Vines: Difference between revisions

From diaspora* project wiki
m (→‎FirewallD: Also add CentOS)
(#REDIRECT)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Work_in_progress}}
#REDIRECT [[Integration/Chat]]
{{Note|Report issues and suggestions to the Vines server at https://github.com/diaspora/vines/issues}}
{{Serious|This page moved to [[Integration/Chat]]}}
 
This wiki-page is about setting up [http://getvines.org Vines] on your Diaspora installation.
 
{{Quote|Vines is an XMPP chat server that connects you with large clusters of machines as easily as chatting with a friend.<br>
It's a new, simpler way to manage your servers in the cloud or the data center.| http://www.getvines.org/}}
 
= Installation/Update =
 
This feature is merged into the current development version of Diaspora. We do not recommend to try it out yet if you're running on the stable release version.
 
If you're running the development version of Diaspora and want to try out this feature, all you have to do is a regular [[Updating|update]].
 
= Configuration =
 
You'll find all required configuration parameters in <tt>diaspora.yml.example</tt>. If you'd like to activate the chat feature
you have to copy paste the chat section from <tt>diaspora.yml.example</tt> to your actual <tt>diaspora.yml</tt> configuration file and
activate the chat globally:
 
<syntaxhighlight lang="yaml">
  chat:
    enabled: true
</syntaxhighlight>
 
If you have already a working XMPP server and need only the front-end:
 
<syntaxhighlight lang="yaml">
  chat:
    enabled: true
    server:
      enabled: false
</syntaxhighlight>
 
It is also possible to configure the port and address of the client-to-server, server-to-server and the BOSH service.
You'll also find the required parameters in <tt>diaspora.yml.example</tt> with a small description.
 
== Firewall Ports ==
 
If your server is behind a firewall or in a virtual environment without direct internet access (e.g. kvm/qemu).
You have to open a few ports on your router (redirect ports in kvm):
 
* port 5269 if you want that your xmpp server can communicate with other xmpp server (this is necessary if you want to communicate with other users on different pods)
* port 5222 if you want that your user can login with different clients (e.g. #Pidgin)
 
=== UFW - Uncomplicated Firewall ===
(Will be shipped in the newer Ubuntu versions.)
 
sudo ufw allow 5269/tcp
sudo ufw allow 5222/tcp
 
=== FirewallD ===
 
FirewallD is used by RedHat/CentOS/Fedora based distributions. Open up the required ports permanently and add them to the public zone.
 
firewall-cmd --add-port=5222 --zone=public --permanent
firewall-cmd --add-port=5269 --zone=public --permanent
 
=== OpenWRT===
 
Check the [http://wiki.openwrt.org/doc/howto/port.forwarding OpenWRT documentation here..]
 
=== Iptables ===
 
Enable IP forwarding on your router:
echo "1" > /proc/sys/net/ipv4/ip_forward
or
sysctl net.ipv4.ip_forward=1
 
Redirect all traffic on the specified ports to xxx.xxx.xxx.xxx:
iptables -t nat -A PREROUTING -p tcp --dport 5269 -j DNAT --to-destination xxx.xxx.xxx.xxx:5269
iptables -t nat -A PREROUTING -p tcp --dport 5222 -j DNAT --to-destination xxx.xxx.xxx.xxx:5222
iptables -t nat -A POSTROUTING -j MASQUERADE
 
=== KVM/QEMU ===
 
Edit your configuration file:
virsh -c qemu:/system edit <DOMAIN>
 
And add at the end before the ending-tag <code></domain></code>
<qemu:commandline>
  <qemu:arg value='-redir'/>
  <qemu:arg value='tcp:5269::5269'/>
  <qemu:arg value='-redir'/>
  <qemu:arg value='tcp:5222::5222'/>
</qemu:commandline>
 
Finally reboot:
virsh -c qemu:/system reboot <DOMAIN>
 
== Certificates ==
 
{{Serious|For encrypted communication we need a certificate and the related key.<br>}}
Put your files in the vines-cert folder, you can configure the path in diaspora.yml under the chat section.
 
The default path is <code>/path_to_diaspora_installation/config/vines/</code>.<br>
Also the domain name should be included in the file name e.g.:
 
* example.com.crt
* example.com.key
 
 
If you have no certificate and want to generate a self-signed you can do that with vines, too.
Just execute in you diaspora environment <code>bundle exec vines cert example.com</code> and you should be good to go ..
 
{{Note|If you use your server in a development mode, think about enabling acceptance of self-signed certificates in your diaspora.yml!}}
 
= Run it =
 
If you are finished configuring the chat server you can start Diaspora as normal:
 
<syntaxhighlight lang="bash">
./script/server
</syntaxhighlight>
 
Log into Diaspora and you should see the web client in the right corner.
You can also log into it with your favorite desktop client like Pidgin.
 
For that use your Diaspora ID and your Diaspora password.
 
= FAQ =
 
== JSXC is hidden, even after activating it ==
 
=== Firefox ===
Go to your http://about:config and check whether you set
<syntaxhighlight lang="bash">media.peerconnection.enabled</syntaxhighlight>
to
<syntaxhighlight lang="bash">false</syntaxhighlight>
Reverse it and JSXC should be displayed, again!
 
== I have no contacts in my roster ==
 
 
Please consider that you have to add chat privilege to your aspects!
 
You can toggle that privilege for every existing aspect:<br>
[[File:chat_privilege_bar.png|caption]]
 
Or you can do that while creating a new aspect:<br>
[[File:chat_privilege_popup.png|caption]]
 
 
(original post https://sechat.org/posts/359056)
 
== Invalid byte sequence in UTF-8 ==
 
Vines is not able to read the file due encoding problems. You can easily check your file encoding with:
<syntaxhighlight lang="bash">
$ file --mime-encoding /etc/ssl/certs/ca-certificates.crt
/etc/ssl/certs/ca-certificates.crt: us-ascii
</syntaxhighlight>
 
If it is not ascii or utf-8, Vines will skip the file. You can try converting it ([http://stackoverflow.com/questions/64860/best-way-to-convert-text-files-between-character-sets source]):
<syntaxhighlight lang="yaml">
$ iconv -f <YOUR_ENCODING> -t ascii /etc/ssl/certs/ca-certificates.crt > /etc/ssl/certs/ca-certificates.ascii.crt
</syntaxhighlight>
 
== Browser blocks mixed-content ==
 
<syntaxhighlight lang="bash">
*****************************************************************
You enabled the chat feature but haven't configured BOSH! That
could lead to mixed-content problems with the http clients. Please
think about editing your proxy configuration as described in:
 
diaspora.yml.example
*****************************************************************
</syntaxhighlight>
 
The internal xmpp server does not support https and<br />
even if we implement it, we would ran into certificate issues.<br />
The problem with mixed-content is described here: https://github.com/Zauberstuhl/diaspora/issues/6
 
The easiest way of avoiding certificate and mixed-content issues is to use a proxy (see apache and nginx section below)!
 
If you finished configuring your proxy settings you also have to adjust diaspora.yml!<br />
For my examples below, it would look like this:
 
<syntaxhighlight lang="yaml">
  chat:
    server:
      bosh:
        proxy: true
        bind: '/http-bind'
</syntaxhighlight>
 
=== Apache2 ===
 
<syntaxhighlight lang="apache">
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/http-bind
RewriteRule ^/(http\-bind.*)$ balancer://chat%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://diaspora%{REQUEST_URI} [P,QSA,L]
<Proxy balancer://diaspora>
  BalancerMember http://127.0.0.1:3000
</Proxy>
<Proxy balancer://chat>
  BalancerMember http://0.0.0.0:5280
</Proxy>
</syntaxhighlight>
 
=== Nginx ===
 
<syntaxhighlight lang="bash">
upstream chat_cluster {
  server localhost:5280;
}
 
location /http-bind {
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Proto https;
 
  proxy_redirect off;
  proxy_connect_timeout 5;
  proxy_buffering      off;
 
  proxy_read_timeout    70;
  keepalive_timeout    70;
  send_timeout          70;
 
  client_max_body_size 4M;
  client_body_buffer_size 128K;
  proxy_pass http://chat_cluster;
}
</syntaxhighlight>
 
= Debugging =
 
On default Vines will log to <tt>log/vines.log</tt> and has a log level of <tt>info</tt> set.
Set the logging level to <tt>debug</tt>, <tt>info</tt>, <tt>warn</tt>, <tt>error</tt>, or <tt>fatal</tt>. The <tt>debug</tt> level logs all XML sent and received by the server.
 
<syntaxhighlight lang="yaml">
  chat:
    server:
      log:
        file: 'log/vines.log'
        level: 'debug'
</syntaxhighlight>
 
 
[[Category:Podmin]] [[Category:Installation]]

Latest revision as of 10:08, 17 June 2016

Redirect to:

WarningWarning:This page moved to Integration/Chat