0

Summarizing my requirement here.

Configure Ejabberd cluster setup under AWS application load balancer, then register 10K users with Ejabberd API request. Once the user accounts created, login with those users, create rooms & perform the chat test with multiple rooms with multiple user accounts.

Summarizing the existing Ejabberd cluster setup.

I have configured the Ejabberd cluster setup with two nodes in AWS instance. Then I have created an AWS Application Load balancer with two target groups, one target group with port number 5280 (Admin URL) & other target group 5222 (XMPP client authentication). Then I’m registering the ejabberd user with below API request (I may create 10K accounts with script).

http://<AWS Load balancer domain name>:5280/api/register
{
      "user": "test_user1",
      "host": "<AWS Load balancer domain name>",
      "password": "********"
}

Until here the Ejabberd setup working fine (I have created a virtual host with AWS load balancer domain name in Ejabberd config file : “/opt/ejabberd/conf/ejabberd.yml”).

When I’m trying to authenticate the registered user with Pidgin XMPP client, I’m not able to authenticate the registered user with load balancer domain name.

I have noticed that the Ejabberd servers are receiving the request from AWS load balancer internal private IP address (not from the load balancer actual domain name), hence the ejabberd authentication is not working with AWS application load balancer.

Please help me to achieve this requirement..

Badlop
  • 580
  • 3
  • 5
Jineesh
  • 1

1 Answers1

0

When I’m trying to authenticate the registered user with Pidgin XMPP client, I’m not able to authenticate the registered user with load balancer domain name.

Why not? You should edit your post and show the messages logged regarding that authentication attempt.

I don't know about AWS load balancing, but I'll just mention one weird reasoning:

I have noticed that the Ejabberd servers are receiving the request from AWS load balancer internal private IP address (not from the load balancer actual domain name), hence the ejabberd authentication is not working with AWS application load balancer.

Umm... As long as ejabberd receives the XMPP stanzas attempting to authenticate, and they provide the correct account credentials, it doesn't matter from where do that connection come, and to what exact interface it connects (5222 listener, 5280, 127.0.0.1, or any other address where ejabberd is listening).

For example, those are the messages logged when an account is registered, and it logins correctly:

2020-12-04 12:16:08.006547+01:00 [info] The account user2@localhost
 was registered from IP address 127.0.0.1

2020-12-04 12:16:13.502761+01:00 [info] (<0.675.0>)
 Accepted connection 127.0.0.1:46309 -> 127.0.0.1:5222
2020-12-04 12:16:13.607712+01:00 [info] (tls|<0.675.0>)
 Accepted c2s DIGEST-MD5 authentication for user2@localhost by mnesia backend from 127.0.0.1
2020-12-04 12:16:13.650407+01:00 [info] (tls|<0.675.0>)
 Opened c2s session for user2@localhost/tka1

Are your accounts really registered? How are you sure? Are they registered with the correct host?

You can check the accounts in ejabberd WebAdmin, or dumping the database to a text file and looking at the passwd table, or using ejabberdctl debug or live and the command:

(ejabberd@localhost)3> mnesia:dirty_read(passwd,mnesia:dirty_first(passwd)).
[{passwd,{<<"user2">>,<<"localhost">>},
         <<"mypass11'a},ca">>}]
Badlop
  • 580
  • 3
  • 5
  • Thank you very much for your reply. I have achieved my requirement with HAProxy load balancer instead of AWS ALB. Reference Link : https://blog.onefellow.com/post/76702632637/haproxy-and-ejabberd (The Ejabberd XMPP client authentication working fine with HAProxy load balancer). – Jineesh Dec 04 '20 at 14:57