ejabberd.yml.vanilla_2018-10-22 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856
  1. ###
  2. ###' ejabberd configuration file
  3. ###
  4. ###
  5. ### The parameters used in this configuration file are explained in more detail
  6. ### in the ejabberd Installation and Operation Guide.
  7. ### Please consult the Guide in case of doubts, it is included with
  8. ### your copy of ejabberd, and is also available online at
  9. ### http://www.process-one.net/en/ejabberd/docs/
  10. ### The configuration file is written in YAML.
  11. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  12. ### However, ejabberd treats different literals as different types:
  13. ###
  14. ### - unquoted or single-quoted strings. They are called "atoms".
  15. ### Example: dog, 'Jupiter', '3.14159', YELLOW
  16. ###
  17. ### - numeric literals. Example: 3, -45.0, .0
  18. ###
  19. ### - quoted or folded strings.
  20. ### Examples of quoted string: "Lizzard", "orange".
  21. ### Example of folded string:
  22. ### > Art thou not Romeo,
  23. ### and a Montague?
  24. ###. =======
  25. ###' LOGGING
  26. ##
  27. ## loglevel: Verbosity of log files generated by ejabberd.
  28. ## 0: No ejabberd log at all (not recommended)
  29. ## 1: Critical
  30. ## 2: Error
  31. ## 3: Warning
  32. ## 4: Info
  33. ## 5: Debug
  34. ##
  35. loglevel: 4
  36. ##
  37. ## rotation: Describe how to rotate logs. Either size and/or date can trigger
  38. ## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
  39. ## does not disable rotation, it instead rotates the file and keeps no previous
  40. ## versions around. Setting size to X rotate log when it reaches X bytes.
  41. ## To disable rotation set the size to 0 and the date to ""
  42. ## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
  43. ## Some examples:
  44. ## $D0 rotate every night at midnight
  45. ## $D23 rotate every day at 23:00 hr
  46. ## $W0D23 rotate every week on Sunday at 23:00 hr
  47. ## $W5D16 rotate every week on Friday at 16:00 hr
  48. ## $M1D0 rotate on the first day of every month at midnight
  49. ## $M5D6 rotate on every 5th day of the month at 6:00 hr
  50. ##
  51. log_rotate_size: 10485760
  52. log_rotate_date: ""
  53. log_rotate_count: 1
  54. ##
  55. ## overload protection: If you want to limit the number of messages per second
  56. ## allowed from error_logger, which is a good idea if you want to avoid a flood
  57. ## of messages when system is overloaded, you can set a limit.
  58. ## 100 is ejabberd's default.
  59. log_rate_limit: 100
  60. ##
  61. ## watchdog_admins: Only useful for developers: if an ejabberd process
  62. ## consumes a lot of memory, send live notifications to these XMPP
  63. ## accounts.
  64. ##
  65. ## watchdog_admins:
  66. ## - "bob@example.com"
  67. ###. ===============
  68. ###' NODE PARAMETERS
  69. ##
  70. ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
  71. ## identical value on all nodes, and in most cases shouldn't be changed at all from
  72. ## default value.
  73. ##
  74. ## net_ticktime: 60
  75. ###. ================
  76. ###' SERVED HOSTNAMES
  77. ##
  78. ## hosts: Domains served by ejabberd.
  79. ## You can define one or several, for example:
  80. ## hosts:
  81. ## - "example.net"
  82. ## - "example.com"
  83. ## - "example.org"
  84. ##
  85. hosts:
  86. - "localhost"
  87. ##
  88. ## route_subdomains: Delegate subdomains to other XMPP servers.
  89. ## For example, if this ejabberd serves example.org and you want
  90. ## to allow communication with an XMPP server called im.example.org.
  91. ##
  92. ## route_subdomains: s2s
  93. ###. ============
  94. ###' Certificates
  95. ## List all available PEM files containing certificates for your domains,
  96. ## chains of certificates or certificate keys. Full chains will be built
  97. ## automatically by ejabberd.
  98. ##
  99. certfiles:
  100. - "/home/ejabberd/conf/server.pem"
  101. ## - "/etc/letsencrypt/live/example.org/*.pem"
  102. ## - "/etc/letsencrypt/live/example.com/*.pem"
  103. ca_file: "/home/ejabberd/conf/cacert.pem"
  104. ###. =================
  105. ###' TLS configuration
  106. ## Note that the following configuration is the default
  107. ## configuration of the TLS driver, so you don't need to
  108. ## uncomment it.
  109. ##
  110. ## define_macro:
  111. ## 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
  112. ## 'TLS_OPTIONS':
  113. ## - "no_sslv3"
  114. ## - "cipher_server_preference"
  115. ## - "no_compression"
  116. ## 'DH_FILE': "/home/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
  117. ##
  118. ## c2s_dhfile: 'DH_FILE'
  119. ## s2s_dhfile: 'DH_FILE'
  120. ## c2s_ciphers: 'TLS_CIPHERS'
  121. ## s2s_ciphers: 'TLS_CIPHERS'
  122. ## c2s_protocol_options: 'TLS_OPTIONS'
  123. ## s2s_protocol_options: 'TLS_OPTIONS'
  124. ###. ===============
  125. ###' LISTENING PORTS
  126. ##
  127. ## listen: The ports ejabberd will listen on, which service each is handled
  128. ## by and what options to start it with.
  129. ##
  130. listen:
  131. -
  132. port: 5222
  133. ip: "::"
  134. module: ejabberd_c2s
  135. starttls: true
  136. ##
  137. ## To enforce TLS encryption for client connections,
  138. ## use this instead of the "starttls" option:
  139. ##
  140. ## starttls_required: true
  141. ##
  142. ## Stream compression
  143. ##
  144. ## zlib: true
  145. ##
  146. max_stanza_size: 65536
  147. shaper: c2s_shaper
  148. access: c2s
  149. -
  150. port: 5269
  151. ip: "::"
  152. module: ejabberd_s2s_in
  153. max_stanza_size: 131072
  154. shaper: s2s_shaper
  155. -
  156. port: 5280
  157. ip: "::"
  158. module: ejabberd_http
  159. request_handlers:
  160. "/ws": ejabberd_http_ws
  161. "/bosh": mod_bosh
  162. "/oauth": ejabberd_oauth
  163. "/api": mod_http_api
  164. ## "/pub/archive": mod_http_fileserver
  165. web_admin: true
  166. ## register: true
  167. captcha: false
  168. ##
  169. ## ejabberd_service: Interact with external components (transports, ...)
  170. ##
  171. ## -
  172. ## port: 8888
  173. ## ip: "::"
  174. ## module: ejabberd_service
  175. ## access: all
  176. ## shaper_rule: fast
  177. ## ip: "127.0.0.1"
  178. ## privilege_access:
  179. ## roster: "both"
  180. ## message: "outgoing"
  181. ## presence: "roster"
  182. ## delegations:
  183. ## "urn:xmpp:mam:1":
  184. ## filtering: ["node"]
  185. ## "http://jabber.org/protocol/pubsub":
  186. ## filtering: []
  187. ## hosts:
  188. ## "icq.example.org":
  189. ## password: "secret"
  190. ## "sms.example.org":
  191. ## password: "secret"
  192. ##
  193. ## ejabberd_stun: Handles STUN Binding requests
  194. ##
  195. ## -
  196. ## port: 3478
  197. ## transport: udp
  198. ## module: ejabberd_stun
  199. ##
  200. ## To handle XML-RPC requests that provide admin credentials:
  201. ##
  202. ## -
  203. ## port: 4560
  204. ## ip: "::"
  205. ## module: ejabberd_xmlrpc
  206. ## maxsessions: 10
  207. ## timeout: 5000
  208. ## access_commands:
  209. ## admin:
  210. ## commands: all
  211. ## options: []
  212. ##
  213. ## To enable secure http upload
  214. ##
  215. ## -
  216. ## port: 5444
  217. ## ip: "::"
  218. ## module: ejabberd_http
  219. ## request_handlers:
  220. ## "": mod_http_upload
  221. ## tls: true
  222. ## protocol_options: 'TLS_OPTIONS'
  223. ## dhfile: 'DH_FILE'
  224. ## ciphers: 'TLS_CIPHERS'
  225. ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
  226. ## password storage (see auth_password_format option).
  227. ## disable_sasl_mechanisms: "digest-md5"
  228. ###. ==================
  229. ###' S2S GLOBAL OPTIONS
  230. ##
  231. ## s2s_use_starttls: Enable STARTTLS for S2S connections.
  232. ## Allowed values are: false, optional or required
  233. ## You must specify 'certfiles' option
  234. ##
  235. s2s_use_starttls: optional
  236. ##
  237. ## S2S whitelist or blacklist
  238. ##
  239. ## Default s2s policy for undefined hosts.
  240. ##
  241. ## s2s_access: s2s
  242. ##
  243. ## Outgoing S2S options
  244. ##
  245. ## Preferred address families (which to try first) and connect timeout
  246. ## in seconds.
  247. ##
  248. ## outgoing_s2s_families:
  249. ## - ipv4
  250. ## - ipv6
  251. ## outgoing_s2s_timeout: 190
  252. ###. ==============
  253. ###' AUTHENTICATION
  254. ##
  255. ## auth_method: Method used to authenticate the users.
  256. ## The default method is the internal.
  257. ## If you want to use a different method,
  258. ## comment this line and enable the correct ones.
  259. ##
  260. auth_method: internal
  261. ##
  262. ## Store the plain passwords or hashed for SCRAM:
  263. ## auth_password_format: plain
  264. ## auth_password_format: scram
  265. ##
  266. ## Define the FQDN if ejabberd doesn't detect it:
  267. ## fqdn: "server3.example.com"
  268. ##
  269. ## Authentication using external script
  270. ## Make sure the script is executable by ejabberd.
  271. ##
  272. ## auth_method: external
  273. ## extauth_program: "/path/to/authentication/script"
  274. ##
  275. ## Authentication using SQL
  276. ## Remember to setup a database in the next section.
  277. ##
  278. ## auth_method: sql
  279. ##
  280. ## Authentication using PAM
  281. ##
  282. ## auth_method: pam
  283. ## pam_service: "pamservicename"
  284. ##
  285. ## Authentication using LDAP
  286. ##
  287. ## auth_method: ldap
  288. ##
  289. ## List of LDAP servers:
  290. ## ldap_servers:
  291. ## - "localhost"
  292. ##
  293. ## Encryption of connection to LDAP servers:
  294. ## ldap_encrypt: none
  295. ## ldap_encrypt: tls
  296. ##
  297. ## Port to connect to on LDAP servers:
  298. ## ldap_port: 389
  299. ## ldap_port: 636
  300. ##
  301. ## LDAP manager:
  302. ## ldap_rootdn: "dc=example,dc=com"
  303. ##
  304. ## Password of LDAP manager:
  305. ## ldap_password: "******"
  306. ##
  307. ## Search base of LDAP directory:
  308. ## ldap_base: "dc=example,dc=com"
  309. ##
  310. ## LDAP attribute that holds user ID:
  311. ## ldap_uids:
  312. ## - "mail": "%u@mail.example.org"
  313. ##
  314. ## LDAP filter:
  315. ## ldap_filter: "(objectClass=shadowAccount)"
  316. ##
  317. ## Anonymous login support:
  318. ## auth_method: anonymous
  319. ## anonymous_protocol: sasl_anon | login_anon | both
  320. ## allow_multiple_connections: true | false
  321. ##
  322. ## host_config:
  323. ## "public.example.org":
  324. ## auth_method: anonymous
  325. ## allow_multiple_connections: false
  326. ## anonymous_protocol: sasl_anon
  327. ##
  328. ## To use both anonymous and internal authentication:
  329. ##
  330. ## host_config:
  331. ## "public.example.org":
  332. ## auth_method:
  333. ## - internal
  334. ## - anonymous
  335. ###. ==============
  336. ###' DATABASE SETUP
  337. ## ejabberd by default uses the internal Mnesia database,
  338. ## so you do not necessarily need this section.
  339. ## This section provides configuration examples in case
  340. ## you want to use other database backends.
  341. ## Please consult the ejabberd Guide for details on database creation.
  342. ##
  343. ## MySQL server:
  344. ##
  345. ## sql_type: mysql
  346. ## sql_server: "server"
  347. ## sql_database: "database"
  348. ## sql_username: "username"
  349. ## sql_password: "password"
  350. ##
  351. ## If you want to specify the port:
  352. ## sql_port: 1234
  353. ##
  354. ## PostgreSQL server:
  355. ##
  356. ## sql_type: pgsql
  357. ## sql_server: "server"
  358. ## sql_database: "database"
  359. ## sql_username: "username"
  360. ## sql_password: "password"
  361. ##
  362. ## If you want to specify the port:
  363. ## sql_port: 1234
  364. ##
  365. ## If you use PostgreSQL, have a large database, and need a
  366. ## faster but inexact replacement for "select count(*) from users"
  367. ##
  368. ## pgsql_users_number_estimate: true
  369. ##
  370. ## SQLite:
  371. ##
  372. ## sql_type: sqlite
  373. ## sql_database: "/home/ejabberd/database/ejabberd.db"
  374. ##
  375. ## ODBC compatible or MSSQL server:
  376. ##
  377. ## sql_type: odbc
  378. ## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
  379. ##
  380. ## Number of connections to open to the database for each virtual host
  381. ##
  382. ## sql_pool_size: 10
  383. ##
  384. ## Interval to make a dummy SQL request to keep the connections to the
  385. ## database alive. Specify in seconds: for example 28800 means 8 hours
  386. ##
  387. ## sql_keepalive_interval: undefined
  388. ##
  389. ## Use the new SQL schema
  390. ##
  391. ## new_sql_schema: true
  392. ###. ===============
  393. ###' TRAFFIC SHAPERS
  394. shaper:
  395. ##
  396. ## The "normal" shaper limits traffic speed to 1000 B/s
  397. ##
  398. normal: 1000
  399. ##
  400. ## The "fast" shaper limits traffic speed to 50000 B/s
  401. ##
  402. fast: 50000
  403. ##
  404. ## This option specifies the maximum number of elements in the queue
  405. ## of the FSM. Refer to the documentation for details.
  406. ##
  407. max_fsm_queue: 10000
  408. ###. ====================
  409. ###' ACCESS CONTROL LISTS
  410. acl:
  411. ##
  412. ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  413. ## You can put here as many accounts as you want.
  414. ##
  415. admin:
  416. user:
  417. - "admin@localhost"
  418. ##
  419. ## Blocked users
  420. ##
  421. ## blocked:
  422. ## user:
  423. ## - "baduser@example.org"
  424. ## - "test"
  425. ## Local users: don't modify this.
  426. ##
  427. local:
  428. user_regexp: ""
  429. ##
  430. ## More examples of ACLs
  431. ##
  432. ## jabberorg:
  433. ## server:
  434. ## - "jabber.org"
  435. ## aleksey:
  436. ## user:
  437. ## - "aleksey@jabber.ru"
  438. ## test:
  439. ## user_regexp: "^test"
  440. ## user_glob: "test*"
  441. ##
  442. ## Loopback network
  443. ##
  444. loopback:
  445. ip:
  446. - "127.0.0.0/8"
  447. - "::1/128"
  448. - "::FFFF:127.0.0.1/128"
  449. ##
  450. ## Bad XMPP servers
  451. ##
  452. ## bad_servers:
  453. ## server:
  454. ## - "xmpp.zombie.org"
  455. ## - "xmpp.spam.com"
  456. ##
  457. ## Define specific ACLs in a virtual host.
  458. ##
  459. ## host_config:
  460. ## "localhost":
  461. ## acl:
  462. ## admin:
  463. ## user:
  464. ## - "bob-local@localhost"
  465. ###. ============
  466. ###' SHAPER RULES
  467. shaper_rules:
  468. ## Maximum number of simultaneous sessions allowed for a single user:
  469. max_user_sessions: 10
  470. ## Maximum number of offline messages that users can have:
  471. max_user_offline_messages:
  472. - 5000: admin
  473. - 100
  474. ## For C2S connections, all users except admins use the "normal" shaper
  475. c2s_shaper:
  476. - none: admin
  477. - normal
  478. ## All S2S connections use the "fast" shaper
  479. s2s_shaper: fast
  480. ###. ============
  481. ###' ACCESS RULES
  482. access_rules:
  483. ## This rule allows access only for local users:
  484. local:
  485. - allow: local
  486. ## Only non-blocked users can use c2s connections:
  487. c2s:
  488. - deny: blocked
  489. - allow
  490. ## Only admins can send announcement messages:
  491. announce:
  492. - allow: admin
  493. ## Only admins can use the configuration interface:
  494. configure:
  495. - allow: admin
  496. ## Only accounts of the local ejabberd server can create rooms:
  497. muc_create:
  498. - allow: local
  499. ## Only accounts on the local ejabberd server can create Pubsub nodes:
  500. pubsub_createnode:
  501. - allow: local
  502. ## In-band registration allows registration of any possible username.
  503. ## To disable in-band registration, replace 'allow' with 'deny'.
  504. register:
  505. - allow
  506. ## Only allow to register from localhost
  507. trusted_network:
  508. - allow: loopback
  509. ## Do not establish S2S connections with bad servers
  510. ## If you enable this you also have to uncomment "s2s_access: s2s"
  511. ## s2s:
  512. ## - deny:
  513. ## - ip: "XXX.XXX.XXX.XXX/32"
  514. ## - deny:
  515. ## - ip: "XXX.XXX.XXX.XXX/32"
  516. ## - allow
  517. ## ===============
  518. ## API PERMISSIONS
  519. ## ===============
  520. ##
  521. ## This section allows you to define who and using what method
  522. ## can execute commands offered by ejabberd.
  523. ##
  524. ## By default "console commands" section allow executing all commands
  525. ## issued using ejabberdctl command, and "admin access" section allows
  526. ## users in admin acl that connect from 127.0.0.1 to execute all
  527. ## commands except start and stop with any available access method
  528. ## (ejabberdctl, http-api, xmlrpc depending what is enabled on server).
  529. ##
  530. ## If you remove "console commands" there will be one added by
  531. ## default allowing executing all commands, but if you just change
  532. ## permissions in it, version from config file will be used instead
  533. ## of default one.
  534. ##
  535. api_permissions:
  536. "console commands":
  537. from:
  538. - ejabberd_ctl
  539. who: all
  540. what: "*"
  541. "admin access":
  542. who:
  543. - access:
  544. - allow:
  545. - acl: loopback
  546. - acl: admin
  547. - oauth:
  548. - scope: "ejabberd:admin"
  549. - access:
  550. - allow:
  551. - acl: loopback
  552. - acl: admin
  553. what:
  554. - "*"
  555. - "!stop"
  556. - "!start"
  557. "public commands":
  558. who:
  559. - ip: "127.0.0.1/8"
  560. what:
  561. - "status"
  562. - "connected_users_number"
  563. ## By default the frequency of account registrations from the same IP
  564. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
  565. ## registration_timeout: 600
  566. ##
  567. ## Define specific Access Rules in a virtual host.
  568. ##
  569. ## host_config:
  570. ## "localhost":
  571. ## access:
  572. ## c2s:
  573. ## - allow: admin
  574. ## - deny
  575. ## register:
  576. ## - deny
  577. ###. ================
  578. ###' DEFAULT LANGUAGE
  579. ##
  580. ## language: Default language used for server messages.
  581. ##
  582. language: "en"
  583. ##
  584. ## Set a different default language in a virtual host.
  585. ##
  586. ## host_config:
  587. ## "localhost":
  588. ## language: "ru"
  589. ###. =======
  590. ###' CAPTCHA
  591. ##
  592. ## Full path to a script that generates the image.
  593. ##
  594. ## captcha_cmd: "/home/ejabberd/lib/ejabberd-xx.yy/priv/bin/captcha.sh"
  595. ##
  596. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
  597. ##
  598. ## captcha_host: "example.org:5280"
  599. ##
  600. ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
  601. ##
  602. ## captcha_limit: 5
  603. ###. ====
  604. ###' ACME
  605. ##
  606. ## In order to use the acme certificate acquiring through "Let's Encrypt"
  607. ## an http listener has to be configured to listen to port 80 so that
  608. ## the authorization challenges posed by "Let's Encrypt" can be solved.
  609. ##
  610. ## A simple way of doing this would be to add the following in the listening
  611. ## section and to configure port forwarding from 80 to 5280 either via NAT
  612. ## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc.
  613. ## -
  614. ## port: 5280
  615. ## ip: "::"
  616. ## module: ejabberd_http
  617. acme:
  618. ## A contact mail that the ACME Certificate Authority can contact in case of
  619. ## an authorization issue, such as a server-initiated certificate revocation.
  620. ## It is not mandatory to provide an email address but it is highly suggested.
  621. contact: "mailto:example-admin@example.com"
  622. ## The ACME Certificate Authority URL.
  623. ## This could either be:
  624. ## - https://acme-v01.api.letsencrypt.org - (Default) for the production CA
  625. ## - https://acme-staging.api.letsencrypt.org - for the staging CA
  626. ## - http://localhost:4000 - for a local version of the CA
  627. ca_url: "https://acme-v01.api.letsencrypt.org"
  628. ###. =======
  629. ###' MODULES
  630. ##
  631. ## Modules enabled in all ejabberd virtual hosts.
  632. ##
  633. modules:
  634. mod_adhoc: {}
  635. mod_admin_extra: {}
  636. mod_announce: # recommends mod_adhoc
  637. access: announce
  638. mod_blocking: {} # requires mod_privacy
  639. mod_caps: {}
  640. mod_carboncopy: {}
  641. mod_client_state: {}
  642. mod_configure: {} # requires mod_adhoc
  643. ## mod_delegation: {} # for xep0356
  644. mod_disco: {}
  645. ## mod_echo: {}
  646. ## mod_irc: {}
  647. mod_bosh: {}
  648. ## mod_http_fileserver:
  649. ## docroot: "/var/www"
  650. ## accesslog: "/home/ejabberd/logs/access.log"
  651. ## mod_http_upload:
  652. ## # docroot: "@HOME@/upload"
  653. ## put_url: "https://@HOST@:5444"
  654. ## thumbnail: false # otherwise needs ejabberd to be compiled with libgd support
  655. ## mod_http_upload_quota:
  656. ## max_days: 30
  657. mod_last: {}
  658. ## XEP-0313: Message Archive Management
  659. ## You might want to setup a SQL backend for MAM because the mnesia database is
  660. ## limited to 2GB which might be exceeded on large servers
  661. ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
  662. mod_muc:
  663. ## host: "conference.@HOST@"
  664. access:
  665. - allow
  666. access_admin:
  667. - allow: admin
  668. access_create: muc_create
  669. access_persistent: muc_create
  670. mod_muc_admin: {}
  671. ## mod_muc_log: {}
  672. ## mod_multicast: {}
  673. mod_offline:
  674. access_max_user_messages: max_user_offline_messages
  675. mod_ping: {}
  676. ## mod_pres_counter:
  677. ## count: 5
  678. ## interval: 60
  679. mod_privacy: {}
  680. mod_private: {}
  681. ## mod_proxy65: {}
  682. mod_pubsub:
  683. access_createnode: pubsub_createnode
  684. ## reduces resource comsumption, but XEP incompliant
  685. ignore_pep_from_offline: true
  686. ## XEP compliant, but increases resource comsumption
  687. ## ignore_pep_from_offline: false
  688. last_item_cache: false
  689. max_items_node: 10
  690. plugins:
  691. - "flat"
  692. - "pep" # pep requires mod_caps
  693. force_node_config:
  694. ## Avoid using OMEMO by default because it
  695. ## introduces a lot of hard-to-track problems
  696. "eu.siacs.conversations.axolotl.*":
  697. access_model: whitelist
  698. ## Avoid buggy clients to make their bookmarks public
  699. "storage:bookmarks":
  700. access_model: whitelist
  701. mod_push: {}
  702. mod_push_keepalive: {}
  703. mod_register:
  704. ##
  705. ## Protect In-Band account registrations with CAPTCHA.
  706. ##
  707. ## captcha_protected: true
  708. ##
  709. ## Set the minimum informational entropy for passwords.
  710. ##
  711. ## password_strength: 32
  712. ##
  713. ## After successful registration, the user receives
  714. ## a message with this subject and body.
  715. ##
  716. welcome_message:
  717. subject: "Welcome!"
  718. body: |-
  719. Hi.
  720. Welcome to this XMPP server.
  721. ##
  722. ## When a user registers, send a notification to
  723. ## these XMPP accounts.
  724. ##
  725. ## registration_watchers:
  726. ## - "admin1@example.org"
  727. ##
  728. ## Only clients in the server machine can register accounts
  729. ##
  730. ip_access: trusted_network
  731. ##
  732. ## Local c2s or remote s2s users cannot register accounts
  733. ##
  734. ## access_from: deny
  735. access: register
  736. mod_roster: {}
  737. mod_shared_roster: {}
  738. ## mod_stats: {}
  739. ## mod_time: {}
  740. mod_vcard:
  741. search: false
  742. mod_vcard_xupdate: {}
  743. mod_avatar: {}
  744. mod_version: {}
  745. mod_stream_mgmt: {}
  746. ## Non-SASL Authentication (XEP-0078) is now disabled by default
  747. ## because it's obsoleted and is used mostly by abandoned
  748. ## client software
  749. ## mod_legacy_auth: {}
  750. ## The module for S2S dialback (XEP-0220). Please note that you cannot
  751. ## rely solely on dialback if you want to federate with other servers,
  752. ## because a lot of servers have dialback disabled and instead rely on
  753. ## PKIX authentication. Make sure you have proper certificates installed
  754. ## and check your accessibility at https://check.messaging.one/
  755. mod_s2s_dialback: {}
  756. mod_http_api: {}
  757. mod_fail2ban: {}
  758. ##
  759. ## Enable modules with custom options in a specific virtual host
  760. ##
  761. ## host_config:
  762. ## "localhost":
  763. ## modules:
  764. ## mod_echo:
  765. ## host: "mirror.localhost"
  766. ##
  767. ## Enable modules management via ejabberdctl for installation and
  768. ## uninstallation of public/private contributed modules
  769. ## (enabled by default)
  770. ##
  771. allow_contrib_modules: true
  772. ###.
  773. ###'
  774. ### Local Variables:
  775. ### mode: yaml
  776. ### End:
  777. ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: