{"id":107,"date":"2008-05-27T23:18:22","date_gmt":"2008-05-27T22:18:22","guid":{"rendered":"http:\/\/florianhaas.net\/blog\/?p=107"},"modified":"2009-06-03T13:09:42","modified_gmt":"2009-06-03T12:09:42","slug":"tutorialhowto-ejabberd-jwchat-apache2-on-ubuntu-or-debian","status":"publish","type":"post","link":"https:\/\/floriantischner.net\/blog\/2008\/05\/27\/tutorialhowto-ejabberd-jwchat-apache2-on-ubuntu-or-debian\/","title":{"rendered":"Tutorial\/HowTo: ejabberd + jwchat + apache2 on Ubuntu or Debian"},"content":{"rendered":"<p>What is jwchat? <a href=\"http:\/\/jwchat.sourcefoge.net\/\">Jwchat<\/a><\/p>\n<blockquote><p>is a full featured, web-based <a href=\"http:\/\/www.jabber.org\/\" target=\"_blank\">Jabber<\/a>\u2122 client.<\/p><\/blockquote>\n<p>It uses the HTTP-POLL method to connect to a jabber-server. It is written in Javascript, which is quite nice because you do not open a glaring security-hole by installing it.<\/p>\n<p>I am not going to explain how you set up ejabberd or apache2; there are tons of tutorials for that out there.<\/p>\n<ol>\n<li>Go to the jwchat <a href=\"http:\/\/jwchat.sourceforge.net\/download.shtml\">download-page<\/a> and download it. Extract it to somewhere where the webserver can read it; i put it in \/usr\/share\/jwchat. Alternatively you can just <em>aptitude install jwchat<\/em>.<\/li>\n<li>Edit the config.js you can find in jwchat\/www . There are two things you want to edit:<\/li>\n<li>\n<ol>\n<li>The SITENAME. Just put in your servername.<\/li>\n<li>The httpbases a bit further down. This is the relative path where jwchat will try to contact the jabber-server. Put in anything you want; the default makes sense, though.<\/li>\n<\/ol>\n<\/li>\n<li>Now comes the part where the jwchat-documentation fails us: we have to configure the apache2 to proxy all requests which go to the httpbase over to the jabber-server. jwchat proposes the following configuration:<br \/>\n<code> DocumentRoot \/var\/www\/jwchat<br \/>\nOptions  +Indexes +Multiviews<br \/>\nAddDefaultCharset UTF-8<br \/>\nRewriteEngine on<br \/>\nRewriteRule http-poll\/ http:\/\/127.0.0.1:5280\/http-poll\/ [P]<\/code><\/p>\n<p>While this works, it adds a burden to the user: his firewall needs to allow outgoing connections to port 5280. It is way better to keep all connections on one port so that jwchat works in heavily locked-down environments like libraries, universities and schools. This can be achieved by mod_proxy.<\/li>\n<li>First you have to enable mod_proxy_http and mod_proxy. You can do that by calling <em>a2enmod proxy proxy_http<\/em><\/li>\n<li>Once this is done, put this somewhere into one of your (virtual)host configurations:<code>ProxyRequests Off<br \/>\nProxyPass \/http-poll\/ http:\/\/127.0.0.1:5280\/http-poll\/<br \/>\nProxyPassReverse \/http-poll\/ http:\/\/127.0.0.1:5280\/http-poll\/<br \/>\nAllow from all<br \/>\nAlias \/jwchat \/usr\/share\/jwchat\/www<br \/>\nOptions  +Indexes +Multiviews +FollowSymLinks<br \/>\nAddDefaultCharset UTF-8<\/code><br \/>\nNow the users can go to $example.com\/jwchat and use their jabber-accounts without having to install a client.<\/li>\n<\/ol>\n<p><span style=\"text-decoration: line-through;\">It is important to note that the username and password are transmited as plaintext; <strong>this is dangerous and stupid<\/strong>. Not only will you die, it will also hurt the whole time you&#8217;re dieing.<\/span><\/p>\n<p><strong>Edit<\/strong>: I was wrong: Jwchat uses DIGEST-MD5. While it is better than nothing, SSL is way more secure, seeing as the IETF is in the <a href=\"http:\/\/tools.ietf.org\/html\/draft-ietf-sasl-digest-to-historic-00\">process of deprecating<\/a> DIGEST-MD5 because of the bruteforceability.<\/p>\n<p><strong>Never<\/strong> use jwchat over an unencrypted connection. Be smart and put that whole configuration into an SSL-enabled host. You don&#8217;t lose any functionality but gain important security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is jwchat? Jwchat is a full featured, web-based Jabber\u2122 client. It uses the HTTP-POLL method to connect to a jabber-server. It is written in Javascript, which is quite nice because you do not open a glaring security-hole by installing it. I am not going to explain how you set up ejabberd or apache2; there [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[13],"class_list":["post-107","post","type-post","status-publish","format-standard","hentry","category-free-software","tag-linux"],"_links":{"self":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts\/107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/comments?post=107"}],"version-history":[{"count":6,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts\/107\/revisions"}],"predecessor-version":[{"id":136,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts\/107\/revisions\/136"}],"wp:attachment":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/media?parent=107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/categories?post=107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/tags?post=107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}