### ###' ejabberd configuration file ### ### ### The parameters used in this configuration file are explained in more detail ### in the ejabberd Installation and Operation Guide. ### Please consult the Guide in case of doubts, it is included with ### your copy of ejabberd, and is also available online at ### https://docs.ejabberd.im/ --- ###. ======= ###' LOGGING loglevel: 3 hide_sensitive_log_data: true log_rotate_size: 0 log_rotate_date: "" log_rate_limit: 100 ###. ================ ###' SERVED HOSTNAMES hosts: - "kuketz-lab.de" ###. ============ ###' Certificates certfiles: - "/etc/ejabberd/certs/kuketz-lab.pem" - "/etc/ejabberd/certs/kuketz-lab.key" ###. ================= ###' TLS configuration define_macro: 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" 'TLS_OPTIONS': - "no_sslv3" - "no_tlsv1" - "no_tlsv1_1" - "cipher_server_preference" - "no_compression" c2s_ciphers: 'TLS_CIPHERS' s2s_ciphers: 'TLS_CIPHERS' c2s_protocol_options: 'TLS_OPTIONS' s2s_protocol_options: 'TLS_OPTIONS' ###. =============== ###' LISTENING PORTS listen: - port: 5222 ip: "::" module: ejabberd_c2s starttls_required: true max_stanza_size: 65536 shaper: c2s_shaper access: c2s - port: 5223 ip: "::" module: ejabberd_c2s tls: true max_stanza_size: 65536 shaper: c2s_shaper access: c2s - port: 5269 ip: "::" module: ejabberd_s2s_in - port: 5270 ip: "::" module: ejabberd_s2s_in tls: true - port: 5443 ip: "::" module: ejabberd_http request_handlers: "/upload": mod_http_upload tls: true ciphers: 'TLS_CIPHERS' protocol_options: 'TLS_OPTIONS' disable_sasl_mechanisms: - "digest-md5" - "x-oauth2" ###. ================== ###' S2S GLOBAL OPTIONS s2s_use_starttls: required ###. ============== ###' AUTHENTICATION auth_method: internal auth_password_format: scram ###. ============== ###' DATABASE SETUP ###. =============== ###' TRAFFIC SHAPERS shaper: normal: 1000 fast: 50000 max_fsm_queue: 10000 ###. ==================== ###' ACCESS CONTROL LISTS acl: admin: user: - "admin": "kuketz-lab.de" local: user_regexp: "" loopback: ip: - "127.0.0.0/8" - "::1/128" - "::FFFF:127.0.0.1/128" ###. ============ ###' SHAPER RULES shaper_rules: max_user_sessions: 10 max_user_offline_messages: - 5000: admin - 500 c2s_shaper: - none: admin - normal s2s_shaper: fast ###. ============ ###' ACCESS RULES access_rules: local: - allow: local c2s: - deny: blocked - allow announce: - allow: admin configure: - allow: admin muc_create: - allow: local pubsub_createnode: - allow: local register: - allow trusted_network: - allow: local ## =============== ## API PERMISSIONS ## =============== api_permissions: "console commands": from: - ejabberd_ctl who: all what: "*" "admin access": who: - access: - allow: - acl: loopback - acl: admin - oauth: - scope: "ejabberd:admin" - access: - allow: - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: - ip: "127.0.0.1/8" what: - "status" - "connected_users_number" ###. ================ ###' DEFAULT LANGUAGE language: "en" ###. ======= ###' CAPTCHA captcha_cmd: "/usr/share/ejabberd/captcha.sh" captcha_limit: 5 ###. ==== ###' ACME acme: contact: "mailto:example-admin@example.com" ca_url: "https://acme-v01.api.letsencrypt.org" ###. ======= ###' MODULES modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_block_strangers: {} mod_blocking: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} ## mod_delegation: {} mod_disco: server_info: - modules: all name: "abuse-addresses" urls: - "mailto:admin@kuketz-lab.de" - modules: all name: "support-addresses" urls: - "mailto:admin@kuketz-lab.de" - modules: all name: "admin-addresses" urls: - "mailto:admin@kuketz-lab.de" ## mod_echo: {} ## mod_bosh: {} ## mod_http_fileserver: mod_http_upload: put_url: "https://@HOST@:5443/upload" docroot: "@HOME@/upload" secret_length: 40 mod_http_upload_quota: max_days: 30 ## mod_last: {} mod_mam: assume_mam_usage: true default: always request_activates_archiving: true mod_muc: access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create default_room_options: mam: true persistent: true public: false public_list: false mod_muc_admin: {} ## mod_muc_log: {} ## mod_multicast: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_pres_counter: count: 16 interval: 60 mod_privacy: {} mod_private: {} mod_proxy65: max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode ignore_pep_from_offline: true last_item_cache: false plugins: - "flat" - "pep" force_node_config: "eu.siacs.conversations.axolotl.*": access_model: open "storage:bookmarks": access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: captcha_protected: true password_strength: 64 ip_access: all access: register mod_roster: versioning: true mod_shared_roster: {} mod_sic: {} mod_stats: {} mod_time: {} mod_vcard: search: false mod_vcard_xupdate: {} mod_avatar: {} mod_version: show_os: false mod_stream_mgmt: resend_on_timeout: if_offline mod_s2s_dialback: {} ## mod_http_api: {} mod_fail2ban: {} allow_contrib_modules: true