123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286 |
- ###
- ### ejabberd configuration file
- ###
- ### The parameters used in this configuration file are explained at
- ###
- ### https://docs.ejabberd.im/admin/configuration
- ###
- ### The configuration file is written in YAML.
- ### *******************************************************
- ### ******* !!! WARNING !!! *******
- ### ******* YAML IS INDENTATION SENSITIVE *******
- ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
- ### *******************************************************
- ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
- ###
- hosts:
- - localhost
- loglevel: 4
- log_rotate_size: 10485760
- log_rotate_date: ""
- log_rotate_count: 1
- log_rate_limit: 100
- certfiles:
- - /home/ejabberd/conf/server.pem
- ca_file: "/home/ejabberd/conf/cacert.pem"
- ## When using let's encrypt to generate certificates
- ##certfiles:
- ## - /etc/letsencrypt/live/localhost/fullchain.pem
- ## - /etc/letsencrypt/live/localhost/privkey.pem
- ##
- ##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem"
- listen:
- -
- port: 5222
- ip: "::"
- module: ejabberd_c2s
- max_stanza_size: 262144
- shaper: c2s_shaper
- access: c2s
- starttls_required: true
- -
- port: 5269
- ip: "::"
- module: ejabberd_s2s_in
- max_stanza_size: 524288
- -
- port: 5443
- ip: "::"
- module: ejabberd_http
- tls: true
- request_handlers:
- "/admin": ejabberd_web_admin
- "/api": mod_http_api
- "/bosh": mod_bosh
- "/captcha": ejabberd_captcha
- "/upload": mod_http_upload
- "/ws": ejabberd_http_ws
- "/oauth": ejabberd_oauth
- -
- port: 5280
- ip: "::"
- module: ejabberd_http
- request_handlers:
- "/admin": ejabberd_web_admin
- -
- port: 1883
- ip: "::"
- module: mod_mqtt
- backlog: 1000
- ##
- ## https://docs.ejabberd.im/admin/configuration/#stun-and-turn
- ## ejabberd_stun: Handles STUN Binding requests
- ##
- ##-
- ## port: 3478
- ## ip: "0.0.0.0"
- ## transport: udp
- ## module: ejabberd_stun
- ## use_turn: true
- ## turn_ip: "{{ IP }}"
- ## auth_type: user
- ## auth_realm: "example.com"
- ##-
- ## port: 3478
- ## ip: "0.0.0.0"
- ## module: ejabberd_stun
- ## use_turn: true
- ## turn_ip: "{{ IP }}"
- ## auth_type: user
- ## auth_realm: "example.com"
- ##-
- ## port: 5349
- ## ip: "0.0.0.0"
- ## module: ejabberd_stun
- ## certfile: "/home/ejabberd/conf/server.pem"
- ## tls: true
- ## use_turn: true
- ## turn_ip: "{{ IP }}"
- ## auth_type: user
- ## auth_realm: "example.com"
- ##
- ## https://docs.ejabberd.im/admin/configuration/#sip
- ## To handle SIP (VOIP) requests:
- ##
- ##-
- ## port: 5060
- ## ip: "0.0.0.0"
- ## transport: udp
- ## module: ejabberd_sip
- ##-
- ## port: 5060
- ## ip: "0.0.0.0"
- ## module: ejabberd_sip
- ##-
- ## port: 5061
- ## ip: "0.0.0.0"
- ## module: ejabberd_sip
- ## tls: true
- s2s_use_starttls: optional
- acl:
- local:
- user_regexp: ""
- loopback:
- ip:
- - 127.0.0.0/8
- - ::1/128
- - ::FFFF:127.0.0.1/128
- admin:
- user:
- - "admin@localhost"
- access_rules:
- local:
- allow: local
- c2s:
- deny: blocked
- allow: all
- announce:
- allow: admin
- configure:
- allow: admin
- muc_create:
- allow: local
- pubsub_createnode:
- allow: local
- trusted_network:
- allow: loopback
- api_permissions:
- "console commands":
- from:
- - ejabberd_ctl
- who: all
- what: "*"
- "admin access":
- who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
- what:
- - "*"
- - "!stop"
- - "!start"
- "public commands":
- who:
- ip: 127.0.0.1/8
- what:
- - status
- - connected_users_number
- shaper:
- normal: 1000
- fast: 50000
- shaper_rules:
- max_user_sessions: 10
- max_user_offline_messages:
- 5000: admin
- 100: all
- c2s_shaper:
- none: admin
- normal: all
- s2s_shaper: fast
- max_fsm_queue: 10000
- acme:
- contact: "mailto:example-admin@example.com"
- ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"
- modules:
- mod_adhoc: {}
- mod_admin_extra: {}
- mod_announce:
- access: announce
- mod_avatar: {}
- mod_blocking: {}
- mod_bosh: {}
- mod_caps: {}
- mod_carboncopy: {}
- mod_client_state: {}
- mod_configure: {}
- mod_disco: {}
- mod_fail2ban: {}
- mod_http_api: {}
- mod_http_upload:
- put_url: https://@HOST@:5443/upload
- mod_last: {}
- mod_mam:
- ## Mnesia is limited to 2GB, better to use an SQL backend
- ## For small servers SQLite is a good fit and is very easy
- ## to configure. Uncomment this when you have SQL configured:
- ## db_type: sql
- assume_mam_usage: true
- default: never
- mod_mqtt: {}
- mod_muc:
- access:
- - allow
- access_admin:
- - allow: admin
- access_create: muc_create
- access_persistent: muc_create
- access_mam:
- - allow
- default_room_options:
- allow_subscription: true # enable MucSub
- mam: false
- mod_muc_admin: {}
- mod_offline:
- access_max_user_messages: max_user_offline_messages
- mod_ping: {}
- mod_privacy: {}
- mod_private: {}
- mod_proxy65:
- access: local
- max_connections: 5
- mod_pubsub:
- access_createnode: pubsub_createnode
- plugins:
- - flat
- - pep
- force_node_config:
- ## Avoid buggy clients to make their bookmarks public
- storage:bookmarks:
- access_model: whitelist
- mod_push: {}
- mod_push_keepalive: {}
- mod_register:
- ## Only accept registration requests from the "trusted"
- ## network (see access_rules section above).
- ## Think twice before enabling registration from any
- ## address. See the Jabber SPAM Manifesto for details:
- ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
- ip_access: trusted_network
- mod_roster:
- versioning: true
- mod_sip: {}
- mod_s2s_dialback: {}
- mod_shared_roster: {}
- mod_stream_mgmt:
- resend_on_timeout: if_offline
- mod_vcard: {}
- mod_vcard_xupdate: {}
- mod_version:
- show_os: false
- ### Local Variables:
- ### mode: yaml
- ### End:
- ### vim: set filetype=yaml tabstop=8
|