I think that it's faily easy to redirect TCP connections using
iptables, so I isn't so important to be able to bind privileged ports.
A simple example will be included into README.Debian.
Thanks for resolving the logging issue so quickly.
In a large installation, the state table for port mapping may be
undesirable. It is up to the system administrator to decide which
solution they prefer - although both solutions (port mapping and
listening on an extra port) are equally legitimate. Can we make setuid
operation a wishlist item for Erlang perhaps?
Here is the code I added to /etc/ejabberd/ejabberd.cfg for binding to a
specific IP address and both ports - 5222 (the default) and 443. In
this case, I also tell ejabberd to bind to a specific IP address,
because there is a genuine https service running on the same host:
% Listened ports:
{listen,
% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
{ip, {192, 168, 1, 100}},
{max_stanza_size, 65536},
starttls, {certfile,
"/etc/ejabberd/ejabberd.pem"},
{shaper, c2s_shaper}]},
{443, ejabberd_c2s, [{access, c2s},
{ip, {192, 168, 1, 100}},
{max_stanza_size, 65536},
starttls, {certfile,
"/etc/ejabberd/ejabberd.pem"},
{shaper, c2s_shaper}]},
Also, do you think it is safe for ejabberd to accept new registrations
by default? Has the issue been discussed already? I think all the
Jabber server packages should disable this feature by default, with a
debconf option to enable it. A note on this issue might also be useful
in README.Debian
Regards,
Daniel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
