|
|
@@ -0,0 +1,330 @@
|
|
|
+###
|
|
|
+###' ejabberd configuration file
|
|
|
+###
|
|
|
+###
|
|
|
+
|
|
|
+### The parameters used in this configuration file are explained in more detail
|
|
|
+### in the ejabberd Installation and Operation Guide.
|
|
|
+### Please consult the Guide in case of doubts, it is included with
|
|
|
+### your copy of ejabberd, and is also available online at
|
|
|
+### https://docs.ejabberd.im/
|
|
|
+---
|
|
|
+###. =======
|
|
|
+###' LOGGING
|
|
|
+
|
|
|
+loglevel: 3
|
|
|
+hide_sensitive_log_data: true
|
|
|
+
|
|
|
+log_rotate_size: 0
|
|
|
+log_rotate_date: ""
|
|
|
+
|
|
|
+log_rate_limit: 100
|
|
|
+
|
|
|
+###. ================
|
|
|
+###' SERVED HOSTNAMES
|
|
|
+
|
|
|
+hosts:
|
|
|
+ - "kuketz-lab.de"
|
|
|
+
|
|
|
+###. ============
|
|
|
+###' Certificates
|
|
|
+
|
|
|
+certfiles:
|
|
|
+ - "/etc/ejabberd/certs/kuketz-lab.pem"
|
|
|
+ - "/etc/ejabberd/certs/kuketz-lab.key"
|
|
|
+
|
|
|
+###. =================
|
|
|
+###' TLS configuration
|
|
|
+
|
|
|
+define_macro:
|
|
|
+ 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
|
|
+ 'TLS_OPTIONS':
|
|
|
+ - "no_sslv3"
|
|
|
+ - "no_tlsv1"
|
|
|
+ - "no_tlsv1_1"
|
|
|
+ - "cipher_server_preference"
|
|
|
+ - "no_compression"
|
|
|
+
|
|
|
+c2s_ciphers: 'TLS_CIPHERS'
|
|
|
+s2s_ciphers: 'TLS_CIPHERS'
|
|
|
+c2s_protocol_options: 'TLS_OPTIONS'
|
|
|
+s2s_protocol_options: 'TLS_OPTIONS'
|
|
|
+
|
|
|
+###. ===============
|
|
|
+###' LISTENING PORTS
|
|
|
+
|
|
|
+listen:
|
|
|
+ -
|
|
|
+ port: 5222
|
|
|
+ ip: "::"
|
|
|
+ module: ejabberd_c2s
|
|
|
+ starttls_required: true
|
|
|
+ max_stanza_size: 65536
|
|
|
+ shaper: c2s_shaper
|
|
|
+ access: c2s
|
|
|
+ -
|
|
|
+ port: 5223
|
|
|
+ ip: "::"
|
|
|
+ module: ejabberd_c2s
|
|
|
+ tls: true
|
|
|
+ max_stanza_size: 65536
|
|
|
+ shaper: c2s_shaper
|
|
|
+ access: c2s
|
|
|
+ -
|
|
|
+ port: 5269
|
|
|
+ ip: "::"
|
|
|
+ module: ejabberd_s2s_in
|
|
|
+ -
|
|
|
+ port: 5270
|
|
|
+ ip: "::"
|
|
|
+ module: ejabberd_s2s_in
|
|
|
+ tls: true
|
|
|
+ -
|
|
|
+ port: 5443
|
|
|
+ ip: "::"
|
|
|
+ module: ejabberd_http
|
|
|
+ request_handlers:
|
|
|
+ "/upload": mod_http_upload
|
|
|
+ tls: true
|
|
|
+ ciphers: 'TLS_CIPHERS'
|
|
|
+ protocol_options: 'TLS_OPTIONS'
|
|
|
+
|
|
|
+disable_sasl_mechanisms:
|
|
|
+ - "digest-md5"
|
|
|
+ - "x-oauth2"
|
|
|
+
|
|
|
+###. ==================
|
|
|
+###' S2S GLOBAL OPTIONS
|
|
|
+
|
|
|
+s2s_use_starttls: required
|
|
|
+
|
|
|
+###. ==============
|
|
|
+###' AUTHENTICATION
|
|
|
+
|
|
|
+auth_method: internal
|
|
|
+auth_password_format: scram
|
|
|
+
|
|
|
+###. ==============
|
|
|
+###' DATABASE SETUP
|
|
|
+
|
|
|
+###. ===============
|
|
|
+###' TRAFFIC SHAPERS
|
|
|
+
|
|
|
+shaper:
|
|
|
+ normal: 1000
|
|
|
+ fast: 50000
|
|
|
+
|
|
|
+max_fsm_queue: 10000
|
|
|
+
|
|
|
+###. ====================
|
|
|
+###' ACCESS CONTROL LISTS
|
|
|
+
|
|
|
+acl:
|
|
|
+ admin:
|
|
|
+ user:
|
|
|
+ - "admin": "kuketz-lab.de"
|
|
|
+
|
|
|
+ local:
|
|
|
+ user_regexp: ""
|
|
|
+
|
|
|
+ loopback:
|
|
|
+ ip:
|
|
|
+ - "127.0.0.0/8"
|
|
|
+ - "::1/128"
|
|
|
+ - "::FFFF:127.0.0.1/128"
|
|
|
+
|
|
|
+###. ============
|
|
|
+###' SHAPER RULES
|
|
|
+
|
|
|
+shaper_rules:
|
|
|
+ max_user_sessions: 10
|
|
|
+ max_user_offline_messages:
|
|
|
+ - 5000: admin
|
|
|
+ - 500
|
|
|
+ c2s_shaper:
|
|
|
+ - none: admin
|
|
|
+ - normal
|
|
|
+ s2s_shaper: fast
|
|
|
+
|
|
|
+###. ============
|
|
|
+###' ACCESS RULES
|
|
|
+
|
|
|
+access_rules:
|
|
|
+ local:
|
|
|
+ - allow: local
|
|
|
+ c2s:
|
|
|
+ - deny: blocked
|
|
|
+ - allow
|
|
|
+ announce:
|
|
|
+ - allow: admin
|
|
|
+ configure:
|
|
|
+ - allow: admin
|
|
|
+ muc_create:
|
|
|
+ - allow: local
|
|
|
+ pubsub_createnode:
|
|
|
+ - allow: local
|
|
|
+ register:
|
|
|
+ - allow
|
|
|
+ trusted_network:
|
|
|
+ - allow: local
|
|
|
+
|
|
|
+## ===============
|
|
|
+## API PERMISSIONS
|
|
|
+## ===============
|
|
|
+
|
|
|
+api_permissions:
|
|
|
+ "console commands":
|
|
|
+ from:
|
|
|
+ - ejabberd_ctl
|
|
|
+ who: all
|
|
|
+ what: "*"
|
|
|
+ "admin access":
|
|
|
+ who:
|
|
|
+ - access:
|
|
|
+ - allow:
|
|
|
+ - acl: loopback
|
|
|
+ - acl: admin
|
|
|
+ - oauth:
|
|
|
+ - scope: "ejabberd:admin"
|
|
|
+ - access:
|
|
|
+ - allow:
|
|
|
+ - acl: loopback
|
|
|
+ - acl: admin
|
|
|
+ what:
|
|
|
+ - "*"
|
|
|
+ - "!stop"
|
|
|
+ - "!start"
|
|
|
+ "public commands":
|
|
|
+ who:
|
|
|
+ - ip: "127.0.0.1/8"
|
|
|
+ what:
|
|
|
+ - "status"
|
|
|
+ - "connected_users_number"
|
|
|
+
|
|
|
+###. ================
|
|
|
+###' DEFAULT LANGUAGE
|
|
|
+
|
|
|
+language: "en"
|
|
|
+
|
|
|
+###. =======
|
|
|
+###' CAPTCHA
|
|
|
+
|
|
|
+captcha_cmd: "/usr/share/ejabberd/captcha.sh"
|
|
|
+captcha_limit: 5
|
|
|
+
|
|
|
+###. ====
|
|
|
+###' ACME
|
|
|
+
|
|
|
+acme:
|
|
|
+ contact: "mailto:example-admin@example.com"
|
|
|
+ ca_url: "https://acme-v01.api.letsencrypt.org"
|
|
|
+
|
|
|
+###. =======
|
|
|
+###' MODULES
|
|
|
+
|
|
|
+modules:
|
|
|
+ mod_adhoc: {}
|
|
|
+ mod_admin_extra: {}
|
|
|
+ mod_announce:
|
|
|
+ access: announce
|
|
|
+ mod_block_strangers: {}
|
|
|
+ mod_blocking: {}
|
|
|
+ mod_caps: {}
|
|
|
+ mod_carboncopy: {}
|
|
|
+ mod_client_state: {}
|
|
|
+ mod_configure: {}
|
|
|
+ ## mod_delegation: {}
|
|
|
+ mod_disco:
|
|
|
+ server_info:
|
|
|
+ -
|
|
|
+ modules: all
|
|
|
+ name: "abuse-addresses"
|
|
|
+ urls:
|
|
|
+ - "mailto:admin@kuketz-lab.de"
|
|
|
+ -
|
|
|
+ modules: all
|
|
|
+ name: "support-addresses"
|
|
|
+ urls:
|
|
|
+ - "mailto:admin@kuketz-lab.de"
|
|
|
+ -
|
|
|
+ modules: all
|
|
|
+ name: "admin-addresses"
|
|
|
+ urls:
|
|
|
+ - "mailto:admin@kuketz-lab.de"
|
|
|
+ ## mod_echo: {}
|
|
|
+ ## mod_bosh: {}
|
|
|
+ ## mod_http_fileserver:
|
|
|
+ mod_http_upload:
|
|
|
+ put_url: "https://@HOST@:5443/upload"
|
|
|
+ docroot: "@HOME@/upload"
|
|
|
+ secret_length: 40
|
|
|
+ mod_http_upload_quota:
|
|
|
+ max_days: 30
|
|
|
+ ## mod_last: {}
|
|
|
+ mod_mam:
|
|
|
+ assume_mam_usage: true
|
|
|
+ default: always
|
|
|
+ request_activates_archiving: true
|
|
|
+ mod_muc:
|
|
|
+ access:
|
|
|
+ - allow
|
|
|
+ access_admin:
|
|
|
+ - allow: admin
|
|
|
+ access_create: muc_create
|
|
|
+ access_persistent: muc_create
|
|
|
+ default_room_options:
|
|
|
+ mam: true
|
|
|
+ persistent: true
|
|
|
+ public: false
|
|
|
+ public_list: false
|
|
|
+ mod_muc_admin: {}
|
|
|
+ ## mod_muc_log: {}
|
|
|
+ ## mod_multicast: {}
|
|
|
+ mod_offline:
|
|
|
+ access_max_user_messages: max_user_offline_messages
|
|
|
+ mod_ping: {}
|
|
|
+ mod_pres_counter:
|
|
|
+ count: 16
|
|
|
+ interval: 60
|
|
|
+ mod_privacy: {}
|
|
|
+ mod_private: {}
|
|
|
+ mod_proxy65:
|
|
|
+ max_connections: 5
|
|
|
+ mod_pubsub:
|
|
|
+ access_createnode: pubsub_createnode
|
|
|
+ ignore_pep_from_offline: true
|
|
|
+ last_item_cache: false
|
|
|
+ plugins:
|
|
|
+ - "flat"
|
|
|
+ - "pep"
|
|
|
+ force_node_config:
|
|
|
+ "eu.siacs.conversations.axolotl.*":
|
|
|
+ access_model: open
|
|
|
+ "storage:bookmarks":
|
|
|
+ access_model: whitelist
|
|
|
+ mod_push: {}
|
|
|
+ mod_push_keepalive: {}
|
|
|
+ mod_register:
|
|
|
+ captcha_protected: true
|
|
|
+ password_strength: 64
|
|
|
+ ip_access: all
|
|
|
+ access: register
|
|
|
+ mod_roster:
|
|
|
+ versioning: true
|
|
|
+ mod_shared_roster: {}
|
|
|
+ mod_sic: {}
|
|
|
+ mod_stats: {}
|
|
|
+ mod_time: {}
|
|
|
+ mod_vcard:
|
|
|
+ search: false
|
|
|
+ mod_vcard_xupdate: {}
|
|
|
+ mod_avatar: {}
|
|
|
+ mod_version:
|
|
|
+ show_os: false
|
|
|
+ mod_stream_mgmt:
|
|
|
+ resend_on_timeout: if_offline
|
|
|
+ mod_s2s_dialback: {}
|
|
|
+ ## mod_http_api: {}
|
|
|
+ mod_fail2ban: {}
|
|
|
+
|
|
|
+allow_contrib_modules: true
|
Dominik