ejabberd_template.yml 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673
  1. ###
  2. ### ejabberd configuration file
  3. ###
  4. ###
  5. ### The parameters used in this configuration file are explained in more detail
  6. ### in the ejabberd Installation and Operation Guide.
  7. ### Please consult the Guide in case of doubts, it is included with
  8. ### your copy of ejabberd, and is also available online at
  9. ### http://www.process-one.net/en/ejabberd/docs/
  10. ### The configuration file is written in YAML.
  11. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  12. ### However, ejabberd treats different literals as different types:
  13. ###
  14. ### - unquoted or single-quoted strings. They are called "atoms".
  15. ### Example: dog, 'Jupiter', '3.14159', YELLOW
  16. ###
  17. ### - numeric literals. Example: 3, -45.0, .0
  18. ###
  19. ### - quoted or folded strings.
  20. ### Examples of quoted string: "Lizzard", "orange".
  21. ### Example of folded string:
  22. ### > Art thou not Romeo,
  23. ### and a Montague?
  24. ### =======
  25. ### LOGGING
  26. ##
  27. ## loglevel: Verbosity of log files generated by ejabberd.
  28. ## 0: No ejabberd log at all (not recommended)
  29. ## 1: Critical
  30. ## 2: Error
  31. ## 3: Warning
  32. ## 4: Info
  33. ## 5: Debug
  34. ##
  35. loglevel: 3
  36. ##
  37. ## rotation: Describe how to rotate logs. Either size and/or date can trigger
  38. ## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
  39. ## does not disable rotation, it instead rotates the file and keeps no previous
  40. ## versions around. Setting size to X rotate log when it reaches X bytes.
  41. ## To disable rotation set the size to 0 and the date to ""
  42. ## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
  43. ## Some examples:
  44. ## $D0 rotate every night at midnight
  45. ## $D23 rotate every day at 23:00 hr
  46. ## $W0D23 rotate every week on Sunday at 23:00 hr
  47. ## $W5D16 rotate every week on Friday at 16:00 hr
  48. ## $M1D0 rotate on the first day of every month at midnight
  49. ## $M5D6 rotate on every 5th day of the month at 6:00 hr
  50. ##
  51. log_rotate_size: 10485760
  52. log_rotate_date: ""
  53. log_rotate_count: 1
  54. ##
  55. ## overload protection: If you want to limit the number of messages per second
  56. ## allowed from error_logger, which is a good idea if you want to avoid a flood
  57. ## of messages when system is overloaded, you can set a limit.
  58. ## 100 is ejabberd's default.
  59. log_rate_limit: 100
  60. ##
  61. ## watchdog_admins: Only useful for developers: if an ejabberd process
  62. ## consumes a lot of memory, send live notifications to these XMPP
  63. ## accounts.
  64. ##
  65. ## watchdog_admins:
  66. ## - "bob@example.com"
  67. ### ================
  68. ### SERVED HOSTNAMES
  69. ##
  70. ## hosts: Domains served by ejabberd.
  71. ## You can define one or several, for example:
  72. ## hosts:
  73. ## - "example.net"
  74. ## - "example.com"
  75. ## - "example.org"
  76. ##
  77. hosts:
  78. - "AZURE_HOST"
  79. ##
  80. ## route_subdomains: Delegate subdomains to other XMPP servers.
  81. ## For example, if this ejabberd serves example.org and you want
  82. ## to allow communication with an XMPP server called im.example.org.
  83. ##
  84. ## route_subdomains: s2s
  85. ### ===============
  86. ### LISTENING PORTS
  87. ##
  88. ## listen: The ports ejabberd will listen on, which service each is handled
  89. ## by and what options to start it with.
  90. ##
  91. listen:
  92. -
  93. port: 5222
  94. module: ejabberd_c2s
  95. ##
  96. ## If TLS is compiled in and you installed a SSL
  97. ## certificate, specify the full path to the
  98. ## file and uncomment these lines:
  99. ##
  100. certfile: "/opt/ejabberd/conf/AZURE_HOST.pem"
  101. starttls: true
  102. ##
  103. ## To enforce TLS encryption for client connections,
  104. ## use this instead of the "starttls" option:
  105. ##
  106. ## starttls_required: true
  107. ##
  108. ## Custom OpenSSL options
  109. ##
  110. protocol_options:
  111. - "no_sslv3"
  112. ## - "no_tlsv1"
  113. max_stanza_size: 65536
  114. shaper: c2s_shaper
  115. access: c2s
  116. -
  117. port: 5269
  118. module: ejabberd_s2s_in
  119. ##
  120. ## ejabberd_service: Interact with external components (transports, ...)
  121. ##
  122. ## -
  123. ## port: 8888
  124. ## module: ejabberd_service
  125. ## access: all
  126. ## shaper_rule: fast
  127. ## ip: "127.0.0.1"
  128. ## hosts:
  129. ## "icq.example.org":
  130. ## password: "secret"
  131. ## "sms.example.org":
  132. ## password: "secret"
  133. ##
  134. ## ejabberd_stun: Handles STUN Binding requests
  135. ##
  136. ## -
  137. ## port: 3478
  138. ## transport: udp
  139. ## module: ejabberd_stun
  140. ##
  141. ## To handle XML-RPC requests that provide admin credentials:
  142. ##
  143. ## -
  144. ## port: 4560
  145. ## module: ejabberd_xmlrpc
  146. -
  147. port: 5280
  148. tls: true
  149. certfile: "/opt/ejabberd/conf/AZURE_HOST.pem"
  150. protocol_options:
  151. - "no_sslv3"
  152. module: ejabberd_http
  153. request_handlers:
  154. "/websocket": ejabberd_http_ws
  155. ## request_handlers:
  156. ## "/pub/archive": mod_http_fileserver
  157. web_admin: true
  158. http_poll: true
  159. http_bind: true
  160. ## register: true
  161. captcha: false
  162. ##
  163. ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
  164. ## Allowed values are: false optional required required_trusted
  165. ## You must specify a certificate file.
  166. ##
  167. s2s_use_starttls: optional
  168. ##
  169. ## s2s_certfile: Specify a certificate file.
  170. ##
  171. s2s_certfile: "/opt/ejabberd/conf/AZURE_HOST.pem"
  172. ## Custom OpenSSL options
  173. ##
  174. s2s_protocol_options:
  175. - "no_sslv3"
  176. ## - "no_tlsv1"
  177. ##
  178. ## domain_certfile: Specify a different certificate for each served hostname.
  179. ##
  180. ## host_config:
  181. ## "example.org":
  182. ## domain_certfile: "/path/to/example_org.pem"
  183. ## "example.com":
  184. ## domain_certfile: "/path/to/example_com.pem"
  185. ##
  186. ## S2S whitelist or blacklist
  187. ##
  188. ## Default s2s policy for undefined hosts.
  189. ##
  190. ## s2s_access: s2s
  191. ##
  192. ## Outgoing S2S options
  193. ##
  194. ## Preferred address families (which to try first) and connect timeout
  195. ## in milliseconds.
  196. ##
  197. ## outgoing_s2s_families:
  198. ## - ipv4
  199. ## - ipv6
  200. ## outgoing_s2s_timeout: 10000
  201. ### ==============
  202. ### AUTHENTICATION
  203. ##
  204. ## auth_method: Method used to authenticate the users.
  205. ## The default method is the internal.
  206. ## If you want to use a different method,
  207. ## comment this line and enable the correct ones.
  208. ##
  209. auth_method: internal
  210. ##
  211. ## Store the plain passwords or hashed for SCRAM:
  212. ## auth_password_format: plain
  213. ## auth_password_format: scram
  214. ##
  215. ## Define the FQDN if ejabberd doesn't detect it:
  216. ## fqdn: "server3.example.com"
  217. ##
  218. ## Authentication using external script
  219. ## Make sure the script is executable by ejabberd.
  220. ##
  221. ## auth_method: external
  222. ## extauth_program: "/path/to/authentication/script"
  223. ##
  224. ## Authentication using ODBC
  225. ## Remember to setup a database in the next section.
  226. ##
  227. ## auth_method: odbc
  228. ##
  229. ## Authentication using PAM
  230. ##
  231. ## auth_method: pam
  232. ## pam_service: "pamservicename"
  233. ##
  234. ## Authentication using LDAP
  235. ##
  236. ## auth_method: ldap
  237. ##
  238. ## List of LDAP servers:
  239. ## ldap_servers:
  240. ## - "localhost"
  241. ##
  242. ## Encryption of connection to LDAP servers:
  243. ## ldap_encrypt: none
  244. ## ldap_encrypt: tls
  245. ##
  246. ## Port to connect to on LDAP servers:
  247. ## ldap_port: 389
  248. ## ldap_port: 636
  249. ##
  250. ## LDAP manager:
  251. ## ldap_rootdn: "dc=example,dc=com"
  252. ##
  253. ## Password of LDAP manager:
  254. ## ldap_password: "******"
  255. ##
  256. ## Search base of LDAP directory:
  257. ## ldap_base: "dc=example,dc=com"
  258. ##
  259. ## LDAP attribute that holds user ID:
  260. ## ldap_uids:
  261. ## - "mail": "%u@mail.example.org"
  262. ##
  263. ## LDAP filter:
  264. ## ldap_filter: "(objectClass=shadowAccount)"
  265. ##
  266. ## Anonymous login support:
  267. ## auth_method: anonymous
  268. ## anonymous_protocol: sasl_anon | login_anon | both
  269. ## allow_multiple_connections: true | false
  270. ##
  271. ## host_config:
  272. ## "public.example.org":
  273. ## auth_method: anonymous
  274. ## allow_multiple_connections: false
  275. ## anonymous_protocol: sasl_anon
  276. ##
  277. ## To use both anonymous and internal authentication:
  278. ##
  279. ## host_config:
  280. ## "public.example.org":
  281. ## auth_method:
  282. ## - internal
  283. ## - anonymous
  284. ### ==============
  285. ### DATABASE SETUP
  286. ## ejabberd by default uses the internal Mnesia database,
  287. ## so you do not necessarily need this section.
  288. ## This section provides configuration examples in case
  289. ## you want to use other database backends.
  290. ## Please consult the ejabberd Guide for details on database creation.
  291. ##
  292. ## MySQL server:
  293. ##
  294. ## odbc_type: mysql
  295. ## odbc_server: "server"
  296. ## odbc_database: "database"
  297. ## odbc_username: "username"
  298. ## odbc_password: "password"
  299. ##
  300. ## If you want to specify the port:
  301. ## odbc_port: 1234
  302. ##
  303. ## PostgreSQL server:
  304. ##
  305. ## odbc_type: pgsql
  306. ## odbc_server: "server"
  307. ## odbc_database: "database"
  308. ## odbc_username: "username"
  309. ## odbc_password: "password"
  310. ##
  311. ## If you want to specify the port:
  312. ## odbc_port: 1234
  313. ##
  314. ## If you use PostgreSQL, have a large database, and need a
  315. ## faster but inexact replacement for "select count(*) from users"
  316. ##
  317. ## pgsql_users_number_estimate: true
  318. ##
  319. ## ODBC compatible or MSSQL server:
  320. ##
  321. ## odbc_type: odbc
  322. ## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
  323. ##
  324. ## Number of connections to open to the database for each virtual host
  325. ##
  326. ## odbc_pool_size: 10
  327. ##
  328. ## Interval to make a dummy SQL request to keep the connections to the
  329. ## database alive. Specify in seconds: for example 28800 means 8 hours
  330. ##
  331. ## odbc_keepalive_interval: undefined
  332. ### ===============
  333. ### TRAFFIC SHAPERS
  334. shaper:
  335. ##
  336. ## The "normal" shaper limits traffic speed to 1000 B/s
  337. ##
  338. normal: 1000
  339. ##
  340. ## The "fast" shaper limits traffic speed to 50000 B/s
  341. ##
  342. fast: 50000
  343. ##
  344. ## This option specifies the maximum number of elements in the queue
  345. ## of the FSM. Refer to the documentation for details.
  346. ##
  347. max_fsm_queue: 1000
  348. ###. ====================
  349. ###' ACCESS CONTROL LISTS
  350. acl:
  351. ##
  352. ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  353. ## You can put here as many accounts as you want.
  354. ##
  355. admin:
  356. user:
  357. - "AZURE_ADMIN": "AZURE_HOST"
  358. ## - "ermine": "example.org"
  359. ##
  360. ## Blocked users
  361. ##
  362. ## blocked:
  363. ## user:
  364. ## - "baduser": "example.org"
  365. ## - "test"
  366. ## Local users: don't modify this.
  367. ##
  368. local:
  369. user_regexp: ""
  370. ##
  371. ## More examples of ACLs
  372. ##
  373. ## jabberorg:
  374. ## server:
  375. ## - "jabber.org"
  376. ## aleksey:
  377. ## user:
  378. ## - "aleksey": "jabber.ru"
  379. ## test:
  380. ## user_regexp: "^test"
  381. ## user_glob: "test*"
  382. ##
  383. ## Loopback network
  384. ##
  385. loopback:
  386. ip:
  387. - "127.0.0.0/8"
  388. ##
  389. ## Bad XMPP servers
  390. ##
  391. ## bad_servers:
  392. ## server:
  393. ## - "xmpp.zombie.org"
  394. ## - "xmpp.spam.com"
  395. ##
  396. ## Define specific ACLs in a virtual host.
  397. ##
  398. ## host_config:
  399. ## "localhost":
  400. ## acl:
  401. ## admin:
  402. ## user:
  403. ## - "bob-local": "localhost"
  404. ### ============
  405. ### ACCESS RULES
  406. access:
  407. ## Maximum number of simultaneous sessions allowed for a single user:
  408. max_user_sessions:
  409. all: 10
  410. ## Maximum number of offline messages that users can have:
  411. max_user_offline_messages:
  412. admin: 5000
  413. all: 100
  414. ## This rule allows access only for local users:
  415. local:
  416. local: allow
  417. ## Only non-blocked users can use c2s connections:
  418. c2s:
  419. blocked: deny
  420. all: allow
  421. ## For C2S connections, all users except admins use the "normal" shaper
  422. c2s_shaper:
  423. admin: none
  424. all: normal
  425. ## All S2S connections use the "fast" shaper
  426. s2s_shaper:
  427. all: fast
  428. ## Only admins can send announcement messages:
  429. announce:
  430. admin: allow
  431. ## Only admins can use the configuration interface:
  432. configure:
  433. admin: allow
  434. ## Admins of this server are also admins of the MUC service:
  435. muc_admin:
  436. admin: allow
  437. ## Only accounts of the local ejabberd server can create rooms:
  438. muc_create:
  439. local: allow
  440. ## All users are allowed to use the MUC service:
  441. muc:
  442. all: allow
  443. ## Only accounts on the local ejabberd server can create Pubsub nodes:
  444. pubsub_createnode:
  445. local: allow
  446. ## In-band registration allows registration of any possible username.
  447. ## To disable in-band registration, replace 'allow' with 'deny'.
  448. register:
  449. all: allow
  450. ## Only allow to register from localhost
  451. trusted_network:
  452. loopback: allow
  453. ## Do not establish S2S connections with bad servers
  454. ## s2s:
  455. ## bad_servers: deny
  456. ## all: allow
  457. ## By default the frequency of account registrations from the same IP
  458. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
  459. ## registration_timeout: 600
  460. ##
  461. ## Define specific Access Rules in a virtual host.
  462. ##
  463. ## host_config:
  464. ## "localhost":
  465. ## access:
  466. ## c2s:
  467. ## admin: allow
  468. ## all: deny
  469. ## register:
  470. ## all: deny
  471. ### ================
  472. ### DEFAULT LANGUAGE
  473. ##
  474. ## language: Default language used for server messages.
  475. ##
  476. language: "en"
  477. ##
  478. ## Set a different default language in a virtual host.
  479. ##
  480. ## host_config:
  481. ## "localhost":
  482. ## language: "ru"
  483. ### =======
  484. ### CAPTCHA
  485. ##
  486. ## Full path to a script that generates the image.
  487. ##
  488. ## captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh"
  489. ##
  490. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
  491. ##
  492. ## captcha_host: "example.org:5280"
  493. ##
  494. ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
  495. ##
  496. ## captcha_limit: 5
  497. ### =======
  498. ### MODULES
  499. ##
  500. ## Modules enabled in all ejabberd virtual hosts.
  501. ##
  502. modules:
  503. mod_adhoc: {}
  504. mod_admin_extra: {}
  505. mod_announce: # recommends mod_adhoc
  506. access: announce
  507. mod_blocking: {} # requires mod_privacy
  508. mod_caps: {}
  509. mod_carboncopy: {}
  510. mod_client_state:
  511. drop_chat_states: true
  512. queue_presence: false
  513. mod_configure: {} # requires mod_adhoc
  514. mod_disco: {}
  515. ## mod_echo: {}
  516. mod_irc: {}
  517. mod_http_bind: {}
  518. ## mod_http_fileserver:
  519. ## docroot: "/var/www"
  520. ## accesslog: "/var/log/ejabberd/access.log"
  521. mod_last: {}
  522. mod_muc:
  523. ## host: "conference.@HOST@"
  524. access: muc
  525. access_create: muc_create
  526. access_persistent: muc_create
  527. access_admin: muc_admin
  528. ## mod_muc_log: {}
  529. mod_offline:
  530. access_max_user_messages: max_user_offline_messages
  531. mod_ping: {}
  532. ## mod_pres_counter:
  533. ## count: 5
  534. ## interval: 60
  535. mod_privacy: {}
  536. mod_private: {}
  537. ## mod_proxy65: {}
  538. mod_pubsub:
  539. access_createnode: pubsub_createnode
  540. ## reduces resource comsumption, but XEP incompliant
  541. ignore_pep_from_offline: true
  542. ## XEP compliant, but increases resource comsumption
  543. ## ignore_pep_from_offline: false
  544. last_item_cache: false
  545. plugins:
  546. - "flat"
  547. - "hometree"
  548. - "pep" # pep requires mod_caps
  549. mod_register:
  550. ##
  551. ## Protect In-Band account registrations with CAPTCHA.
  552. ##
  553. ## captcha_protected: true
  554. ##
  555. ## Set the minimum informational entropy for passwords.
  556. ##
  557. ## password_strength: 32
  558. ##
  559. ## After successful registration, the user receives
  560. ## a message with this subject and body.
  561. ##
  562. welcome_message:
  563. subject: "Welcome!"
  564. body: |-
  565. Hi.
  566. Welcome to this XMPP server.
  567. ##
  568. ## When a user registers, send a notification to
  569. ## these XMPP accounts.
  570. ##
  571. ## registration_watchers:
  572. ## - "admin1@example.org"
  573. ##
  574. ## Only clients in the server machine can register accounts
  575. ##
  576. ip_access: trusted_network
  577. ##
  578. ## Local c2s or remote s2s users cannot register accounts
  579. ##
  580. ## access_from: deny
  581. access: register
  582. mod_roster: {}
  583. mod_shared_roster: {}
  584. mod_stats: {}
  585. mod_time: {}
  586. mod_vcard: {}
  587. mod_version: {}
  588. ##
  589. ## Enable modules with custom options in a specific virtual host
  590. ##
  591. ## host_config:
  592. ## "localhost":
  593. ## modules:
  594. ## mod_echo:
  595. ## host: "mirror.localhost"
  596. ##
  597. ## Enable modules management via ejabberdctl for installation and
  598. ## uninstallation of public/private contributed modules
  599. ## (enabled by default)
  600. ##
  601. allow_contrib_modules: true
  602. ### Local Variables:
  603. ### mode: yaml
  604. ### End:
  605. ### vim: set filetype=yaml tabstop=8