|
@@ -1,330 +0,0 @@
|
|
|
-###
|
|
|
-###' ejabberd configuration file
|
|
|
-###
|
|
|
-###
|
|
|
-
|
|
|
-### The parameters used in this configuration file are explained in more detail
|
|
|
-### in the ejabberd Installation and Operation Guide.
|
|
|
-### Please consult the Guide in case of doubts, it is included with
|
|
|
-### your copy of ejabberd, and is also available online at
|
|
|
-### https://docs.ejabberd.im/
|
|
|
----
|
|
|
-###. =======
|
|
|
-###' LOGGING
|
|
|
-
|
|
|
-loglevel: 3
|
|
|
-hide_sensitive_log_data: true
|
|
|
-
|
|
|
-log_rotate_size: 0
|
|
|
-log_rotate_date: ""
|
|
|
-
|
|
|
-log_rate_limit: 100
|
|
|
-
|
|
|
-###. ================
|
|
|
-###' SERVED HOSTNAMES
|
|
|
-
|
|
|
-hosts:
|
|
|
- - "kuketz-lab.de"
|
|
|
-
|
|
|
-###. ============
|
|
|
-###' Certificates
|
|
|
-
|
|
|
-certfiles:
|
|
|
- - "/etc/ejabberd/certs/kuketz-lab.pem"
|
|
|
- - "/etc/ejabberd/certs/kuketz-lab.key"
|
|
|
-
|
|
|
-###. =================
|
|
|
-###' TLS configuration
|
|
|
-
|
|
|
-define_macro:
|
|
|
- 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
|
|
- 'TLS_OPTIONS':
|
|
|
- - "no_sslv3"
|
|
|
- - "no_tlsv1"
|
|
|
- - "no_tlsv1_1"
|
|
|
- - "cipher_server_preference"
|
|
|
- - "no_compression"
|
|
|
-
|
|
|
-c2s_ciphers: 'TLS_CIPHERS'
|
|
|
-s2s_ciphers: 'TLS_CIPHERS'
|
|
|
-c2s_protocol_options: 'TLS_OPTIONS'
|
|
|
-s2s_protocol_options: 'TLS_OPTIONS'
|
|
|
-
|
|
|
-###. ===============
|
|
|
-###' LISTENING PORTS
|
|
|
-
|
|
|
-listen:
|
|
|
- -
|
|
|
- port: 5222
|
|
|
- ip: "::"
|
|
|
- module: ejabberd_c2s
|
|
|
- starttls_required: true
|
|
|
- max_stanza_size: 65536
|
|
|
- shaper: c2s_shaper
|
|
|
- access: c2s
|
|
|
- -
|
|
|
- port: 5223
|
|
|
- ip: "::"
|
|
|
- module: ejabberd_c2s
|
|
|
- tls: true
|
|
|
- max_stanza_size: 65536
|
|
|
- shaper: c2s_shaper
|
|
|
- access: c2s
|
|
|
- -
|
|
|
- port: 5269
|
|
|
- ip: "::"
|
|
|
- module: ejabberd_s2s_in
|
|
|
- -
|
|
|
- port: 5270
|
|
|
- ip: "::"
|
|
|
- module: ejabberd_s2s_in
|
|
|
- tls: true
|
|
|
- -
|
|
|
- port: 5443
|
|
|
- ip: "::"
|
|
|
- module: ejabberd_http
|
|
|
- request_handlers:
|
|
|
- "/upload": mod_http_upload
|
|
|
- tls: true
|
|
|
- ciphers: 'TLS_CIPHERS'
|
|
|
- protocol_options: 'TLS_OPTIONS'
|
|
|
-
|
|
|
-disable_sasl_mechanisms:
|
|
|
- - "digest-md5"
|
|
|
- - "x-oauth2"
|
|
|
-
|
|
|
-###. ==================
|
|
|
-###' S2S GLOBAL OPTIONS
|
|
|
-
|
|
|
-s2s_use_starttls: required
|
|
|
-
|
|
|
-###. ==============
|
|
|
-###' AUTHENTICATION
|
|
|
-
|
|
|
-auth_method: internal
|
|
|
-auth_password_format: scram
|
|
|
-
|
|
|
-###. ==============
|
|
|
-###' DATABASE SETUP
|
|
|
-
|
|
|
-###. ===============
|
|
|
-###' TRAFFIC SHAPERS
|
|
|
-
|
|
|
-shaper:
|
|
|
- normal: 1000
|
|
|
- fast: 50000
|
|
|
-
|
|
|
-max_fsm_queue: 10000
|
|
|
-
|
|
|
-###. ====================
|
|
|
-###' ACCESS CONTROL LISTS
|
|
|
-
|
|
|
-acl:
|
|
|
- admin:
|
|
|
- user:
|
|
|
- - "admin": "kuketz-lab.de"
|
|
|
-
|
|
|
- local:
|
|
|
- user_regexp: ""
|
|
|
-
|
|
|
- loopback:
|
|
|
- ip:
|
|
|
- - "127.0.0.0/8"
|
|
|
- - "::1/128"
|
|
|
- - "::FFFF:127.0.0.1/128"
|
|
|
-
|
|
|
-###. ============
|
|
|
-###' SHAPER RULES
|
|
|
-
|
|
|
-shaper_rules:
|
|
|
- max_user_sessions: 10
|
|
|
- max_user_offline_messages:
|
|
|
- - 5000: admin
|
|
|
- - 500
|
|
|
- c2s_shaper:
|
|
|
- - none: admin
|
|
|
- - normal
|
|
|
- s2s_shaper: fast
|
|
|
-
|
|
|
-###. ============
|
|
|
-###' ACCESS RULES
|
|
|
-
|
|
|
-access_rules:
|
|
|
- local:
|
|
|
- - allow: local
|
|
|
- c2s:
|
|
|
- - deny: blocked
|
|
|
- - allow
|
|
|
- announce:
|
|
|
- - allow: admin
|
|
|
- configure:
|
|
|
- - allow: admin
|
|
|
- muc_create:
|
|
|
- - allow: local
|
|
|
- pubsub_createnode:
|
|
|
- - allow: local
|
|
|
- register:
|
|
|
- - allow
|
|
|
- trusted_network:
|
|
|
- - allow: local
|
|
|
-
|
|
|
-## ===============
|
|
|
-## API PERMISSIONS
|
|
|
-## ===============
|
|
|
-
|
|
|
-api_permissions:
|
|
|
- "console commands":
|
|
|
- from:
|
|
|
- - ejabberd_ctl
|
|
|
- who: all
|
|
|
- what: "*"
|
|
|
- "admin access":
|
|
|
- who:
|
|
|
- - access:
|
|
|
- - allow:
|
|
|
- - acl: loopback
|
|
|
- - acl: admin
|
|
|
- - oauth:
|
|
|
- - scope: "ejabberd:admin"
|
|
|
- - access:
|
|
|
- - allow:
|
|
|
- - acl: loopback
|
|
|
- - acl: admin
|
|
|
- what:
|
|
|
- - "*"
|
|
|
- - "!stop"
|
|
|
- - "!start"
|
|
|
- "public commands":
|
|
|
- who:
|
|
|
- - ip: "127.0.0.1/8"
|
|
|
- what:
|
|
|
- - "status"
|
|
|
- - "connected_users_number"
|
|
|
-
|
|
|
-###. ================
|
|
|
-###' DEFAULT LANGUAGE
|
|
|
-
|
|
|
-language: "en"
|
|
|
-
|
|
|
-###. =======
|
|
|
-###' CAPTCHA
|
|
|
-
|
|
|
-captcha_cmd: "/usr/share/ejabberd/captcha.sh"
|
|
|
-captcha_limit: 5
|
|
|
-
|
|
|
-###. ====
|
|
|
-###' ACME
|
|
|
-
|
|
|
-acme:
|
|
|
- contact: "mailto:example-admin@example.com"
|
|
|
- ca_url: "https://acme-v01.api.letsencrypt.org"
|
|
|
-
|
|
|
-###. =======
|
|
|
-###' MODULES
|
|
|
-
|
|
|
-modules:
|
|
|
- mod_adhoc: {}
|
|
|
- mod_admin_extra: {}
|
|
|
- mod_announce:
|
|
|
- access: announce
|
|
|
- mod_block_strangers: {}
|
|
|
- mod_blocking: {}
|
|
|
- mod_caps: {}
|
|
|
- mod_carboncopy: {}
|
|
|
- mod_client_state: {}
|
|
|
- mod_configure: {}
|
|
|
- ## mod_delegation: {}
|
|
|
- mod_disco:
|
|
|
- server_info:
|
|
|
- -
|
|
|
- modules: all
|
|
|
- name: "abuse-addresses"
|
|
|
- urls:
|
|
|
- - "mailto:admin@kuketz-lab.de"
|
|
|
- -
|
|
|
- modules: all
|
|
|
- name: "support-addresses"
|
|
|
- urls:
|
|
|
- - "mailto:admin@kuketz-lab.de"
|
|
|
- -
|
|
|
- modules: all
|
|
|
- name: "admin-addresses"
|
|
|
- urls:
|
|
|
- - "mailto:admin@kuketz-lab.de"
|
|
|
- ## mod_echo: {}
|
|
|
- ## mod_bosh: {}
|
|
|
- ## mod_http_fileserver:
|
|
|
- mod_http_upload:
|
|
|
- put_url: "https://@HOST@:5443/upload"
|
|
|
- docroot: "@HOME@/upload"
|
|
|
- secret_length: 40
|
|
|
- mod_http_upload_quota:
|
|
|
- max_days: 30
|
|
|
- ## mod_last: {}
|
|
|
- mod_mam:
|
|
|
- assume_mam_usage: true
|
|
|
- default: always
|
|
|
- request_activates_archiving: true
|
|
|
- mod_muc:
|
|
|
- access:
|
|
|
- - allow
|
|
|
- access_admin:
|
|
|
- - allow: admin
|
|
|
- access_create: muc_create
|
|
|
- access_persistent: muc_create
|
|
|
- default_room_options:
|
|
|
- mam: true
|
|
|
- persistent: true
|
|
|
- public: false
|
|
|
- public_list: false
|
|
|
- mod_muc_admin: {}
|
|
|
- ## mod_muc_log: {}
|
|
|
- ## mod_multicast: {}
|
|
|
- mod_offline:
|
|
|
- access_max_user_messages: max_user_offline_messages
|
|
|
- mod_ping: {}
|
|
|
- mod_pres_counter:
|
|
|
- count: 16
|
|
|
- interval: 60
|
|
|
- mod_privacy: {}
|
|
|
- mod_private: {}
|
|
|
- mod_proxy65:
|
|
|
- max_connections: 5
|
|
|
- mod_pubsub:
|
|
|
- access_createnode: pubsub_createnode
|
|
|
- ignore_pep_from_offline: true
|
|
|
- last_item_cache: false
|
|
|
- plugins:
|
|
|
- - "flat"
|
|
|
- - "pep"
|
|
|
- force_node_config:
|
|
|
- "eu.siacs.conversations.axolotl.*":
|
|
|
- access_model: open
|
|
|
- "storage:bookmarks":
|
|
|
- access_model: whitelist
|
|
|
- mod_push: {}
|
|
|
- mod_push_keepalive: {}
|
|
|
- mod_register:
|
|
|
- captcha_protected: true
|
|
|
- password_strength: 64
|
|
|
- ip_access: all
|
|
|
- access: register
|
|
|
- mod_roster:
|
|
|
- versioning: true
|
|
|
- mod_shared_roster: {}
|
|
|
- mod_sic: {}
|
|
|
- mod_stats: {}
|
|
|
- mod_time: {}
|
|
|
- mod_vcard:
|
|
|
- search: false
|
|
|
- mod_vcard_xupdate: {}
|
|
|
- mod_avatar: {}
|
|
|
- mod_version:
|
|
|
- show_os: false
|
|
|
- mod_stream_mgmt:
|
|
|
- resend_on_timeout: if_offline
|
|
|
- mod_s2s_dialback: {}
|
|
|
- ## mod_http_api: {}
|
|
|
- mod_fail2ban: {}
|
|
|
-
|
|
|
-allow_contrib_modules: true
|