Skip to content

Ejabberd HTTP File Upload (XEP-0363)

Ejabberd HTTP File Upload (XEP-0363) Posted on November 14, 2016 by mafio / 1 Comment

XMPP’s module HTTP File Upload (formerly XEP-0363) provides a way to share files between XMPP clients, it works transparently and even in multi user chats. The sender uploads a file on an HTTP(S) server that will then generate an URI, this is sent to each one of the recipients that can then download it. The interesting bits about this XEP are various:

  1. File sharing now works even in multi-user chats (MUC), in any case the file is only uploaded a single time even if the recipients are more than one.
  2. Peer-to-peer file transfer, be it in-band (XEP-0234: Jingle File Transfer) or out-of-band (XEP-0065: SOCKS5 Bytestreams), is slow, unreliable, does not work in MUC and does not work if the recipient is offline.
  3. HTTP File Upload supports both client-server encryption (HTTPS) and end-to-end encryption when used in conjunction with OMEMO encryption (as per today this is supported by Conversations on Android and Gajim desktop client). 3.1. When using OMEMO encryption the files are stored encrypted on the server, this makes it impossibile for ejabberd to create a thumbnail if the file sent is a picture. To enable HTTP File Upload module with HTTPS enabled in ejabberd edit ejabberd.yml configuration file:
$ listen:
  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "upload": mod_http_upload
    tls: true
    certfile: "/usr/local/etc/ejabberd/ejabberd.pem"
    protocol_options: 'TLS_OPTIONS'
    dhfile: 'DH_FILE'
    ciphers: 'TLS_CIPHERS'
 
modules:
  mod_http_upload:
    docroot: "/home/ejabberd/upload" # this must be a valid path, user ownership and SELinux flags must be set accordingly
    put_url: "https://@HOST@:5443/upload"
    access: local
    max_size: 500000000 #500 MByte
    thumbnail: false
  mod_http_upload_quota:
    max_days: 2
 
shaper:
  soft_upload_quota:
    - 1000: all # MiB
  hard_upload_quota:
    - 1100: all # MiB

Add an iptables rule to allow traffic coming from port 5443: 1

INPUT -p tcp -m state --state NEW -m tcp --dport 5443 -j ACCEPT

Reload ejabberd service and manually force reconnection in Conversations to be sure HTTP File Upload module is actually being used.

CentOS 7, Conversations, ejabberd, iptables mafio look at the "About me" page. View all posts by mafio → Post navigation Older post Copy Linux sparse files over network Newer post BTRFS RAID10 on Gentoo 1 Comment

Suzyo Nyirenda
July 14, 2017 at 12:33 pm

great post
Reply

https://uwot.eu/blog/ejabberd-http-file-upload-xep-0363/

Edited by peturbg