NEXTCLOUD: JSXC Javascript XMPP

  • Actualizamos el sistema
apt update && apt upgrade
  • Instalamos dependencias
apt install dirmngr apt-transport-https
  • Agregamos al sources list
echo deb http://http.debian.net/debian stretch-backports main > /etc/apt/sources.list.d/backports.list
  • Agregamos la llave
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
  • Agregamos al sources list
echo deb https://dl.jsxc.org stable main > /etc/apt/sources.list.d/jsxc.list
  • Agregamos la llave
wget -qO - https://dl.jsxc.org/archive.key | apt-key add -
  • Actualizamos
apt update
  • Instalamos
apt install -t stretch-backports ejabberd
  • Agregamos
sudo add-apt-repository ppa:ondrej/php
  • Actualizamos
sudo apt-get update
  • Instalamos dependencias
apt install apache2 libapache2-mod-php php7.2-gd php7.2-json php7.2-sqlite3 php7.2-curl php7.2-mbstring php7.2-intl php7.2-imagick php7.2-xml php7.2-zip
  • Instalamos
apt install python-certbot-apache xcauth python3-bsddb3 python3-systemd
  • Instalamos
apt install unattended-upgrades

Servidor NEXTCLOUD

  • Modificamos el host virtual
nano /etc/apache2/sites-available/cloud.siua.ac.cr-le-ssl.conf
  • Agregamos
#************************************************************************
#**************************        XMPP         *************************
#************************************************************************
ProxyPass /http-bind/ https://coturn.siua.ac.cr:5280/http-bind/
ProxyPassReverse /http-bind/ https://coturn.siua.ac.cr:5280/http-bind/
ProxyPreserveHost On
  • Reiniciamos
service apache2 restart

SERVIDOR COTURN

  • Creamos el archivo
nano /etc/apache2/sites-available/userdata.conf
  • Con el siguiente contenido
<VirtualHost *:80>
  ServerName userdata.cloud.siua.ac.cr
  # Mostly to satisfy certbot
  ServerAlias conference.cloud.siua.ac.cr pubsub.cloud.siua.ac.cr www.conference.cloud.siua.ac.cr www.pubsub.cloud.siua.ac.cr www.userdata.cloud.siua.ac.cr
  # This DocumentRoot is irrelevant, but match ejabberd.conf anyway
  DocumentRoot /var/www/userdata
  ErrorLog ${APACHE_LOG_DIR}/userdata_error.log
  CustomLog ${APACHE_LOG_DIR}/userdata_access.log combined
  ProxyPass / http://localhost:5288/
  ProxyPassReverse / http://localhost:5288/
  ProxyPreserveHost On
</VirtualHost>
  • Creamos la carpeta
mkdir --mode=660 /var/www/userdata
  • Cambiamos de dueño
chown ejabberd:ejabberd /var/www/userdata
  • Habilitamos módulos
a2enmod headers env dir mime proxy proxy_http
  • Habilitamos el sitio
a2ensite userdata
systemctl reload apache2
  • Habilitamos proxy
a2enmod proxy proxy_http
systemctl restart apache2

Servidor DNS

  • Editamos
nano db.siua.ac.cr
  • Agregamos
userdata.cloud.siua.ac.cr.              IN      A       186.15.227.76
pubsub.cloud.siua.ac.cr.                IN      A       186.15.227.76
conference.cloud.siua.ac.cr.            IN      A       186.15.227.76


www.userdata.cloud              IN      CNAME   userdata.cloud
www.conference.cloud            IN      CNAME   conference.cloud
www.pubsub.cloud                IN      CNAME   pubsub.cloud

  • Editamos
nano db.rev.227
  • Agregamos
76      IN      PTR     userdata.nube.siua.ac.cr.
76      IN      PTR     conference.nube.siua.ac.cr.
76      IN      PTR     pubsub.nube.siua.ac.cr.
  • Reiniciamos
/etc/init.d/bind9 restart

Servidor COTURN

  • Mandamos a generar certificado
certbot --installer apache
  • RESULTADO
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: conference.cloud.siua.ac.cr
2: www.conference.cloud.siua.ac.cr
3: pubsub.cloud.siua.ac.cr
4: www.pubsub.cloud.siua.ac.cr
5: userdata.cloud.siua.ac.cr
6: www.userdata.cloud.siua.ac.cr
7: coturn.siua.ac.cr
8: www.coturn.siua.ac.cr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 2 3 4 5 6

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for conference.cloud.siua.ac.cr
http-01 challenge for pubsub.cloud.siua.ac.cr
http-01 challenge for userdata.cloud.siua.ac.cr
http-01 challenge for www.conference.cloud.siua.ac.cr
http-01 challenge for www.pubsub.cloud.siua.ac.cr
http-01 challenge for www.userdata.cloud.siua.ac.cr
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/userdata-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/userdata-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/userdata-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/userdata-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/userdata-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/userdata-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/userdata-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/userdata-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Redirecting vhost in /etc/apache2/sites-enabled/userdata.conf to ssl vhost in /etc/apache2/sites-available/userdata-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://conference.cloud.siua.ac.cr, https://www.conference.cloud.siua.ac.cr,
https://pubsub.cloud.siua.ac.cr, https://www.pubsub.cloud.siua.ac.cr,
https://userdata.cloud.siua.ac.cr, and https://www.userdata.cloud.siua.ac.cr

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=conference.cloud.siua.ac.cr
https://www.ssllabs.com/ssltest/analyze.html?d=www.conference.cloud.siua.ac.cr
https://www.ssllabs.com/ssltest/analyze.html?d=pubsub.cloud.siua.ac.cr
https://www.ssllabs.com/ssltest/analyze.html?d=www.pubsub.cloud.siua.ac.cr
https://www.ssllabs.com/ssltest/analyze.html?d=userdata.cloud.siua.ac.cr
https://www.ssllabs.com/ssltest/analyze.html?d=www.userdata.cloud.siua.ac.cr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/conference.cloud.siua.ac.cr/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/conference.cloud.siua.ac.cr/privkey.pem
   Your cert will expire on 2019-06-10. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
  • Aplicamos
chgrp -R ssl-cert /etc/letsencrypt/live/cloud.siua.ac.cr
chgrp -R ssl-cert /etc/letsencrypt/archive/cloud.siua.ac.cr

chmod -R g+rX,o-rwx /etc/letsencrypt/live/cloud.siua.ac.cr
chmod -R g+rX,o-rwx /etc/letsencrypt/archive/cloud.siua.ac.cr

  • Instalamos
apt install ejabberd xcauth
  • Añadimos el usuario
adduser www-data ssl-cert
service apache2 restart

Configurar ejabberd

  • Comandos
/etc/init.d/ejabberd stop
/etc/init.d/ejabberd start
  • Verificamos que esté corriendo el servicio
systemctl status ejabberd.service
  • Configuramos el certificado
cd /etc/ejabberd
cat /etc/letsencrypt/live/cloud.siua.ac.cr/{privkey,fullchain}.pem > ejabberd.pem
chown ejabberd:ejabberd ejabberd.pem
chmod 640 ejabberd.pem
  • Abrimos
ubuntu
nano /opt/ejabberd/conf/ejabberd.yml

debian
nano /etc/ejabberd/ejabberd.yml
  • Agregamos
language: "es"
  • Modificamos
hosts:
  - "localhost"

X

hosts:
  - "localhost"
  - "cloud.siua.ac.cr"
  - "nube.siua.ac.cr"
  • Reiniciamos
/etc/init.d/ejabberd restart
  • Verificamos que el servicio este corriendo
nmap -sT -O localhost
  • Creamos el usuario ugit
ejabberdctl register ugit cloud.siua.ac.cr CA2
  • Actualizamos (NO SE APLICA)
sudo updatedb
sudo cp $(locate ejabberd.service) /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl enable --now ejabberd
systemctl status ejabberd.service
  • Ejecutamos el comando para saber donde esta instalado
locate ejabberdctl | grep bin
  • Ingresamos a la ruta
cd /opt/ejabberd-19.02/bin
  • Creamos un usuario
ejabberdctl register ugit coturn.siua.ac.cr CA2

WEB NEXTCLOUD

  • En aplicaciones habilitamos «JavaScript XMPP Chat»
  • En configuración «Javascript Xmpp Client» seleccionamos «External»