ejabberd-blog.yml 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308
  1. ###
  2. ###' ejabberd configuration file
  3. ###
  4. ### The parameters used in this configuration file are explained at
  5. ###
  6. ### https://docs.ejabberd.im/admin/configuration
  7. ###
  8. ### The configuration file is written in YAML.
  9. ### *******************************************************
  10. ### ******* !!! WARNING !!! *******
  11. ### ******* YAML IS INDENTATION SENSITIVE *******
  12. ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
  13. ### *******************************************************
  14. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  15. ###
  16. hosts:
  17. - "example.com"
  18. loglevel: 3
  19. log_rotate_size: 10485760
  20. log_rotate_count: 1
  21. certfiles:
  22. - "/opt/ejabberd/conf/fullchain.pem"
  23. - "/opt/ejabberd/conf/privkey.pem"
  24. listen:
  25. -
  26. port: 5222
  27. ip: 0.0.0.0
  28. module: ejabberd_c2s
  29. max_stanza_size: 262144
  30. shaper: c2s_shaper
  31. access: c2s
  32. starttls_required: true
  33. -
  34. port: 5223
  35. ip: 0.0.0.0
  36. tls: true
  37. module: ejabberd_c2s
  38. max_stanza_size: 262144
  39. shaper: c2s_shaper
  40. access: c2s
  41. starttls_required: true
  42. -
  43. port: 5269
  44. ip: 0.0.0.0
  45. module: ejabberd_s2s_in
  46. max_stanza_size: 524288
  47. -
  48. port: 5270
  49. ip: 0.0.0.0
  50. tls: true
  51. module: ejabberd_s2s_in
  52. max_stanza_size: 524288
  53. -
  54. port: 5443
  55. ip: 0.0.0.0
  56. module: ejabberd_http
  57. tls: true
  58. request_handlers:
  59. "/admin": ejabberd_web_admin
  60. "/api": mod_http_api
  61. "/bosh": mod_bosh
  62. "/captcha": ejabberd_captcha
  63. "/upload": mod_http_upload
  64. "/ws": ejabberd_http_ws
  65. -
  66. port: 5280
  67. ip: 0.0.0.0
  68. module: ejabberd_http
  69. request_handlers:
  70. "/admin": ejabberd_web_admin
  71. "/.well-known/acme-challenge": ejabberd_acme
  72. -
  73. port: 3478
  74. transport: udp
  75. module: ejabberd_stun
  76. use_turn: true
  77. turn_min_port: 49152
  78. turn_max_port: 65535
  79. turn_ip: 0.0.0.0
  80. -
  81. port: 5349
  82. transport: tcp
  83. module: ejabberd_stun
  84. use_turn: true
  85. tls: true
  86. turn_min_port: 49152
  87. turn_max_port: 65535
  88. ip: 0.0.0.0
  89. turn_ip: 0.0.0.0
  90. -
  91. port: 1883
  92. ip: 0.0.0.0
  93. module: mod_mqtt
  94. backlog: 1000
  95. s2s_use_starttls: optional
  96. acl:
  97. local:
  98. user_regexp: ""
  99. loopback:
  100. ip:
  101. - 127.0.0.0/8
  102. - ::1/128
  103. - ::FFFF:127.0.0.1/128
  104. admin:
  105. user:
  106. - "admin@example.com"
  107. access_rules:
  108. local:
  109. allow: local
  110. c2s:
  111. deny: blocked
  112. allow: all
  113. announce:
  114. allow: admin
  115. configure:
  116. allow: admin
  117. muc_create:
  118. allow: local
  119. pubsub_createnode:
  120. allow: local
  121. trusted_network:
  122. allow: loopback
  123. api_permissions:
  124. "console commands":
  125. from:
  126. - ejabberd_ctl
  127. who: all
  128. what: "*"
  129. "admin access":
  130. who:
  131. access:
  132. allow:
  133. acl: loopback
  134. acl: admin
  135. oauth:
  136. scope: "ejabberd:admin"
  137. access:
  138. allow:
  139. acl: loopback
  140. acl: admin
  141. what:
  142. - "*"
  143. - "!stop"
  144. - "!start"
  145. "public commands":
  146. who:
  147. ip: 127.0.0.1/8
  148. what:
  149. - status
  150. - connected_users_number
  151. shaper:
  152. normal:
  153. rate: 3000
  154. burst_size: 20000
  155. fast: 100000
  156. shaper_rules:
  157. max_user_sessions: 10
  158. max_user_offline_messages:
  159. 5000: admin
  160. 100: all
  161. c2s_shaper:
  162. none: admin
  163. normal: all
  164. s2s_shaper: fast
  165. max_fsm_queue: 10000
  166. acme:
  167. contact: "mailto:admin@example.com"
  168. ca_url: "https://acme-v02.api.letsencrypt.org"
  169. modules:
  170. mod_adhoc: {}
  171. mod_admin_extra: {}
  172. mod_announce:
  173. access: announce
  174. mod_avatar: {}
  175. mod_blocking: {}
  176. mod_bosh: {}
  177. mod_caps: {}
  178. mod_carboncopy: {}
  179. mod_client_state: {}
  180. mod_configure: {}
  181. mod_disco:
  182. server_info:
  183. -
  184. modules: all
  185. name: "abuse-addresses"
  186. urls: ["mailto:abuse@example.com"]
  187. -
  188. modules:
  189. - mod_disco
  190. - mod_vcard
  191. name: admin-addresses
  192. urls:
  193. - https://example.com
  194. - mailto:admin@example.com
  195. - xmpp:admin@example.com
  196. mod_fail2ban: {}
  197. mod_http_api: {}
  198. mod_http_upload:
  199. put_url: https://@HOST@:5443/upload
  200. docroot: /var/www/upload
  201. custom_headers:
  202. "Access-Control-Allow-Origin": "https://@HOST@"
  203. "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
  204. "Access-Control-Allow-Headers": "Content-Type"
  205. mod_last: {}
  206. mod_mam:
  207. ## Mnesia is limited to 2GB, better to use an SQL backend
  208. ## For small servers SQLite is a good fit and is very easy
  209. ## to configure. Uncomment this when you have SQL configured:
  210. ## db_type: sql
  211. assume_mam_usage: true
  212. default: always
  213. mod_mqtt: {}
  214. mod_muc:
  215. access:
  216. - allow
  217. access_admin:
  218. - allow: admin
  219. access_create: muc_create
  220. access_persistent: muc_create
  221. access_mam:
  222. - allow
  223. default_room_options:
  224. allow_subscription: true # enable MucSub
  225. persistent: true
  226. mam: true
  227. mod_muc_admin: {}
  228. mod_offline:
  229. access_max_user_messages: max_user_offline_messages
  230. mod_ping: {}
  231. mod_privacy: {}
  232. mod_private: {}
  233. mod_proxy65:
  234. access: local
  235. max_connections: 5
  236. mod_pubsub:
  237. access_createnode: pubsub_createnode
  238. plugins:
  239. - flat
  240. - pep
  241. force_node_config:
  242. ## Avoid buggy clients to make their bookmarks public
  243. storage:bookmarks:
  244. access_model: whitelist
  245. mod_push: {}
  246. mod_push_keepalive: {}
  247. mod_register:
  248. ## Only accept registration requests from the "trusted"
  249. ## network (see access_rules section above).
  250. ## Think twice before enabling registration from any
  251. ## address. See the Jabber SPAM Manifesto for details:
  252. ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
  253. ip_access: trusted_network
  254. mod_roster:
  255. versioning: true
  256. mod_s2s_dialback: {}
  257. mod_shared_roster: {}
  258. mod_stream_mgmt:
  259. resend_on_timeout: if_offline
  260. mod_stun_disco:
  261. credentials_lifetime: 12h
  262. services:
  263. -
  264. host: 0.0.0.0
  265. port: 3478
  266. type: stun
  267. transport: udp
  268. restricted: false
  269. -
  270. host: 0.0.0.0
  271. port: 3478
  272. type: turn
  273. transport: udp
  274. restricted: true
  275. -
  276. host: example.com
  277. port: 5349
  278. type: stuns
  279. transport: tcp
  280. restricted: false
  281. -
  282. host: example.com
  283. port: 5349
  284. type: turns
  285. transport: tcp
  286. restricted: true
  287. mod_vcard: {}
  288. mod_vcard_xupdate: {}
  289. mod_version:
  290. show_os: false
  291. ### Local Variables:
  292. ### mode: yaml
  293. ### End:
  294. ### vim: set filetype=yaml tabstop=