.\n\nRegister the admin user from **EJABBERD_ADMINS** with a give password:\n\n```\nEJABBERD_USERS=admin@example.ninja:password1234\n```\n\nOr without a random password printed to stdout (check container logs):\n\n```\nEJABBERD_USERS=admin@example.ninja\n```\n\nRegister more than one user:\n\n```\nEJABBERD_USERS=admin@example.ninja:password1234 user1@test.com user1@xyz.io\n```\n\n## Shared Roster Groups\n\nAutomatically create roster groups and register users during container startup. To create shared roster groups, separate with whitespace:\n\n```\nEJABBERD_GROUPS=group1@example.ninja group2@test.com\n```\n\nTo add users to shared roster groups, separate with whitespace:\n\n```\nEJABBERD_GROUP_MEMBERS=admin@example.ninja:group1@example.ninja user1@test.com:group2@test.com\n```\n\nTo add all registered users on a virtual host to a shared roster group:\n\n```\nEJABBERD_GROUP_MEMBERS=@all@@example.ninja:group1@example.ninja\n```\n\nPlease take a note of the format: `@all@@example.ninja`. You need to specify not only the special directive `@all@` but also a virtual host separated by `@`.\n\n## SSL\n- **EJABBERD_SKIP_MAKE_SSLCERT**: Skip generating ssl certificates. Default: false\n- **EJABBERD_SSLCERT_HOST**: SSL Certificate for the hostname.\n- **EJABBERD_SSLCERT_EXAMPLE_COM**: SSL Certificates for XMPP domains.\n- **EJABBERD_STARTTLS**: Set to `false` to disable StartTLS for client to server connections. Defaults\n to `true`.\n- **EJABBERD_S2S_SSL**: Set to `false` to disable SSL in server 2 server connections. Defaults to `true`.\n- **EJABBERD_HTTPS**: If your proxy terminates SSL you may want to disable HTTPS on port 5280 and 5443. Defaults to `true`.\n- **EJABBERD_PROTOCOL_OPTIONS_TLSV1**: Allow TLSv1 protocol. Defaults to `false`.\n- **EJABBERD_PROTOCOL_OPTIONS_TLSV1_1**: Allow TLSv1.1 protocol. Defaults to `true`.\n- **EJABBERD_CIPHERS**: Cipher suite. Defaults to `HIGH:!aNULL:!3DES`.\n- **EJABBERD_DHPARAM**: Set to `true` to use or generate custom DH parameters. Defaults to `false`.\n- **EJABBERD_SKIP_MAKE_DHPARAM**: Skip generating DH params. Default: false\n\n## STUN / TURN\n- **EJABBERD_STUN**: Do you want to enable the STUN service on port 3478 (tcp and udp) and port 5439 (TLS enabled). Default: false\n- **EJABBERD_TURN_IP**: Which IP to use for the TURN service on port 3478 (tcp and udp) and port 5439 (TLS enabled). Default: no default\n\n## Erlang\n\n- **ERLANG_NODE**: Allows to explicitly specify erlang node for ejabberd. Set to `ejabberd` lets erlang add the hostname. Defaults to `ejabberd@localhost`.\n- **ERLANG_COOKIE**: Set erlang cookie. Defaults to auto-generated cookie.\n- **ERLANG_OPTIONS**: Overwrite additional options passed to erlang while starting ejabberd.\n\n## Modules\n\n- **EJABBERD_SKIP_MODULES_UPDATE**: If you do not need to update ejabberd modules specs, skip the update task and speedup start. Defaults to `false`.\n- **EJABBERD_MOD_MUC_ADMIN**: Activate the mod_muc_admin module. Defaults to `false`.\n- **EJABBERD_MUC_CREATE_ADMIN_ONLY**: Only allow admins to create rooms. Defaults to `false`.\n- **EJABBERD_MOD_ADMIN_EXTRA**: Activate the mod_admin_extra module. Defaults to `true`.\n- **EJABBERD_REGISTER_ADMIN_ONLY**: Only allow admins to register users. Defaults to `false`.\n- **EJABBERD_REGISTER_TRUSTED_NETWORK_ONLY**: Only allow user registration from the trusted_network access rule. Defaults to `true`.\n- **EJABBERD_MOD_VERSION**: Activate the mod_version module. Defaults to `true`.\n- **EJABBERD_SOURCE_MODULES**: List of modules, which will be installed from sources localized in ${EJABBERD_HOME}/module_source.\n- **EJABBERD_CONTRIB_MODULES**: List of modules, which will be installed from contrib repository.\n- **EJABBERD_RESTART_AFTER_MODULE_INSTALL**: If any modules were installed, restart the server, if the option is enabled.\n- **EJABBERD_CUSTOM_AUTH_MODULE_OVERRIDE**: If a custom module was defined for handling auth, we need to override the pre-defined auth methods in the config.\n## Logging\n\nUse the **EJABBERD_LOGLEVEL** environment variable to set verbosity. Defaults to `4` (Info).\n\n```\nloglevel: Verbosity of log files generated by ejabberd.\n0: No ejabberd log at all (not recommended)\n1: Critical\n2: Error\n3: Warning\n4: Info\n5: Debug\n```\n\n## Mount Configurations\n\nIf you prefer to use your own configuration files and avoid passing docker environment variables (```-e```), you can do so by mounting a host directory.\nPass in an additional ```-v``` to the ```docker run``` command, like so:\n```\ndocker run -d \\\n    --name \"ejabberd\" \\\n    -p 5222:5222 \\\n    -p 5269:5269 \\\n    -p 5280:5280 \\\n    -h 'xmpp.example.de' \\\n    -v /\u003chost_path\u003e/conf:/opt/ejabberd/conf \\\n    rroemhild/ejabberd\n```\n\nYour ```/\u003chost_path\u003e/conf``` folder should look like so:\n\n```\n/\u003chost_path\u003e/conf/\n├── ejabberdctl.cfg\n├── ejabberd.yml\n└── inetrc\n```\n\nExample configuration files can be downloaded from the ejabberd [github](https://github.com/processone/ejabberd) page.\n\nWhen these files exist in ```/opt/ejabberd/conf```, the run script will ignore the configuration templates.\n\n## MySQL Everything\n\nYou may use MySQL as a default database for all module that supports MySQL.\n- **EJABBERD_CONFIGURE_ODBC**: Set this to `true` to enable ODBC plugin\n- **EJABBERD_ODBC_TYPE**: Set this to `mysql`\n- **EJABBERD_ODBC_SERVER**: domain or ip to MySQL Server\n- **EJABBERD_ODBC_DATABASE**: MySQL database name\n- **EJABBERD_ODBC_USERNAME**: MySQL username\n- **EJABBERD_ODBC_PASSWORD**: MySQL password\n- **EJABBERD_AUTH_METHOD**: Set to `sql` to enable storing authentication using MySQL Auth internal implementation.\n\n# Maintenance\n\nThe `ejabberdctl` command is in the search path and can be run by:\n\n```bash\ndocker exec CONTAINER ejabberdctl help\n```\n\n## Register Users\n\n```bash\ndocker exec CONTAINER ejabberdctl register user XMPP_DOMAIN PASSWORD\n```\n\n## Creating Backups\n\nCreate a backupfile with ejabberdctl and copy the file from the container to localhost\n\n```bash\ndocker exec CONTAINER ejabberdctl backup /opt/ejabberd/backup/ejabberd.backup\ndocker cp CONTAINER:/opt/ejabberd/backup/ejabberd.backup /tmp/ejabberd.backup\n```\n\n## Restoring Backups\n\nCopy the backupfile from localhost to the running container and restore with ejabberdctl\n\n```bash\ndocker cp /tmp/ejabberd.backup CONTAINER:/opt/ejabberd/backup/ejabberd.backup\ndocker exec CONTAINER ejabberdctl restore /opt/ejabberd/backup/ejabberd.backup\n```\n\n# Debug\n\n## Erlang Shell\n\nSet `-i` and `-t` option and append `live` to get an interactive erlang shell:\n\n```bash\ndocker run -i -t -P rroemhild/ejabberd live\n```\n\nYou can terminate the erlang shell with `q().`.\n\n## System Shell\n\n```bash\ndocker run -i -t rroemhild/ejabberd shell\n```\n\n## System Commands\n\n```bash\ndocker run -i -t rroemhild/ejabberd env\n```\n\n# Exposed Ports\n\n* 4560 (XMLRPC)\n* 5222 (Client 2 Server)\n* 5269 (Server 2 Server)\n* 5280 (HTTP admin/websocket/http-bind)\n* 5443 (HTTP Upload)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frroemhild%2Fdocker-ejabberd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frroemhild%2Fdocker-ejabberd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frroemhild%2Fdocker-ejabberd/lists"}