ulpeters
/
ejabberd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330
							###
###'              ejabberd configuration file
###
###

### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### https://docs.ejabberd.im/
---
###.  =======
###'  LOGGING

loglevel: 3
hide_sensitive_log_data: true

log_rotate_size: 0
log_rotate_date: ""

log_rate_limit: 100

###.  ================
###'  SERVED HOSTNAMES

hosts:
  - "kuketz-lab.de"

###.  ============
###'  Certificates

certfiles:
  - "/etc/ejabberd/certs/kuketz-lab.pem"
  - "/etc/ejabberd/certs/kuketz-lab.key"

###.  =================
###'  TLS configuration

define_macro:
  'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
  'TLS_OPTIONS':
    - "no_sslv3"
    - "no_tlsv1"
    - "no_tlsv1_1"
    - "cipher_server_preference"
    - "no_compression"

c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'

###.  ===============
###'  LISTENING PORTS

listen:
  -
    port: 5222
    ip: "::"
    module: ejabberd_c2s
    starttls_required: true
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
  -
    port: 5223
    ip: "::"
    module: ejabberd_c2s
    tls: true
    max_stanza_size: 65536
    shaper: c2s_shaper
    access: c2s
  -
    port: 5269
    ip: "::"
    module: ejabberd_s2s_in
  -
    port: 5270
    ip: "::"
    module: ejabberd_s2s_in
    tls: true
  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/upload": mod_http_upload
    tls: true
    ciphers: 'TLS_CIPHERS'
    protocol_options: 'TLS_OPTIONS'

disable_sasl_mechanisms:
  - "digest-md5"
  - "x-oauth2"

###.  ==================
###'  S2S GLOBAL OPTIONS

s2s_use_starttls: required

###.  ==============
###'  AUTHENTICATION

auth_method: internal
auth_password_format: scram

###.  ==============
###'  DATABASE SETUP

###.  ===============
###'  TRAFFIC SHAPERS

shaper:
  normal: 1000
  fast: 50000

max_fsm_queue: 10000

###.   ====================
###'   ACCESS CONTROL LISTS

acl:
  admin:
     user:
       - "admin": "kuketz-lab.de"

  local:
    user_regexp: ""

  loopback:
    ip:
      - "127.0.0.0/8"
      - "::1/128"
      - "::FFFF:127.0.0.1/128"

###.  ============
###'  SHAPER RULES

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    - 5000: admin
    - 500
  c2s_shaper:
    - none: admin
    - normal
  s2s_shaper: fast

###.  ============
###'  ACCESS RULES

access_rules:
  local:
    - allow: local
  c2s:
    - deny: blocked
    - allow
  announce:
    - allow: admin
  configure:
    - allow: admin
  muc_create:
    - allow: local
  pubsub_createnode:
    - allow: local
  register:
    - allow
  trusted_network:
    - allow: local

## ===============
## API PERMISSIONS
## ===============

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      - access:
        - allow:
          - acl: loopback
          - acl: admin
      - oauth:
        - scope: "ejabberd:admin"
        - access:
          - allow:
            - acl: loopback
            - acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      - ip: "127.0.0.1/8"
    what:
      - "status"
      - "connected_users_number"

###.  ================
###'  DEFAULT LANGUAGE

language: "en"

###.  =======
###'  CAPTCHA

captcha_cmd: "/usr/share/ejabberd/captcha.sh"
captcha_limit: 5

###.  ====
###'  ACME

acme:
  contact: "mailto:example-admin@example.com"
  ca_url: "https://acme-v01.api.letsencrypt.org"

###.  =======
###'  MODULES

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:   
    access: announce
  mod_block_strangers: {}
  mod_blocking: {}   
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}   
  ## mod_delegation: {}  
  mod_disco:
    server_info:
      -
        modules: all
        name: "abuse-addresses"
        urls:
          - "mailto:admin@kuketz-lab.de"
      -
        modules: all
        name: "support-addresses"
        urls:
          - "mailto:admin@kuketz-lab.de"
      -
         modules: all
         name: "admin-addresses"
         urls:
           - "mailto:admin@kuketz-lab.de"
  ## mod_echo: {}
  ## mod_bosh: {}
  ## mod_http_fileserver:
  mod_http_upload:
    put_url: "https://@HOST@:5443/upload"
    docroot: "@HOME@/upload"
    secret_length: 40
  mod_http_upload_quota:
    max_days: 30
  ## mod_last: {}
  mod_mam:
    assume_mam_usage: true
    default: always
    request_activates_archiving: true
  mod_muc:
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    default_room_options:
      mam: true
      persistent: true
      public: false
      public_list: false
  mod_muc_admin: {}
  ## mod_muc_log: {}
  ## mod_multicast: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_pres_counter:
    count: 16
    interval: 60
  mod_privacy: {}
  mod_private: {}
  mod_proxy65:
    max_connections: 5
  mod_pubsub:
    access_createnode: pubsub_createnode
    ignore_pep_from_offline: true
    last_item_cache: false
    plugins:
      - "flat"
      - "pep"
    force_node_config:
      "eu.siacs.conversations.axolotl.*":
        access_model: open
      "storage:bookmarks":
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    captcha_protected: true
    password_strength: 64
    ip_access: all
    access: register
  mod_roster:
    versioning: true
  mod_shared_roster: {}
  mod_sic: {}
  mod_stats: {}
  mod_time: {}
  mod_vcard:
    search: false
  mod_vcard_xupdate: {}
  mod_avatar: {}
  mod_version:
    show_os: false
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_s2s_dialback: {}
  ## mod_http_api: {}
  mod_fail2ban: {}

allow_contrib_modules: true