Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 878961 Details for
Bug 1078649
jabber_lib.main: Unable to connect to jabber servers
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
s2s configuration file
s2s.xml (text/xml), 10.83 KB, created by
hrcr2012
on 2014-03-26 11:41:38 UTC
(
hide
)
Description:
s2s configuration file
Filename:
MIME Type:
Creator:
hrcr2012
Created:
2014-03-26 11:41:38 UTC
Size:
10.83 KB
patch
obsolete
><!-- s2s configuration --> ><s2s> > <!-- Our ID on the network (default: s2s) --> > <id>s2s</id> > > <!-- The process ID file. Comment this out if you don't need to know > the process ID from outside the process (eg for control scripts) --> > <pidfile>/var/lib/jabberd/pid/s2s.pid</pidfile> > > <!-- Router connection configuration --> > <router> > <!-- IP/port the router is waiting for connections on --> > <ip>::1</ip> <!-- default: 127.0.0.1 --> > <port>5347</port> <!-- default: 5347 --> > > <!-- Username/password to authenticate as --> > <user>jabberd</user> <!-- default: jabberd --> > <pass>5f4bee03287083e16176bec13a124459580435e8</pass> <!-- default: secret --> > > <!-- The router will only allow one component to be the default > route (ie the component that receives packets destined for > unknown hosts). If you want to run more than one s2s instance, > you need to uncomment this so that s2s does not try to become > the default route. Note that all outgoing s2s communication > will go to the component that is the default route. --> > <!-- > <non-default/> > --> > > <!-- File containing an SSL certificate and private key to use when > setting up an encrypted channel with the router. From > SSL_CTX_use_certificate_chain_file(3): "The certificates must be > in PEM format and must be sorted starting with the subject's > certificate (actual client or server certificate), followed > by intermediate CA certificates if applicable, and ending > at the highest level (root) CA" (the latter one being optional). > If this is commented out, or the file can't be read, no attempt > will be made to establish an encrypted channel with the router. --> > <!-- > <pemfile>/etc/jabberd/server.pem</pemfile> > --> > > <!-- Router connection retry --> > <retry> > <!-- If the connection to the router can't be established at > startup, we should try again this many times before exiting. > Use -1 to retry indefinitely. [default: 3] --> > <init>3</init> > > <!-- If we lost the connection to the router during normal > operation (ie we've successfully connected to the router in > the past), we should try to reconnect this many times before > exiting. Use -1 to retry indefinitely. [default: 3] --> > <lost>3</lost> > > <!-- Sleep for this many seconds before trying attempting a > reconnect. [default: 2] --> > <sleep>2</sleep> > </retry> > </router> > > <!-- Log configuration - type is "syslog", "file" or "stdout" --> > <log type="syslog"> > <!-- If logging to syslog, this is the log ident --> > <ident>jabberd/s2s</ident> > > <!-- If logging to syslog, this is the log facility > (local0 - local7) [default: local3] --> > <facility>local3</facility> > > <!-- if logging to file, this is the filename of the logfile --> > <!-- > <file>/var/lib/jabberd/log/s2s.log</file> > --> > </log> > > <!-- Local network configuration --> > <local> > <!-- IP and port to listen for incoming s2s connections on > (default: 0.0.0.0, 5269) --> > <ip>::</ip> > <port>5269</port> > > <!-- Multihomed machines (with more than one interface and IP address) > need to specify outgoing S2S connections interface/address. > If not set, the <ip> section address above is used. --> > <!-- > <origin>1.2.3.4</origin> > --> > > <!-- Secret used to generate dialback keys. If you have more than > one s2s instance configured, make sure that this is the same on > all of them. If this is commented out, a random one will be > generated. --> > <!-- > <secret>secret</secret> > --> > > <!-- File containing an SSL certificate and private key to use when setting > up encrypted s2s connections with other servers (STARTTLS + Dialback). > From SSL_CTX_use_certificate_chain_file(3): "The certificates must be > in PEM format and must be sorted starting with the subject's > certificate (actual client or server certificate), followed > by intermediate CA certificates if applicable, and ending > at the highest level (root) CA" (the latter one being optional). > If this is commented out, or the file can't be read, no attempt will be > made to establish encrypted connections with other servers. --> > <!-- > <pemfile>/etc/jabberd/server.pem</pemfile> > --> > > <!-- SSL verify mode - see SSL_CTX_set_verify(3), mode parameter --> > <!-- > <verify-mode>7</verify-mode> > --> > > <!-- File containing an optional SSL certificate chain file for SSL > connections. --> > <!-- > <cachain>/etc/jabberd/cachain.pem</cachain> > --> > > </local> > > <!-- input/output settings --> > <io> > <!-- Maximum number of file descriptors. Note that the number of > possible connections will be slightly less than this, because > s2s itself can use some on its own. If the supply of file > descriptors is exhausted, new incoming connections will be > denied. > > These connections are mainly consumed when we make a > connection to an external jabber server, or an external jabber > server connects to us. If you don't have a lot of users then > there's probably no need for s2s to establish connections to > external jabber servers and the default value here is probably > fine. On the other hand, if you have lots of users with lots > of remote buddies in their buddylist then s2s will need to have > lots of open connections with other jabber servers and you may > need to increase this value. > > Note that this value only affects how many file descriptors > jabberd is able to handle internally. You may also need to > tell your operating system to allow jabberd to use more file > descriptors. On Linux this can be done using ulimit -n or by > changing the value of /proc/sys/fd/file-max. > > (default: 1024) --> > <max_fds>1024</max_fds> > > <!-- Rate limiting --> > <limits> > <!-- Maximum stanza size - if more than given number of bytes > are read in one incoming stanza, the stream is closed > with policy-violation error. > > Set to 0 to disable. > Values less than 16384 might not work. --> > <stanzasize>65535</stanzasize> > </limits> > > <!-- Enable XEP-0138: Stream Compression --> > <!-- > <compression/> > --> > > </io> > > <!-- Timed checks --> > <check> > <!-- Interval between checks. > > Checks will be run every n seconds. > > 0 disables all checks except DNS expiry. (default: 60) --> > <interval>3</interval> > > <!-- Queue expiry and connection timeout. > > While a connection is being established and dialback is in > progress, packets are queued. If a valid connection has not > been established within this many seconds, the connection > process will be aborted and the queued packets will be > bounced. Timeout checks are made for three phases of > setting up a route authenticated through dialback: > 1. Connection establishment to exchange of stream headers > 2. Initiating dialback (incoming connections) > 3. Completing dialback (incoming and outgoing) > > If stage 1 connection establishment fails and there are > alternative hosts for this route that have not failed > recently, they will be tried too before finally giving up. > > 0 disables queue expiry. (default: 60) --> > <queue>60</queue> > > <!-- Queue retry timeout. > > If the queue is older than this timeout, the connection > will not be retried even if there are alternative hosts > that have not failed recently. > > 0 disables retry expiry. (default: 300) --> > <retry>300</retry> > > <!-- Idle connection checks. > > Connections that have not sent data for longer than this many > seconds will be dropped. > > 0 disables idle timeouts. (default: 86400) --> > <idle>86400</idle> > > <!-- Keepalives. > > Outgoing connections that have not been used for longer than > this many seconds will have a single whitespace character sent > to them. This will force the TCP connection to be closed if > they have disconnected without us knowing about it. > > 0 disables keepalives. (default: 0) --> > <keepalive>0</keepalive> > > <!-- Interval between DNS result/bad host expiry. > > 0 disables expiry checks. (default: 300) --> > <dnscache>300</dnscache> > </check> > > <!-- Statistics --> > <stats> > <!-- file containing count of packets that went through --> > <!-- > <packet>/var/lib/jabberd/stats/s2s.packets</packet> > --> > </stats> > > <lookup> > <!-- SRV TCP services will be resolved in the following order. The first > one that returns something will be used (ie dereferenced via an > A/AAAA lookup). If no SRV records are found, resolver will > fallback to a straight A/AAAA lookup. --> > > <!-- xmpp-server is mandated by the XMPP spec --> > <srv>xmpp-server</srv> > > <!-- traditionally, jabber has been used --> > <srv>jabber</srv> > > > <!-- If this is enabled, the resolver will look up AAAA records as well > as A records. This is needed if you want s2s to use IPv6. > Connection attempts will be made to all IPv6 hosts before trying > IPv4 (see bad host timeout below). --> > > <resolve-ipv6/> > > > <!-- Minimum time that DNS lookup results are cached (overrides max below). --> > <min-ttl>30</min-ttl> > > <!-- Maximum time that DNS lookup results are cached. --> > <max-ttl>86400</max-ttl> > > <!-- Time /etc/hosts lookup results are cached for (default: 86400). --> > <etc-hosts-ttl>86400</etc-hosts-ttl> > > <!-- Minimum time to wait before using hosts that we have failed to > establish a connection to (unless there are no alternatives). > Do not set this too low - it is required to detect permanent > problems like broken IPv6 connectivity in order to attempt IPv4. > > 0 disables bad host caching. (default: 3600) --> > <bad-host-timeout>3600</bad-host-timeout> > > <!-- Disable the DNS cache (negative caching will still be done). > This is likely to negatively impact performance while saving > a small amount of memory since multiple DNS requests must > then be made for every re-connection. --> > <!-- > <no-cache/> > --> > </lookup> > > <!-- If this is enabled, domains which share the same host will re-use > existing outgoing connections. This is a potential security risk > as the SSL connection from the first domain will be re-used too. --> > <out-reuse-conn/> ></s2s><!-- > vim: syntax=xml >-->
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=878961">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1078649
:
878959
| 878961 |
878962
|
878963
|
878965
|
878966