The summer holidays season is often a time of great inspiration. This year we used that opportunity to focus on important groundwork on ejabberd codebase. However, we also decided to work on making ejabberd more accessible to newcomers.
For all these reasons, ejabberd is equally important for our growing community of users, for our customers, and for people that always wanted to give ejabberd a try but were afraid to make the jump.
Easier kickstart for newcomers
ejabberd, being written in Erlang has the reputation to be highly robust, highly scalable, clusterable, but also somewhat mysterious and, in turn, difficult to operate.
This release focus on making ejabberd more approchable, thanks to two efforts:
ejabberd binary installers polish
We polished our installers and fixed minor issues that users reported. This is often the first contact of our users with ejabberd. Please keep on reporting issues and suggesting improvements.
Default configuration file simplification
We simplified our default configuration file and made our default value better for production in the majority of cases. Tweaking the configuration file is the first task of a newcomer to ejabberd. It has to be done whether you are using our installers or are installing ejabberd from your Linux distribution package.
We now have a clean, no-bloat default config that has all the features from the Compliance Suite 2018 (XEP-0387) enabled by default. It’s a great base to build up your configuration with the help from the ejabberd docs.
We started an effort to improve the logging of ejabberd. Some entries changed the log level in which they are publishing. Other entries now comes in a more timely manner. All in all, this version is a first step to make ejabberd logs more useful and less intimidating for newcomers.
Up to date / increased security
OpenSSL 1.1.1 support
When operating a messaging / communication service, security is a top concern for sysadmins. We already had simplified access to TLS certificates with support for Let’s Encrypt. Now, we have adopted latest brand new TLS version.
OpenSSL 1.1.1 has been officially released in September 2018. It introduces support for TLS 1.3.
ejabberd 18.09 is already able to support OpenSSL 1.1.1 and as such you can use ejabberd with TLS 1.3.
TLS 1.3 is a major update for TLS and brings many benefits: you get increase speed in handshakes and improved security. If you want to learn more about TLS 1.3, I recommend you watch Filippo Valsorda presentation on TLS 1.3.
There is a catch though. Installers do not yet include OpenSSL 1.1.1. If you are planning to use ejabberd with TLS 1.3, you will need to build it yourself against your local OpenSSL 1.1.1. We are already working on making the next installers able to package the newest OpenSSL. This is quite a lengthy process, given the fact that our installer supports many operating systems (Linux, macOS and Windows), but we will get it done.
New external_secret option in HTTP Upload
Another interesting addition is a new
external_secret option in the HTTP Upload. Thanks to this, you can offload all HTTP Upload processing to a separate HTTP server, for example nginx. The secret key is here to ensure that the upload service can verify that the upload comes from your HTTP upload module. It prevents random strangers to upload content to your server. This is a much needed addition to make this module more usable.
modules: ... mod_http_upload: ... put_url: "http://separate.http.server/upload" external_secret: "foo bar baz" ...
Please, make sure your secret key is unpredictable and long enough.
Performance improvements: getting ready to support Erlang OTP 21
This new ejabberd release is compliant with Erlang OTP 21. As such, it brings significant performance improvements to ejabberd. Erlang OTP 21 removed some IO locks in Erlang VM and thus enhance application IO scalability.
We package our installers with OTP 21 already. Try it and report your findings!
Modular ejabberd core
ejabberd code base has been in deep refactoring for many months now. We reached a point where our ejabberd core is extremely modular, thanks to our flexible hook based API.
This can lead to many innovations, with ejabberd becoming a great base for building high performance messaging platform. It means that this core is now the basis for our newest release of ejabberd Business Edition (4.0), without having to do any patching to ejabberd. It makes ejabberd suitable to implement other protocols by leveraging the clustering, networking and routing components of ejabberd. This leads to support of MQTT 5.0 protocol in ejabberd Business Edition.
This is a major milestone for ejabberd code base itself.
Download and install ejabberd 18.09
The source package and binary installers are available at ProcessOne.
– Simplify the default configuration file
– Enable Roster Versioning in the default config file
– Enable TLS by default (and require it for c2s)
– Use “localhost” as a default host
– Increased default ‘max_stanza_size’ limit for c2s listener from 65536 to 262144
– Set a default ‘max_stanza_size’ for incoming s2s listener: 524288
– Remove vcard search default value
– Remove mod_stats and mod_time from default config
– Improve error formatting
– Switch more log message to warning level
– Don’t hide ‘undef’ exceptions during config validation
– Fail early when loading unavailable SIP or STUN modules
– Report real address of a listener
– Fix stacktrace call by getting it out of lager context
– Log message on incoming s2s connection close
– Better format invalid values when logging them
– Only lookup FQDN at configuration (re)loading
– muc_invite hook now also receives the Packet as argument
– Recognize more non-atom fields in format_room_option
– send_message command triggers hook for user_send_packet
– Remove num_active_users as it uses calls to last_activity mnesia table
– Move XMPP stream and SASL processing to xmpp repo
– Move randoms module to p1_utils repo
– Move shaper to p1_utils repo
– Fix misc:try_url for erlang = 3.2.0
– Refactor ejabberd_listener source code and API
– Fix regression: list SASL EXTERNAL mechanism for inbound s2s
– Disable cache for anonymous auth backend
– Improve URLs validation
– Resize SQL pool on configuration reload
– MySQL: Use MEDIUMTEXT for MAM/offline messages
– fix for freetds UTF-8 corruption
– Fix piefxis import of vCard and privacy lists
– Lua script for cleaning redis sessions
– Add ODBC connection robustness
– Log error if ‘put_url’ is reused
– Adjust default value of ‘put_url’
– Deprecate ‘service_url’ option
– Add “Allow” to OPTIONS response
– Avoid timers from timer module
– Don’t store “external” slots
– Treat file and network errors differently
– Introduce new option ‘external_secret’
– Increase gen_server call timeout
– Put more info in log messages
– mod_http_upload_quota: Fix process name lookup
– Allow an occupant owner/admin to kick lower-affiliation moderator
– mod_muc_room: Fix the room’s CAPS hash: include xdata
– Fix max_user_conferences in Mnesia to consider only one MUC service
– mod_muc: Don’t set default for muc#roomconfig_lang
– mod_muc: Increase ‘max_user_conferences’ default from 10 to 100
– Reload internal room’s configuration when mod_muc is reloaded
– In response with list of room subscriptions include also events
– Add information about real sender to mucsub message meta
– Allow a subscribed owner/admin to kick lower-affiliation moderator
– Allow a subscribed owner/admin to kick participants and visitors
– Allow a subscribed owner/admin to change participant / visitor
– BOSH: Wait for more data than just before sending
– BOSH: Make sure that we always start inactivity timer from drop_holding_receiver
– MAM: Don’t strip offline message stanza IDs
– MAM: Make sure stanza IDs aren’t reused
– mod_muc_log: Support both filenames and URLs in ‘cssfile’ option
– mod_ping: Don’t stop sending pings when receiving timeout for timeout_action=none
– mod_proxy65: Don’t ignore send() result
– mod_proxy65: Increase default buffer size for mod_proxy65
– PubSub: Correctly handle empty result with RSM
– PubSub: Enforce pubsub option required/rejected attributes
– mod_register_web: Handle ejabberd_captcha error reports