eJabberd注册 - 服务政策拒绝访问

时间:2018-06-10 20:54:46

标签: ejabberd

我正在尝试在eJabberd服务器上注册新用户,并且我正在通过服务政策&#34; <#34; 访问被拒绝&#34;错误。

使用Jabber-Net库从.Net C#软件调用并在服务器pc上运行。

服务器平台是:Windows Server 2012 R2(64位)。 服务器版本是:eJabberd 17.11 Erlang版本是:Erlang OTV 20(9.2)

用于发送请求的方法依据:XEP-0077:带内注册。

步骤1.0 - 检索注册字段:

<iq id="JN_1" type="get" to="myserver.com">
  <query xmlns="jabber:iq:register" />
</iq>

步骤1.1 - 接收注册字段:

<iq xml:lang="en" type="result" from="myserver.com" id="JN_1">
  <query xmlns="jabber:iq:register">
    <username />
    <password />
    <instructions>Choose a username and password to register with this server</instructions>
  </query>
</iq>

步骤2.0 - 发送注册信息:

<iq id="JN_2" type="set" to="myserver.com">
  <query xmlns="jabber:iq:register">
    <username>hvTest01</username>
    <password>hvt01</password>
  </query>
</iq>

步骤2.1 - 错误而不是确认:

<iq xml:lang="en" type="error" from="myserver.com" id="JN_2">
  <query xmlns="jabber:iq:register">
    <username>hvTest01</username>
    <password>hvt01</password>
  </query>
  <error type="auth" code="403">
    <forbidden xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" />
    <text xml:lang="en" xmlns="urn:ietf:params:xml:ns:xmpp-stanzas">Access denied by service policy</text>
  </error>
</iq>

我还尝试在作为服务器管理员进行身份验证时运行相同的方法并获得相同的结果。

有趣的是,取消注册实际上工作正常。

使用以下DOS提示符命令实际上有效:

ejabberdctl register USERNAME myserver.com PASSWORD

但这对我来说是无用的,因为我需要使用.Net软件,最后我还需要从非本地IP进行。

但是现在,如果我可以执行eJabberd服务器上本地运行的.Net软件的请求,那将是一个重大突破......

关于如何配置服务器我发了很多帖子,但说实话,我真的不懂。

所以这里是重磅炸弹(yml配置文件):

###
###'           ejabberd configuration file
###
###

### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/

### The configuration file is written in YAML.
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
###   Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
###   Examples of quoted string: "Lizzard", "orange".
###   Example of folded string:
###   > Art thou not Romeo,
###     and a Montague?

###.  =======
###'  LOGGING

##
## loglevel: Verbosity of log files generated by ejabberd.
## 0: No ejabberd log at all (not recommended)
## 1: Critical
## 2: Error
## 3: Warning
## 4: Info
## 5: Debug
##
loglevel: 5

##
## rotation: Describe how to rotate logs. Either size and/or date can trigger
## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
## does not disable rotation, it instead rotates the file and keeps no previous
## versions around. Setting size to X rotate log when it reaches X bytes.
## To disable rotation set the size to 0 and the date to ""
## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
## Some examples:
##  $D0     rotate every night at midnight
##  $D23    rotate every day at 23:00 hr
##  $W0D23  rotate every week on Sunday at 23:00 hr
##  $W5D16  rotate every week on Friday at 16:00 hr
##  $M1D0   rotate on the first day of every month at midnight
##  $M5D6   rotate on every 5th day of the month at 6:00 hr
##
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1

##
## overload protection: If you want to limit the number of messages per second
## allowed from error_logger, which is a good idea if you want to avoid a flood
## of messages when system is overloaded, you can set a limit.
## 100 is ejabberd's default.
log_rate_limit: 100

##
## watchdog_admins: Only useful for developers: if an ejabberd process
## consumes a lot of memory, send live notifications to these XMPP
## accounts.
##
## watchdog_admins:
##   - "Better1@myserver.com"

###.  ===============
###'  NODE PARAMETERS

##
## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
## identical value on all nodes, and in most cases shouldn't be changed at all from
## default value.
##
## net_ticktime: 60

###.  ================
###'  SERVED HOSTNAMES

##
## hosts: Domains served by ejabberd.
## You can define one or several, for example:
## hosts:
##   - "example.net"
##   - "example.com"
##   - "example.org"
##
hosts:
  - "myserver.com"

##
## route_subdomains: Delegate subdomains to other XMPP servers.
## For example, if this ejabberd serves example.org and you want
## to allow communication with an XMPP server called im.example.org.
##
## route_subdomains: s2s

###.  ============
###'  Certificates

## List all available PEM files containing certificates for your domains,
## chains of certificates or certificate keys. Full chains will be built
## automatically by ejabberd.
##
certfiles:
  - "C:\\ProgramData\\ejabberd\\conf\\server.pem"
##   - "/etc/letsencrypt/live/example.org/*.pem"
##   - "/etc/letsencrypt/live/example.com/*.pem"
##
## If your system provides only a single CA file (CentOS/FreeBSD):
## s2s_cafile: "/etc/ssl/certs/ca-bundle.pem"

###.  =================
###'  TLS configuration

define_macro:
  'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
  'TLS_OPTIONS':
    - "no_sslv3"
    - "cipher_server_preference"
    - "no_compression"
##   'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
##
## c2s_dhfile: 'DH_FILE'
## s2s_dhfile: 'DH_FILE'
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'

###.  ===============
###'  LISTENING PORTS

##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
  -
    port: 5222
    ip: "0.0.0.0"
    module: ejabberd_c2s
    starttls: true
    ##
    ## To enforce TLS encryption for client connections,
    ## use this instead of the "starttls" option:
    ##
    ## starttls_required: true
    ##
    ## Stream compression
    ##
    ## zlib: true
    ##
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
    acces_from: allow
  -
    port: 5269
    ip: "0.0.0.0"
    module: ejabberd_s2s_in
    max_stanza_size: 131072
    shaper: s2s_shaper
  -
    port: 5280
    ip: "0.0.0.0"
    module: ejabberd_http
    request_handlers:
      "/ws": ejabberd_http_ws
      "/bosh": mod_bosh
      "/api": mod_http_api
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    register: true
    captcha: false
  ##
  ## ejabberd_service: Interact with external components (transports, ...)
  ##
  ## -
  ##   port: 8888
  ##   ip: "0.0.0.0"
  ##   module: ejabberd_service
  ##   access: all
  ##   shaper_rule: fast
  ##   ip: "127.0.0.1"
  ##   privilege_access:
  ##      roster: "both"
  ##      message: "outgoing"
  ##      presence: "roster"
  ##   delegations:
  ##      "urn:xmpp:mam:1":
  ##        filtering: ["node"]
  ##      "http://jabber.org/protocol/pubsub":
  ##        filtering: []
  ##   hosts:
  ##     "icq.example.org":
  ##       password: "secret"
  ##     "sms.example.org":
  ##       password: "secret"

  ##
  ## ejabberd_stun: Handles STUN Binding requests
  ##
  ## -
  ##   port: 3478
  ##   transport: udp
  ##   module: ejabberd_stun

  ##
  ## To handle XML-RPC requests that provide admin credentials:
  ##
  -
    port: 4560
    ip: "0.0.0.0"
    module: ejabberd_xmlrpc
    maxsessions: 10
    timeout: 5000
    access_commands:
  ##     admin:
        commands: all
        options: []
        commands_admin_access: xmlrpc_access
  ##
  ## To enable secure http upload
  ##
  ## -
  ##   port: 5444
  ##   ip: "::"
  ##   module: ejabberd_http
  ##   request_handlers:
  ##     "": mod_http_upload
  ##   tls: true

## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
## password storage (see auth_password_format option).
## disable_sasl_mechanisms: "digest-md5"

###.  ==================
###'  S2S GLOBAL OPTIONS

##
## s2s_use_starttls: Enable STARTTLS for S2S connections.
## Allowed values are: false, optional or required
## You must specify 'certfiles' option
##
s2s_use_starttls: optional

##
## domain_certfile: Specify a different certificate for each served hostname.
##
## host_config:
##   "example.org":
##     domain_certfile: "C:\\ProgramData\\ejabberd\\conf\\example_org.pem"
##   "example.com":
##     domain_certfile: "C:\\ProgramData\\ejabberd\\conf\\example_com.pem"

##
## S2S whitelist or blacklist
##
## Default s2s policy for undefined hosts.
##
## s2s_access: s2s

##
## Outgoing S2S options
##
## Preferred address families (which to try first) and connect timeout
## in seconds.
##
## outgoing_s2s_families:
##   - ipv4
##   - ipv6
## outgoing_s2s_timeout: 190

###.  ==============
###'  AUTHENTICATION

##
## auth_method: Method used to authenticate the users.
## The default method is the internal.
## If you want to use a different method,
## comment this line and enable the correct ones.
##
auth_method: sql

##
## Store the plain passwords or hashed for SCRAM:
## auth_password_format: plain
## auth_password_format: scram
##
## Define the FQDN if ejabberd doesn't detect it:
## fqdn: "server3.example.com"

##
## Authentication using external script
## Make sure the script is executable by ejabberd.
##
## auth_method: external
## extauth_program: "/path/to/authentication/script"

##
## Authentication using SQL
## Remember to setup a database in the next section.
##
## auth_method: sql

##
## Authentication using PAM
##
## auth_method: pam
## pam_service: "pamservicename"

##
## Authentication using LDAP
##
## auth_method: ldap
##
## List of LDAP servers:
## ldap_servers:
##   - "localhost"
##
## Encryption of connection to LDAP servers:
## ldap_encrypt: none
## ldap_encrypt: tls
##
## Port to connect to on LDAP servers:
## ldap_port: 389
## ldap_port: 636
##
## LDAP manager:
## ldap_rootdn: "dc=example,dc=com"
##
## Password of LDAP manager:
## ldap_password: "******"
##
## Search base of LDAP directory:
## ldap_base: "dc=example,dc=com"
##
## LDAP attribute that holds user ID:
## ldap_uids:
##   - "mail": "%u@mail.example.org"
##
## LDAP filter:
## ldap_filter: "(objectClass=shadowAccount)"

##
## Anonymous login support:
##   auth_method: anonymous
##   anonymous_protocol: sasl_anon | login_anon | both
##   allow_multiple_connections: true | false
##
## host_config:
##   "public.example.org":
##     auth_method: anonymous
##     allow_multiple_connections: false
##     anonymous_protocol: sasl_anon
##
## To use both anonymous and internal authentication:
##
## host_config:
##   "public.example.org":
##     auth_method:
##       - internal
##       - anonymous

###.  ==============
###'  DATABASE SETUP

## ejabberd by default uses the internal Mnesia database,
## so you do not necessarily need this section.
## This section provides configuration examples in case
## you want to use other database backends.
## Please consult the ejabberd Guide for details on database creation.

##
## MySQL server:
##
sql_type: mysql
sql_server: "localhost"
sql_database: "xmpp"  
sql_username: "root"
sql_password: "SomePassword"
##
## If you want to specify the port:
sql_port: 3306

##
## PostgreSQL server:
##
## sql_type: pgsql
## sql_server: "server"
## sql_database: "database"
## sql_username: "username"
## sql_password: "password"
##
## If you want to specify the port:
## sql_port: 1234
##
## If you use PostgreSQL, have a large database, and need a
## faster but inexact replacement for "select count(*) from users"
##
## pgsql_users_number_estimate: true

##
## SQLite:
##
## sql_type: sqlite
## sql_database: "C:\\Program Files\\ejabberd-17.11\\database\\ejabberd.db"

##
## ODBC compatible or MSSQL server:
##
## sql_type: odbc
## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"

##
## Number of connections to open to the database for each virtual host
##
## sql_pool_size: 10

##
## Interval to make a dummy SQL request to keep the connections to the
## database alive. Specify in seconds: for example 28800 means 8 hours
##
## sql_keepalive_interval: undefined

###.  ===============
###'  TRAFFIC SHAPERS

shaper:
  ##
  ## The "normal" shaper limits traffic speed to 1000 B/s
  ##
  normal: 1000

  ##
  ## The "fast" shaper limits traffic speed to 50000 B/s
  ##
  fast: 50000

##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
##
max_fsm_queue: 10000

###.   ====================
###'   ACCESS CONTROL LISTS
acl:
  ##
  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  ## You can put here as many accounts as you want.
  ##
  admin:
    user:
      - "Better1@myserver.com"
    xmlrpc_acl:
        user:
        - "Better1@myserver.com"
  ##
  ## Blocked users
  ##
  ## blocked:
  ##   user:
  ##     - "baduser@example.org"
  ##     - "test"

  ## Local users: don't modify this.
  ##
  local:
    user_regexp: ""

  ##
  ## More examples of ACLs
  ##
  ## jabberorg:
  ##   server:
  ##     - "jabber.org"
  ## aleksey:
  ##   user:
  ##     - "aleksey@jabber.ru"
  ## test:
  ##   user_regexp: "^test"
  ##   user_glob: "test*"

  ##
  ## Loopback network
  ##
  loopback:
    ip:
     - "127.0.0.0/8"
  ##   - "::1/128"


  ##
  ## Bad XMPP servers
  ##
  ## bad_servers:
  ##   server:
  ##     - "xmpp.zombie.org"
  ##     - "xmpp.spam.com"

##
## Define specific ACLs in a virtual host.
##
## host_config:
##   "localhost":
##     acl:
##       admin:
##         user:
##           - "bob-local@localhost"

###.  ============
###'  SHAPER RULES

shaper_rules:
  ## Maximum number of simultaneous sessions allowed for a single user:
  max_user_sessions: 10
  ## Maximum number of offline messages that users can have:
  max_user_offline_messages:
    - 5000: admin
    - 100
  ## For C2S connections, all users except admins use the "normal" shaper
  c2s_shaper:
    - none: admin
    - normal
  ## All S2S connections use the "fast" shaper
  s2s_shaper: fast

###.  ============
###'  ACCESS RULES
xmlrpc_access:
    - allow: xmlrpc_acl
access_rules:
  ## This rule allows access only for local users:
  local:
    - allow: local
  ## Only non-blocked users can use c2s connections:
  c2s:
    - deny: blocked
    - allow
  ## Only admins can send announcement messages:
  announce:
    - allow: admin
  ## Only admins can use the configuration interface:
  configure:
    - allow: all
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create:
    - allow: local
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode:
    - allow: local
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register:
    - allow
  ## Only allow to register from localhost
  trusted_network:
    - loopback: allow
  ## Do not establish S2S connections with bad servers
  ## If you enable this you also have to uncomment "s2s_access: s2s"
  ## s2s:
  ##   - deny:
  ##     - ip: "XXX.XXX.XXX.XXX/32"
  ##   - deny:
  ##     - ip: "XXX.XXX.XXX.XXX/32"
  ##   - allow


## ===============
## API PERMISSIONS
## ===============
##
## This section allows you to define who and using what method
## can execute commands offered by ejabberd.
##
## By default "console commands" section allow executing all commands
## issued using ejabberdctl command, and "admin access" section allows
## users in admin acl that connect from 127.0.0.1 to  execute all
## commands except start and stop with any available access method
## (ejabberdctl, http-api, xmlrpc depending what is enabled on server).
##
## If you remove "console commands" there will be one added by
## default allowing executing all commands, but if you just change
## permissions in it, version from config file will be used instead
## of default one.
##
api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      - access:
          - allow:
            - ip: "127.0.0.1/8"
            - acl: loopback
            - acl: admin
      - oauth:
        - scope: "ejabberd:admin"
        - access:
          - allow:
            - ip: "127.0.0.1/8"
            - acl: loopback
            - acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      - ip: "127.0.0.1/8"
    what:
      - "status"
      - "connected_users_number"

## By default the frequency of account registrations from the same IP
## is limited to 1 account every 10 minutes. To disable, specify: infinity
## registration_timeout: 600

##
## Define specific Access Rules in a virtual host.
##
## host_config:
##   "localhost":
##     access:
##       c2s:
##         - allow: admin
##         - deny
##       register:
##         - deny

###.  ================
###'  DEFAULT LANGUAGE

##
## language: Default language used for server messages.
##
language: "en"

##
## Set a different default language in a virtual host.
##
## host_config:
##   "localhost":
##     language: "ru"

###.  =======
###'  CAPTCHA

##
## Full path to a script that generates the image.
##
## captcha_cmd: "C:\\Program Files\\ejabberd-17.11\\lib\\ejabberd-17.11\\priv\\bin\\captcha.sh"

##
## Host for the URL and port where ejabberd listens for CAPTCHA requests.
##
## captcha_host: "myserver.com:5280"

##
## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
##
## captcha_limit: 5

###.  ====
###'  ACME
##
## In order to use the acme certificate acquiring through "Let's Encrypt"
## an http listener has to be configured to listen to port 80 so that
## the authorization challenges posed by "Let's Encrypt" can be solved.
## 
## A simple way of doing this would be to add the following in the listening
## section and to configure port forwarding from 80 to 5280 either via NAT
## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc.
##   - 
##    port: 5280
##    ip: "::"
##    module: ejabberd_http

acme:

   ## A contact mail that the ACME Certificate Authority can contact in case of
   ## an authorization issue, such as a server-initiated certificate revocation.
   ## It is not mandatory to provide an email address but it is highly suggested.
   contact: "mailto:Better1@myserver.com"


   ## The ACME Certificate Authority URL.
   ## This could either be:
   ##   - https://acme-v01.api.letsencrypt.org - (Default) for the production CA
   ##   - https://acme-staging.api.letsencrypt.org - for the staging CA
   ##   - http://localhost:4000 - for a local version of the CA
   ca_url: "https://acme-v01.api.letsencrypt.org"

###.  =======
###'  MODULES

##
## Modules enabled in all ejabberd virtual hosts.
##
modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce: # recommends mod_adhoc
    access: announce
  mod_blocking: {} # requires mod_privacy
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {} # requires mod_adhoc
  ## mod_delegation: {} # for xep0356
  mod_disco: {}
  ## mod_echo: {}
  ## mod_irc: {}
  mod_bosh: {}
  ## mod_http_fileserver:
  ##   docroot: "/var/www"
  ##   accesslog: "C:\\Program Files\\ejabberd-17.11\\logs\\access.log"
  ## mod_http_upload:
  ##   # docroot: "@HOME@/upload"
  ##   put_url: "https://@HOST@:5444"
  ##   thumbnail: false # otherwise needs the identify command from ImageMagick installed
  ## mod_http_upload_quota:
  ##   max_days: 30
  mod_last: {}
  ## XEP-0313: Message Archive Management
  ## You might want to setup a SQL backend for MAM because the mnesia database is
  ## limited to 2GB which might be exceeded on large servers
  ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
  mod_muc:
    ## host: "conference.@HOST@"
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
  mod_muc_admin: {}
  ## mod_muc_log: {}
  ## mod_multicast: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  ## mod_pres_counter:
  ##   count: 5
  ##   interval: 60
  mod_privacy: {}
  mod_private: {}
  ## mod_proxy65: {}
  mod_pubsub:
    access_createnode: pubsub_createnode
    ## reduces resource comsumption, but XEP incompliant
    ignore_pep_from_offline: true
    ## XEP compliant, but increases resource comsumption
    ## ignore_pep_from_offline: false
    last_item_cache: false
    plugins:
      - "flat"
      - "pep" # pep requires mod_caps
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    ##
    ## Protect In-Band account registrations with CAPTCHA.
    ##
    ##   captcha_protected: true
    ##
    ## Set the minimum informational entropy for passwords.
    ##
    ##   password_strength: 32
    ##
    ## After successful registration, the user receives
    ## a message with this subject and body.
    ##
    welcome_message:
      subject: "Welcome!"
      body: |-
        Hi.
        Welcome to this XMPP server.
    ##
    ## When a user registers, send a notification to
    ## these XMPP accounts.
    ##
    ##   registration_watchers:
    ##     - "admin1@example.org"
    ##
    ## Only clients in the server machine can register accounts
    ##
    ip_access: trusted_network
    ##
    ## Local c2s or remote s2s users cannot register accounts
    ##
    ##   access_from: deny
    access: register
  mod_roster: {}
  mod_shared_roster: {}
  ## mod_stats: {}
  ## mod_time: {}
  mod_vcard:
    search: false
  mod_vcard_xupdate: {}
  ## Convert all avatars posted by Android clients from WebP to JPEG
  ## mod_avatar:  # this module needs compile option
  ##   convert:
  ##     webp: jpeg
  mod_version: {}
  mod_stream_mgmt: {}
  ##   Non-SASL Authentication (XEP-0078) is now disabled by default
  ##   because it's obsoleted and is used mostly by abandoned
  ##   client software
  ## mod_legacy_auth: {}
  ##   The module for S2S dialback (XEP-0220). Please note that you cannot
  ##   rely solely on dialback if you want to federate with other servers,
  ##   because a lot of servers have dialback disabled and instead rely on
  ##   PKIX authentication. Make sure you have proper certificates installed
  ##   and check your accessibility at https://check.messaging.one/
  mod_s2s_dialback: {}
  mod_http_api: {}

##
## Enable modules with custom options in a specific virtual host
##
## host_config:
##   "localhost":
##     modules:
##       mod_echo:
##         host: "mirror.localhost"

##
## Enable modules management via ejabberdctl for installation and
## uninstallation of public/private contributed modules
## (enabled by default)
##

allow_contrib_modules: true

###.
###'
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:

所以,如果有人能够指出问题是什么,如果更好,他们可以说明我需要什么样的配置来支持特定IP的注册只会让我成为一个非常幸福的人......

2 个答案:

答案 0 :(得分:0)

首先,在5222监听器中,此选项有一个拼写错误:

acces_from: allow

现在就此事;你已经改变了一些选项,你在配置中有这个选择:

  trusted_network:
    - loopback: allow

如果查看原始的ejabbed.yml配置文件,那应该是:

  trusted_network:
    - allow: loopback

答案 1 :(得分:0)

我已经完全删除了环回,然后它工作得很好。

AuthenticationError: Unauthorized at allFailed (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\passport\lib\middleware\authenticate.js:172:21) at attempt (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\passport\lib\middleware\authenticate.js:180:28) at JwtStrategy.strategy.fail (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\passport\lib\middleware\authenticate.js:297:9) at JwtStrategy.authenticate (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\passport-jwt\lib\strategy.js:96:21) at attempt (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\passport\lib\middleware\authenticate.js:361:16) at authenticate (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\passport\lib\middleware\authenticate.js:362:7) at handleReturn (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express-promise-router\lib\express-promise-router.js:24:27) at D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express-promise-router\lib\express-promise-router.js:56:9 at Layer.handle [as handle_request] (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\layer.js:95:5) at next (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\route.js:137:13) at Route.dispatch (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\route.js:112:3) at Layer.handle [as handle_request] (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\layer.js:95:5) at D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\index.js:281:22 at Function.process_params (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\index.js:335:12) at next (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\index.js:275:10) at Function.handle (D:\GLHF\LEARN\NODE JS\mm-test\node_modules\express\lib\router\index.js:174:3)

OLD: pubsub_createnode: - allow: local register: - allow trusted_network: - allow: loopback