ejabberd.yml.vanilla_21.12_2022-04-07 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286
  1. ###
  2. ### ejabberd configuration file
  3. ###
  4. ### The parameters used in this configuration file are explained at
  5. ###
  6. ### https://docs.ejabberd.im/admin/configuration
  7. ###
  8. ### The configuration file is written in YAML.
  9. ### *******************************************************
  10. ### ******* !!! WARNING !!! *******
  11. ### ******* YAML IS INDENTATION SENSITIVE *******
  12. ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
  13. ### *******************************************************
  14. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  15. ###
  16. hosts:
  17. - localhost
  18. loglevel: 4
  19. log_rotate_size: 10485760
  20. log_rotate_date: ""
  21. log_rotate_count: 1
  22. log_rate_limit: 100
  23. certfiles:
  24. - /home/ejabberd/conf/server.pem
  25. ca_file: "/home/ejabberd/conf/cacert.pem"
  26. ## When using let's encrypt to generate certificates
  27. ##certfiles:
  28. ## - /etc/letsencrypt/live/localhost/fullchain.pem
  29. ## - /etc/letsencrypt/live/localhost/privkey.pem
  30. ##
  31. ##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem"
  32. listen:
  33. -
  34. port: 5222
  35. ip: "::"
  36. module: ejabberd_c2s
  37. max_stanza_size: 262144
  38. shaper: c2s_shaper
  39. access: c2s
  40. starttls_required: true
  41. -
  42. port: 5269
  43. ip: "::"
  44. module: ejabberd_s2s_in
  45. max_stanza_size: 524288
  46. -
  47. port: 5443
  48. ip: "::"
  49. module: ejabberd_http
  50. tls: true
  51. request_handlers:
  52. "/admin": ejabberd_web_admin
  53. "/api": mod_http_api
  54. "/bosh": mod_bosh
  55. "/captcha": ejabberd_captcha
  56. "/upload": mod_http_upload
  57. "/ws": ejabberd_http_ws
  58. "/oauth": ejabberd_oauth
  59. -
  60. port: 5280
  61. ip: "::"
  62. module: ejabberd_http
  63. request_handlers:
  64. "/admin": ejabberd_web_admin
  65. -
  66. port: 1883
  67. ip: "::"
  68. module: mod_mqtt
  69. backlog: 1000
  70. ##
  71. ## https://docs.ejabberd.im/admin/configuration/#stun-and-turn
  72. ## ejabberd_stun: Handles STUN Binding requests
  73. ##
  74. ##-
  75. ## port: 3478
  76. ## ip: "0.0.0.0"
  77. ## transport: udp
  78. ## module: ejabberd_stun
  79. ## use_turn: true
  80. ## turn_ip: "{{ IP }}"
  81. ## auth_type: user
  82. ## auth_realm: "example.com"
  83. ##-
  84. ## port: 3478
  85. ## ip: "0.0.0.0"
  86. ## module: ejabberd_stun
  87. ## use_turn: true
  88. ## turn_ip: "{{ IP }}"
  89. ## auth_type: user
  90. ## auth_realm: "example.com"
  91. ##-
  92. ## port: 5349
  93. ## ip: "0.0.0.0"
  94. ## module: ejabberd_stun
  95. ## certfile: "/home/ejabberd/conf/server.pem"
  96. ## tls: true
  97. ## use_turn: true
  98. ## turn_ip: "{{ IP }}"
  99. ## auth_type: user
  100. ## auth_realm: "example.com"
  101. ##
  102. ## https://docs.ejabberd.im/admin/configuration/#sip
  103. ## To handle SIP (VOIP) requests:
  104. ##
  105. ##-
  106. ## port: 5060
  107. ## ip: "0.0.0.0"
  108. ## transport: udp
  109. ## module: ejabberd_sip
  110. ##-
  111. ## port: 5060
  112. ## ip: "0.0.0.0"
  113. ## module: ejabberd_sip
  114. ##-
  115. ## port: 5061
  116. ## ip: "0.0.0.0"
  117. ## module: ejabberd_sip
  118. ## tls: true
  119. s2s_use_starttls: optional
  120. acl:
  121. local:
  122. user_regexp: ""
  123. loopback:
  124. ip:
  125. - 127.0.0.0/8
  126. - ::1/128
  127. - ::FFFF:127.0.0.1/128
  128. admin:
  129. user:
  130. - "admin@localhost"
  131. access_rules:
  132. local:
  133. allow: local
  134. c2s:
  135. deny: blocked
  136. allow: all
  137. announce:
  138. allow: admin
  139. configure:
  140. allow: admin
  141. muc_create:
  142. allow: local
  143. pubsub_createnode:
  144. allow: local
  145. trusted_network:
  146. allow: loopback
  147. api_permissions:
  148. "console commands":
  149. from:
  150. - ejabberd_ctl
  151. who: all
  152. what: "*"
  153. "admin access":
  154. who:
  155. access:
  156. allow:
  157. acl: loopback
  158. acl: admin
  159. oauth:
  160. scope: "ejabberd:admin"
  161. access:
  162. allow:
  163. acl: loopback
  164. acl: admin
  165. what:
  166. - "*"
  167. - "!stop"
  168. - "!start"
  169. "public commands":
  170. who:
  171. ip: 127.0.0.1/8
  172. what:
  173. - status
  174. - connected_users_number
  175. shaper:
  176. normal: 1000
  177. fast: 50000
  178. shaper_rules:
  179. max_user_sessions: 10
  180. max_user_offline_messages:
  181. 5000: admin
  182. 100: all
  183. c2s_shaper:
  184. none: admin
  185. normal: all
  186. s2s_shaper: fast
  187. max_fsm_queue: 10000
  188. acme:
  189. contact: "mailto:example-admin@example.com"
  190. ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"
  191. modules:
  192. mod_adhoc: {}
  193. mod_admin_extra: {}
  194. mod_announce:
  195. access: announce
  196. mod_avatar: {}
  197. mod_blocking: {}
  198. mod_bosh: {}
  199. mod_caps: {}
  200. mod_carboncopy: {}
  201. mod_client_state: {}
  202. mod_configure: {}
  203. mod_disco: {}
  204. mod_fail2ban: {}
  205. mod_http_api: {}
  206. mod_http_upload:
  207. put_url: https://@HOST@:5443/upload
  208. mod_last: {}
  209. mod_mam:
  210. ## Mnesia is limited to 2GB, better to use an SQL backend
  211. ## For small servers SQLite is a good fit and is very easy
  212. ## to configure. Uncomment this when you have SQL configured:
  213. ## db_type: sql
  214. assume_mam_usage: true
  215. default: never
  216. mod_mqtt: {}
  217. mod_muc:
  218. access:
  219. - allow
  220. access_admin:
  221. - allow: admin
  222. access_create: muc_create
  223. access_persistent: muc_create
  224. access_mam:
  225. - allow
  226. default_room_options:
  227. allow_subscription: true # enable MucSub
  228. mam: false
  229. mod_muc_admin: {}
  230. mod_offline:
  231. access_max_user_messages: max_user_offline_messages
  232. mod_ping: {}
  233. mod_privacy: {}
  234. mod_private: {}
  235. mod_proxy65:
  236. access: local
  237. max_connections: 5
  238. mod_pubsub:
  239. access_createnode: pubsub_createnode
  240. plugins:
  241. - flat
  242. - pep
  243. force_node_config:
  244. ## Avoid buggy clients to make their bookmarks public
  245. storage:bookmarks:
  246. access_model: whitelist
  247. mod_push: {}
  248. mod_push_keepalive: {}
  249. mod_register:
  250. ## Only accept registration requests from the "trusted"
  251. ## network (see access_rules section above).
  252. ## Think twice before enabling registration from any
  253. ## address. See the Jabber SPAM Manifesto for details:
  254. ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
  255. ip_access: trusted_network
  256. mod_roster:
  257. versioning: true
  258. mod_sip: {}
  259. mod_s2s_dialback: {}
  260. mod_shared_roster: {}
  261. mod_stream_mgmt:
  262. resend_on_timeout: if_offline
  263. mod_vcard: {}
  264. mod_vcard_xupdate: {}
  265. mod_version:
  266. show_os: false
  267. ### Local Variables:
  268. ### mode: yaml
  269. ### End:
  270. ### vim: set filetype=yaml tabstop=8