Merge pull request 'Improve ejabberd HTTP API configs and access' (#483) from bugfix/ejabberd_api_access into master

Reviewed-on: #483
2023-04-03 16:03:03 +00:00 · 2023-04-03 16:03:03 +00:00 · a44fa31951
parent ac00aa9def 797dd241e0
commit a44fa31951
3 changed files with 18 additions and 3 deletions
--- a/site-cookbooks/kosmos-akkounts/recipes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb
@ -84,7 +84,7 @@ end
 ejabberd_private_ip_addresses.each do |ip_address|
  IPAddr.new ip_address
  hostsfile_entry ip_address do
-    hostname 'xmpp.kosmos.org'
+    hostname 'xmpp.kosmos.local'
    action :create
  end
 rescue IPAddr::InvalidAddressError
@ -93,7 +93,7 @@ rescue IPAddr::InvalidAddressError
 end

 if ejabberd_private_ip_addresses.size > 0
-  env[:ejabberd_api_url] = 'https://xmpp.kosmos.org:5443/api'
+  env[:ejabberd_api_url] = "http://xmpp.kosmos.local/api"
 end

 systemd_unit "akkounts.service" do
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -186,6 +186,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
            stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
+            private_ip_address: node["knife_zero"]["host"],
            akkounts_ip_addresses: akkounts_ip_addresses
  notifies :reload, "service[ejabberd]", :delayed
 end
@ -198,6 +199,13 @@ unless node.chef_environment == "development"
  include_recipe "kosmos-ejabberd::firewall"
 end

+firewall_rule 'ejabberd_http' do
+  port     [80]
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end
+
 #
 # Tor hidden service
 #
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@ -61,6 +61,14 @@ listen:
    use_proxy_protocol: true
    max_stanza_size: 131072
    shaper: s2s_shaper
+  -
+    port: 80
+    ip: "<%= @private_ip_address %>"
+    module: ejabberd_http
+    request_handlers:
+      "/api": mod_http_api
+    tls: false
+    captcha: false
  -
    port: 5443
    ip: "::"
@ -69,7 +77,6 @@ listen:
    request_handlers:
      "/ws": ejabberd_http_ws
      "/bosh": mod_bosh
-      "/api": mod_http_api
      "/upload": mod_http_upload
      "/admin": ejabberd_web_admin
    custom_headers: