cleaned

EXTRAS/example-configurations/conf.d/30-tls.yml

@@ -0,0 +1,15 @@
+# only allow tls1.2 and tls1.3
+protocol_options
+  - "no_sslv2"
+  - "no_sslv3"
+  - "no_tlsv1"
+  - "no_tlsv1_1"
+  - "no_compression"
+
+ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256"
+
+
+certfiles:
+  - /etc/ssl/ejabberd/fullchain.pem
+  - /etc/ssl/ejabberd/key.pem
+

EXTRAS/example-configurations/ejabberd-updated.yml

@@ -5,32 +5,17 @@
 ###
 ###       https://docs.ejabberd.im/admin/configuration
 ###
-### The configuration file is written in YAML.
-### *******************************************************
-### *******           !!! WARNING !!!               *******
-### *******     YAML IS INDENTATION SENSITIVE       *******
-### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
-### *******************************************************
-### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
-###
 
 include_config_file:
   - /home/ejabberd/conf/conf.d/10-macros.yml
   - /home/ejabberd/conf/conf.d/15-log.yml
   - /home/ejabberd/conf/conf.d/20-hosts.yml
+  - /home/ejabberd/conf/conf.d/30-tls.yml
   - /home/ejabberd/conf/conf.d/50-stun-turn.yml
 
-certfiles:
-#  - /home/ejabberd/conf/server.pem
-  - /etc/ssl/ejabberd/*.pem
-
-#ca_file: "/home/ejabberd/conf/cacert.pem"
-
-
 listen:
   -
     port: 5222
-    ip: "::"
     module: ejabberd_c2s
     max_stanza_size: 262144
     shaper: c2s_shaper
@@ -38,7 +23,6 @@ listen:
     starttls_required: true
   -
     port: 5269
-    ip: "::"
     module: ejabberd_s2s_in
     max_stanza_size: 524288
   -
@@ -47,79 +31,20 @@ listen:
     module: ejabberd_http
     tls: true
     request_handlers:
-      "/admin": ejabberd_web_admin
-      "/api": mod_http_api
+#      "/admin": ejabberd_web_admin
+#      "/api": mod_http_api
       "/bosh": mod_bosh
-      "/captcha": ejabberd_captcha
+#      "/captcha": ejabberd_captcha
       "/upload": mod_http_upload
       "/ws": ejabberd_http_ws
-      "/oauth": ejabberd_oauth
+#      "/oauth": ejabberd_oauth
   -
     port: 5280
     ip: "::"
     module: ejabberd_http
     request_handlers:
       "/admin": ejabberd_web_admin
-  -
-    module: ejabberd_http
-    port: 8080 
-    tls: false
-    request_handlers:
-      /.well-known/acme-challenge: ejabberd_acme
-#  -
-#    port: 1883
-#    ip: "::"
-#    module: mod_mqtt
-#    backlog: 1000
-  ##
-  ## https://docs.ejabberd.im/admin/configuration/#stun-and-turn
-  ## ejabberd_stun: Handles STUN Binding requests
-  ##
-  ##-
-  ##  port: 3478
-  ##  ip: "0.0.0.0"
-  ##  transport: udp
-  ##  module: ejabberd_stun
-  ##  use_turn: true
-  ##  turn_ip: "{{ IP }}"
-  ##  auth_type: user
-  ##  auth_realm: "example.com"
-  ##-
-  ##  port: 3478
-  ##  ip: "0.0.0.0"
-  ##  module: ejabberd_stun
-  ##  use_turn: true
-  ##  turn_ip: "{{ IP }}"
-  ##  auth_type: user
-  ##  auth_realm: "example.com"
-  ##- 
-  ##  port: 5349
-  ##  ip: "0.0.0.0"
-  ##  module: ejabberd_stun
-  ##  certfile: "/home/ejabberd/conf/server.pem"
-  ##  tls: true
-  ##  use_turn: true
-  ##  turn_ip: "{{ IP }}"
-  ##  auth_type: user
-  ##  auth_realm: "example.com"
-  ##
-  ## https://docs.ejabberd.im/admin/configuration/#sip
-  ## To handle SIP (VOIP) requests:
-  ##
-  ##-
-  ##  port: 5060
-  ##  ip: "0.0.0.0"
-  ##  transport: udp
-  ##  module: ejabberd_sip
-  ##-
-  ##  port: 5060
-  ##  ip: "0.0.0.0"
-  ##  module: ejabberd_sip
-  ##-
-  ##  port: 5061
-  ##  ip: "0.0.0.0"
-  ##  module: ejabberd_sip
-  ##  tls: true
+ 
 
 s2s_use_starttls: optional
 
@@ -152,35 +77,6 @@ access_rules:
   trusted_network:
     allow: loopback
 
-api_permissions:
-  "console commands":
-    from:
-      - ejabberd_ctl
-    who: all
-    what: "*"
-  "admin access":
-    who:
-      access:
-        allow:
-          acl: loopback
-          acl: admin
-      oauth:
-        scope: "ejabberd:admin"
-        access:
-          allow:
-            acl: loopback
-            acl: admin
-    what:
-      - "*"
-      - "!stop"
-      - "!start"
-  "public commands":
-    who:
-      ip: 127.0.0.1/8
-    what:
-      - status
-      - connected_users_number
-
 shaper:
   normal:
     rate: 3000
@@ -198,14 +94,9 @@ shaper_rules:
   s2s_shaper: fast
 
 
-acme:
-   contact: "mailto:dcs-acme-vc.s-up.net@s-up.org"
-#   ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"
-   ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"
-
 modules:
   mod_adhoc: {}
-  mod_admin_extra: {}
+#  mod_admin_extra: {}
   mod_announce:
     access: announce
   mod_avatar: {}
@@ -228,7 +119,7 @@ modules:
     ## db_type: sql
     assume_mam_usage: true
     default: never
-  mod_mqtt: {}
+#  mod_mqtt: {}
   mod_muc:
     access:
       - allow
@@ -261,16 +152,9 @@ modules:
         access_model: whitelist
   mod_push: {}
   mod_push_keepalive: {}
-  mod_register:
-    ## Only accept registration requests from the "trusted"
-    ## network (see access_rules section above).
-    ## Think twice before enabling registration from any
-    ## address. See the Jabber SPAM Manifesto for details:
-    ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
-    ip_access: trusted_network
   mod_roster:
     versioning: true
-  mod_sip: {}
+#  mod_sip: {}
   mod_s2s_dialback: {}
   mod_shared_roster: {}
   mod_stream_mgmt: