Problem with http-bind to XMPP server

I have xmpp-based chat enabled on this site where I currently have some trouble with. You can reach it here: https://f.haeder.net/http-bind

The upstream server behind it runs at and is configured as followed:
{5280, ejabberd_http, [captcha, http_put, http_poll, http_bind]}
and ...
port: 5280
ip: ""
module: ejabberd_http
"/websocket": ejabberd_http_ws
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: true
tls: true
certfile: "/etc/ejabberd/ejabberd.pem"

In /var/log/ejabberd/error.log I see tons of these messages:
2018-05-13 xx:xx:xx.xxx [critical]<0.2508.0>@extauth:loop:142 extauth script has exitted abruptly with reason 'normal'
chat ejabberd friendica xmpp
Process is clearly listening:
# netstat -lnp |grep 5280
tcp 0 0* LISTEN xxx/beam.smp
In my #apache2.4 configuration file I have this:

<IfModule mod_proxy.c>
<IfModule mod_proxy_http.c>
ProxyPass /http-bind retry=0
Ah, if I call that URL with lynx, nothing returns, but with https something returns! Here is the bug!
FIXED!!! I had to set tls: false, restart ejabberd, then apache. #fixed
#TIL If you restart apache first, it won't work as ejabberd must be listening already when apache builds the proxy chain (which makes sense again). And yeah, having TLS on makes no sense. ;-)

Well, #shit-happens

XMPP addon does no longer connect to ejabberd

@Friendica Support I had always a working XMPP instance on my friendica instance. Now it doesn't connect. I have enabled debug log in .htaconfig file but nothing is written there.

With pstree I can only see beam.smp with 18 beam.smp threads but no ejabberd_auth.php sub process which did happen before. strace tells me that it tries to read from 0 (stdin) so it seems to wait for input. Access rights and correct user/group are set (0700, ejabberd.ejabberd according to documentation). Yet still it isn't starting.

Any ideas what might cause this?
@Friendica Support addon ejabberd friendica jabber xmpp
Have you changed the path to ejabberd_auth.php? It moved to "scripts".
No, I still have it in include but it did work before. Sure, I need to find some time for updating my instance ...
Then try at first a regular XMPP client to see where the problem is.
As I said, only beam.smp is visible in pstree view, no forked auth_ejabberd.php.
You are on the develop branch. When have you updated your system? Several weeks ago the script moved.
And no, it is not working. Not even a single debug message in ejabberd.log.
Okay, I have always updated ejabberd.cfg but ejabberd.yml is used. No wonder that auth_ejabberd.php was never loaded. Now it is loaded but still the same. I'll digg deeper for this ...
Please check via an external client.
Tried it with #gajim, no change. :-(
Somehow it listens only on IPv6 requests, which I surely not do (not now).
Okay, the private key part in ejabberd.pem was missing. Now I can connect and even with SSL.
Still nothing on friendica's side. It looks like no connect is going through. http-bind is available at https://f.haeder.net/http-bind and returns a 503?
Have a look at your system logfile (/var/log/user.log). There you should see some lines for "auth_ejabberd".
I have found out that ejabberd's http-bin was listening not on but instead on public IP. Maybe misconfiguration, still I'm getting a 502 on pointing my browser to https://f.haeder.net/http-bind

http-bind settings and listener

<IfModule mod_proxy.c>
<IfModule mod_proxy_http.c>
ProxyPass /http-bind retry=0


# netstat -lnp|grep 5280
tcp 0 0* LISTEN xxxxx/beam.smp
apache24 bosh ejabberd http-bind
newer older