added reference from kuketz

EXTRAS/example-configurations/README.md

@@ -1,3 +1,18 @@
+
+
+
+# ejabberd configuration
+
+- Reference documentation: https://docs.ejabberd.im/admin/configuration)
+
+- Crowdsourced version with includes
+  - [ejabberd.yml](ejabberd.yml)
+  - [conf.d/](conf.d/)
+
+- Crowd
+  - [ejabberd-blog.yml](ejabberd-blog.yml) from the process-one blog: https://www.process-one.net/blog/ejabberd-xmpp-server-useful-configuration-steps/
+  - [ejabberd-kuketz.yml](ejabberd-kuketz.yml) from the kuketz blog: https://www.kuketz-blog.de/ejabberd-installation-und-betrieb-eines-xmpp-servers/
+
+
 https://raw.githubusercontent.com/processone/ejabberd/master/ejabberd.yml.example
-https://raw.githubusercontent.com/processone/ejabberd-ecs-azure/master/conf/ejabberd_template.yml
-https://www.process-one.net/blog/ejabberd-xmpp-server-useful-configuration-steps/
+https://raw.githubusercontent.com/processone/ejabberd-ecs-azure/master/conf/ejabberd_template.yml

EXTRAS/example-configurations/conf.d/ejabberd-kuketz.yml

@@ -0,0 +1,330 @@
+###
+###'              ejabberd configuration file
+###
+###
+
+### The parameters used in this configuration file are explained in more detail
+### in the ejabberd Installation and Operation Guide.
+### Please consult the Guide in case of doubts, it is included with
+### your copy of ejabberd, and is also available online at
+### https://docs.ejabberd.im/
+---
+###.  =======
+###'  LOGGING
+
+loglevel: 3
+hide_sensitive_log_data: true
+
+log_rotate_size: 0
+log_rotate_date: ""
+
+log_rate_limit: 100
+
+###.  ================
+###'  SERVED HOSTNAMES
+
+hosts:
+  - "kuketz-lab.de"
+
+###.  ============
+###'  Certificates
+
+certfiles:
+  - "/etc/ejabberd/certs/kuketz-lab.pem"
+  - "/etc/ejabberd/certs/kuketz-lab.key"
+
+###.  =================
+###'  TLS configuration
+
+define_macro:
+  'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+  'TLS_OPTIONS':
+    - "no_sslv3"
+    - "no_tlsv1"
+    - "no_tlsv1_1"
+    - "cipher_server_preference"
+    - "no_compression"
+
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+
+###.  ===============
+###'  LISTENING PORTS
+
+listen:
+  -
+    port: 5222
+    ip: "::"
+    module: ejabberd_c2s
+    starttls_required: true
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5223
+    ip: "::"
+    module: ejabberd_c2s
+    tls: true
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5269
+    ip: "::"
+    module: ejabberd_s2s_in
+  -
+    port: 5270
+    ip: "::"
+    module: ejabberd_s2s_in
+    tls: true
+  -
+    port: 5443
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      "/upload": mod_http_upload
+    tls: true
+    ciphers: 'TLS_CIPHERS'
+    protocol_options: 'TLS_OPTIONS'
+
+disable_sasl_mechanisms:
+  - "digest-md5"
+  - "x-oauth2"
+
+###.  ==================
+###'  S2S GLOBAL OPTIONS
+
+s2s_use_starttls: required
+
+###.  ==============
+###'  AUTHENTICATION
+
+auth_method: internal
+auth_password_format: scram
+
+###.  ==============
+###'  DATABASE SETUP
+
+###.  ===============
+###'  TRAFFIC SHAPERS
+
+shaper:
+  normal: 1000
+  fast: 50000
+
+max_fsm_queue: 10000
+
+###.   ====================
+###'   ACCESS CONTROL LISTS
+
+acl:
+  admin:
+     user:
+       - "admin": "kuketz-lab.de"
+
+  local:
+    user_regexp: ""
+
+  loopback:
+    ip:
+      - "127.0.0.0/8"
+      - "::1/128"
+      - "::FFFF:127.0.0.1/128"
+
+###.  ============
+###'  SHAPER RULES
+
+shaper_rules:
+  max_user_sessions: 10
+  max_user_offline_messages:
+    - 5000: admin
+    - 500
+  c2s_shaper:
+    - none: admin
+    - normal
+  s2s_shaper: fast
+
+###.  ============
+###'  ACCESS RULES
+
+access_rules:
+  local:
+    - allow: local
+  c2s:
+    - deny: blocked
+    - allow
+  announce:
+    - allow: admin
+  configure:
+    - allow: admin
+  muc_create:
+    - allow: local
+  pubsub_createnode:
+    - allow: local
+  register:
+    - allow
+  trusted_network:
+    - allow: local
+
+## ===============
+## API PERMISSIONS
+## ===============
+
+api_permissions:
+  "console commands":
+    from:
+      - ejabberd_ctl
+    who: all
+    what: "*"
+  "admin access":
+    who:
+      - access:
+        - allow:
+          - acl: loopback
+          - acl: admin
+      - oauth:
+        - scope: "ejabberd:admin"
+        - access:
+          - allow:
+            - acl: loopback
+            - acl: admin
+    what:
+      - "*"
+      - "!stop"
+      - "!start"
+  "public commands":
+    who:
+      - ip: "127.0.0.1/8"
+    what:
+      - "status"
+      - "connected_users_number"
+
+###.  ================
+###'  DEFAULT LANGUAGE
+
+language: "en"
+
+###.  =======
+###'  CAPTCHA
+
+captcha_cmd: "/usr/share/ejabberd/captcha.sh"
+captcha_limit: 5
+
+###.  ====
+###'  ACME
+
+acme:
+  contact: "mailto:example-admin@example.com"
+  ca_url: "https://acme-v01.api.letsencrypt.org"
+
+###.  =======
+###'  MODULES
+
+modules:
+  mod_adhoc: {}
+  mod_admin_extra: {}
+  mod_announce:   
+    access: announce
+  mod_block_strangers: {}
+  mod_blocking: {}   
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state: {}
+  mod_configure: {}   
+  ## mod_delegation: {}  
+  mod_disco:
+    server_info:
+      -
+        modules: all
+        name: "abuse-addresses"
+        urls:
+          - "mailto:admin@kuketz-lab.de"
+      -
+        modules: all
+        name: "support-addresses"
+        urls:
+          - "mailto:admin@kuketz-lab.de"
+      -
+         modules: all
+         name: "admin-addresses"
+         urls:
+           - "mailto:admin@kuketz-lab.de"
+  ## mod_echo: {}
+  ## mod_bosh: {}
+  ## mod_http_fileserver:
+  mod_http_upload:
+    put_url: "https://@HOST@:5443/upload"
+    docroot: "@HOME@/upload"
+    secret_length: 40
+  mod_http_upload_quota:
+    max_days: 30
+  ## mod_last: {}
+  mod_mam:
+    assume_mam_usage: true
+    default: always
+    request_activates_archiving: true
+  mod_muc:
+    access:
+      - allow
+    access_admin:
+      - allow: admin
+    access_create: muc_create
+    access_persistent: muc_create
+    default_room_options:
+      mam: true
+      persistent: true
+      public: false
+      public_list: false
+  mod_muc_admin: {}
+  ## mod_muc_log: {}
+  ## mod_multicast: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  mod_pres_counter:
+    count: 16
+    interval: 60
+  mod_privacy: {}
+  mod_private: {}
+  mod_proxy65:
+    max_connections: 5
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    ignore_pep_from_offline: true
+    last_item_cache: false
+    plugins:
+      - "flat"
+      - "pep"
+    force_node_config:
+      "eu.siacs.conversations.axolotl.*":
+        access_model: open
+      "storage:bookmarks":
+        access_model: whitelist
+  mod_push: {}
+  mod_push_keepalive: {}
+  mod_register:
+    captcha_protected: true
+    password_strength: 64
+    ip_access: all
+    access: register
+  mod_roster:
+    versioning: true
+  mod_shared_roster: {}
+  mod_sic: {}
+  mod_stats: {}
+  mod_time: {}
+  mod_vcard:
+    search: false
+  mod_vcard_xupdate: {}
+  mod_avatar: {}
+  mod_version:
+    show_os: false
+  mod_stream_mgmt:
+    resend_on_timeout: if_offline
+  mod_s2s_dialback: {}
+  ## mod_http_api: {}
+  mod_fail2ban: {}
+
+allow_contrib_modules: true