123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931 |
- ###
- ###' ejabberd configuration file
- ###
- ###
- ### The parameters used in this configuration file are explained in more detail
- ### in the ejabberd Installation and Operation Guide.
- ### Please consult the Guide in case of doubts, it is included with
- ### your copy of ejabberd, and is also available online at
- ### http://www.process-one.net/en/ejabberd/docs/
- ### The configuration file is written in YAML.
- ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
- ### However, ejabberd treats different literals as different types:
- ###
- ### - unquoted or single-quoted strings. They are called "atoms".
- ### Example: dog, 'Jupiter', '3.14159', YELLOW
- ###
- ### - numeric literals. Example: 3, -45.0, .0
- ###
- ### - quoted or folded strings.
- ### Examples of quoted string: "Lizzard", "orange".
- ### Example of folded string:
- ### > Art thou not Romeo,
- ### and a Montague?
- ###. =======
- ###' LOGGING
- ##
- ## loglevel: Verbosity of log files generated by ejabberd.
- ## 0: No ejabberd log at all (not recommended)
- ## 1: Critical
- ## 2: Error
- ## 3: Warning
- ## 4: Info
- ## 5: Debug
- ##
- loglevel: 4
- ##
- ## rotation: Describe how to rotate logs. Either size and/or date can trigger
- ## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
- ## does not disable rotation, it instead rotates the file and keeps no previous
- ## versions around. Setting size to X rotate log when it reaches X bytes.
- ## To disable rotation set the size to 0 and the date to ""
- ## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
- ## Some examples:
- ## $D0 rotate every night at midnight
- ## $D23 rotate every day at 23:00 hr
- ## $W0D23 rotate every week on Sunday at 23:00 hr
- ## $W5D16 rotate every week on Friday at 16:00 hr
- ## $M1D0 rotate on the first day of every month at midnight
- ## $M5D6 rotate on every 5th day of the month at 6:00 hr
- ##
- log_rotate_size: 1048576
- log_rotate_date: ""
- log_rotate_count: 0
- ##
- ## overload protection: If you want to limit the number of messages per second
- ## allowed from error_logger, which is a good idea if you want to avoid a flood
- ## of messages when system is overloaded, you can set a limit.
- ## 100 is ejabberd's default.
- log_rate_limit: 100
- ##
- ## watchdog_admins: Only useful for developers: if an ejabberd process
- ## consumes a lot of memory, send live notifications to these XMPP
- ## accounts.
- ##
- ## watchdog_admins:
- ## - "bob@example.com"
- ###. ===============
- ###' NODE PARAMETERS
- ##
- ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
- ## identical value on all nodes, and in most cases shouldn't be changed at all from
- ## default value.
- ##
- ## net_ticktime: 60
- ###. ================
- ###' SERVED HOSTNAMES
- ##
- ## hosts: Domains served by ejabberd.
- ## You can define one or several, for example:
- ## hosts:
- ## - "example.net"
- ## - "example.com"
- ## - "example.org"
- ##
- hosts:
- - "im.s-up.net"
- # - "localhost"
- ##
- ## route_subdomains: Delegate subdomains to other XMPP servers.
- ## For example, if this ejabberd serves example.org and you want
- ## to allow communication with an XMPP server called im.example.org.
- ##
- ## route_subdomains: s2s
- ###. ============
- ###' Certificates
- ## List all available PEM files containing certificates for your domains,
- ## chains of certificates or certificate keys. Full chains will be built
- ## automatically by ejabberd.
- ##
- certfiles:
- - "/home/ejabberd/ssl/*.pem"
- # - "/home/ejabberd/conf/server.pem"
- ## - "/etc/letsencrypt/live/example.org/*.pem"
- ## - "/etc/letsencrypt/live/example.com/*.pem"
- ca_file: "/home/ejabberd/conf/cacert.pem"
- ###. =================
- ###' TLS configuration
- ## Note that the following configuration is the default
- ## configuration of the TLS driver, so you don't need to
- ## uncomment it.
- ##
- ## define_macro:
- ## 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
- ## 'TLS_OPTIONS':
- ## - "no_sslv3"
- ## - "cipher_server_preference"
- ## - "no_compression"
- ## 'DH_FILE': "/home/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
- ##
- ## c2s_dhfile: 'DH_FILE'
- ## s2s_dhfile: 'DH_FILE'
- ## c2s_ciphers: 'TLS_CIPHERS'
- c2s_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256"
- ## s2s_ciphers: 'TLS_CIPHERS'
- s2s_ciphers: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
- ## c2s_protocol_options: 'TLS_OPTIONS'
- c2s_protocol_options:
- - "no_sslv2"
- - "no_sslv3"
- - "no_tlsv1"
- - "no_tlsv1_1"
- ## s2s_protocol_options: 'TLS_OPTIONS'
- s2s_protocol_options:
- - "no_sslv2"
- - "no_sslv3"
- ###. ===============
- ###' LISTENING PORTS
- ##
- ## listen: The ports ejabberd will listen on, which service each is handled
- ## by and what options to start it with.
- ##
- listen:
- -
- port: 8080
- ip: "::"
- module: ejabberd_http
- request_handlers:
- "": mod_http_fileserver
- -
- port: 5223
- ip: "::"
- module: ejabberd_c2s
- tls: true
- max_stanza_size: 65536
- shaper: c2s_shaper
- access: c2s
- -
- port: 5347
- ip: "::"
- module: ejabberd_service
- access: all
- hosts:
- "irc.im.s-up.net":
- password: "secret"
- -
- port: 5443
- protocol_options:
- - "no_sslv2"
- - "no_sslv3"
- - "no_tlsv1"
- - "no_tlsv1_1"
- ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256"
- ip: "::"
- module: ejabberd_http
- request_handlers:
- "": mod_http_upload
- tls: true
- -
- port: 5222
- ip: "::"
- module: ejabberd_c2s
- starttls: true
- ##
- ## To enforce TLS encryption for client connections,
- ## use this instead of the "starttls" option:
- ##
- ## starttls_required: true
- starttls_required: true
- ##
- ## Stream compression
- ##
- ## zlib: true
- ##
- max_stanza_size: 65536
- #shaper: c2s_shaper
- access: c2s
- -
- port: 5269
- ip: "::"
- module: ejabberd_s2s_in
- max_stanza_size: 131072
- shaper: s2s_shaper
- -
- port: 5280
- protocol_options:
- - "no_sslv2"
- - "no_sslv3"
- - "no_tlsv1"
- - "no_tlsv1_1"
- ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256"
- ip: "::"
- module: ejabberd_http
- tls: true
- request_handlers:
- "/ws": ejabberd_http_ws
- "/bosh": mod_bosh
- "/": mod_http_fileserver
- http_bind: true
- ## "/oauth": ejabberd_oauth
- ## "/api": mod_http_api
- ## "/pub/archive": mod_http_fileserver
- # web_admin: true
- ## register: true
- captcha: false
- ##
- ## ejabberd_service: Interact with external components (transports, ...)
- ##
- ## -
- ## port: 8888
- ## ip: "::"
- ## module: ejabberd_service
- ## access: all
- ## shaper_rule: fast
- ## ip: "127.0.0.1"
- ## privilege_access:
- ## roster: "both"
- ## message: "outgoing"
- ## presence: "roster"
- ## delegations:
- ## "urn:xmpp:mam:1":
- ## filtering: ["node"]
- ## "http://jabber.org/protocol/pubsub":
- ## filtering: []
- ## hosts:
- ## "icq.example.org":
- ## password: "secret"
- ## "sms.example.org":
- ## password: "secret"
- ##
- ## ejabberd_stun: Handles STUN Binding requests
- ##
- -
- port: 3478
- transport: udp
- module: ejabberd_stun
- ##
- ## To handle XML-RPC requests that provide admin credentials:
- ##
- ## -
- ## port: 4560
- ## ip: "::"
- ## module: ejabberd_xmlrpc
- ## maxsessions: 10
- ## timeout: 5000
- ## access_commands:
- ## admin:
- ## commands: all
- ## options: []
- ##
- ## To enable secure http upload
- ##
- ## -
- ## port: 5444
- ## ip: "::"
- ## module: ejabberd_http
- ## request_handlers:
- ## "": mod_http_upload
- ## tls: true
- ## protocol_options: 'TLS_OPTIONS'
- ## dhfile: 'DH_FILE'
- ## ciphers: 'TLS_CIPHERS'
- ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
- ## password storage (see auth_password_format option).
- ## disable_sasl_mechanisms: "digest-md5"
- ###. ==================
- ###' S2S GLOBAL OPTIONS
- ##
- ## s2s_use_starttls: Enable STARTTLS for S2S connections.
- ## Allowed values are: false, optional or required
- ## You must specify 'certfiles' option
- ##
- s2s_use_starttls: optional
- ##
- ## S2S whitelist or blacklist
- ##
- ## Default s2s policy for undefined hosts.
- ##
- ## s2s_access: s2s
- ##
- ## Outgoing S2S options
- ##
- ## Preferred address families (which to try first) and connect timeout
- ## in seconds.
- ##
- ## outgoing_s2s_families:
- ## - ipv4
- ## - ipv6
- ## outgoing_s2s_timeout: 190
- ###. ==============
- ###' AUTHENTICATION
- ##
- ## auth_method: Method used to authenticate the users.
- ## The default method is the internal.
- ## If you want to use a different method,
- ## comment this line and enable the correct ones.
- ##
- auth_method: internal
- ##
- ## Store the plain passwords or hashed for SCRAM:
- ## auth_password_format: plain
- ## auth_password_format: scram
- ##
- ## Define the FQDN if ejabberd doesn't detect it:
- ## fqdn: "server3.example.com"
- ##
- ## Authentication using external script
- ## Make sure the script is executable by ejabberd.
- ##
- ## auth_method: external
- ## extauth_program: "/path/to/authentication/script"
- ##
- ## Authentication using SQL
- ## Remember to setup a database in the next section.
- ##
- ## auth_method: sql
- ##
- ## Authentication using PAM
- ##
- ## auth_method: pam
- ## pam_service: "pamservicename"
- ##
- ## Authentication using LDAP
- ##
- ## auth_method: ldap
- ##
- ## List of LDAP servers:
- ## ldap_servers:
- ## - "localhost"
- ##
- ## Encryption of connection to LDAP servers:
- ## ldap_encrypt: none
- ## ldap_encrypt: tls
- ##
- ## Port to connect to on LDAP servers:
- ## ldap_port: 389
- ## ldap_port: 636
- ##
- ## LDAP manager:
- ## ldap_rootdn: "dc=example,dc=com"
- ##
- ## Password of LDAP manager:
- ## ldap_password: "******"
- ##
- ## Search base of LDAP directory:
- ## ldap_base: "dc=example,dc=com"
- ##
- ## LDAP attribute that holds user ID:
- ## ldap_uids:
- ## - "mail": "%u@mail.example.org"
- ##
- ## LDAP filter:
- ## ldap_filter: "(objectClass=shadowAccount)"
- ##
- ## Anonymous login support:
- ## auth_method: anonymous
- ## anonymous_protocol: sasl_anon | login_anon | both
- ## allow_multiple_connections: true | false
- ##
- ## host_config:
- ## "public.example.org":
- ## auth_method: anonymous
- ## allow_multiple_connections: false
- ## anonymous_protocol: sasl_anon
- ##
- ## To use both anonymous and internal authentication:
- ##
- ## host_config:
- ## "public.example.org":
- ## auth_method:
- ## - internal
- ## - anonymous
- ###. ==============
- ###' DATABASE SETUP
- ## ejabberd by default uses the internal Mnesia database,
- ## so you do not necessarily need this section.
- ## This section provides configuration examples in case
- ## you want to use other database backends.
- ## Please consult the ejabberd Guide for details on database creation.
- ##
- ## MySQL server:
- ##
- ## sql_type: mysql
- ## sql_server: "server"
- ## sql_database: "database"
- ## sql_username: "username"
- ## sql_password: "password"
- ##
- ## If you want to specify the port:
- ## sql_port: 1234
- ##
- ## PostgreSQL server:
- ##
- ## sql_type: pgsql
- ## sql_server: "server"
- ## sql_database: "database"
- ## sql_username: "username"
- ## sql_password: "password"
- ##
- ## If you want to specify the port:
- ## sql_port: 1234
- ##
- ## If you use PostgreSQL, have a large database, and need a
- ## faster but inexact replacement for "select count(*) from users"
- ##
- ## pgsql_users_number_estimate: true
- ##
- ## SQLite:
- ##
- ## sql_type: sqlite
- ## sql_database: "/home/ejabberd/database/ejabberd.db"
- ##
- ## ODBC compatible or MSSQL server:
- ##
- ## sql_type: odbc
- ## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
- ##
- ## Number of connections to open to the database for each virtual host
- ##
- ## sql_pool_size: 10
- ##
- ## Interval to make a dummy SQL request to keep the connections to the
- ## database alive. Specify in seconds: for example 28800 means 8 hours
- ##
- ## sql_keepalive_interval: undefined
- ##
- ## Use the new SQL schema
- ##
- ## new_sql_schema: true
- ###. ===============
- ###' TRAFFIC SHAPERS
- shaper:
- ##
- ## The "normal" shaper limits traffic speed to 1000 B/s
- ##
- #normal: 1000
- normal: 1000000
- ##
- ## The "fast" shaper limits traffic speed to 50000 B/s
- ##
- #fast: 50000
- fast: 1000000
- ##
- ## This option specifies the maximum number of elements in the queue
- ## of the FSM. Refer to the documentation for details.
- ##
- max_fsm_queue: 10000
- ###. ====================
- ###' ACCESS CONTROL LISTS
- acl:
- ##
- ## The 'admin' ACL grants administrative privileges to XMPP accounts.
- ## You can put here as many accounts as you want.
- ##
- admin:
- user:
- - "admin@localhost"
- - "ircadmin@im.s-up.net"
- ##
- ## Blocked users
- ##
- ## blocked:
- ## user:
- ## - "baduser@example.org"
- ## - "test"
- ## Local users: don't modify this.
- ##
- local:
- user_regexp: ""
- ##
- ## More examples of ACLs
- ##
- ## jabberorg:
- ## server:
- ## - "jabber.org"
- ## aleksey:
- ## user:
- ## - "aleksey@jabber.ru"
- ## test:
- ## user_regexp: "^test"
- ## user_glob: "test*"
- ##
- ## Loopback network
- ##
- loopback:
- ip:
- - "127.0.0.0/8"
- - "::1/128"
- - "::FFFF:127.0.0.1/128"
- ##
- ## Bad XMPP servers
- ##
- ## bad_servers:
- ## server:
- ## - "xmpp.zombie.org"
- ## - "xmpp.spam.com"
- ##
- ## Define specific ACLs in a virtual host.
- ##
- ## host_config:
- ## "localhost":
- ## acl:
- ## admin:
- ## user:
- ## - "bob-local@localhost"
- ###. ============
- ###' SHAPER RULES
- shaper_rules:
- ## Maximum number of simultaneous sessions allowed for a single user:
- max_user_sessions: 10
- ## Maximum number of offline messages that users can have:
- max_user_offline_messages:
- - 5000: admin
- - 100
- ## For C2S connections, all users except admins use the "normal" shaper
- # c2s_shaper:
- # - none: admin
- # - normal
- ## All S2S connections use the "fast" shaper
- s2s_shaper: fast
- ###. ============
- ###' ACCESS RULES
- access_rules:
- ## This rule allows access only for local users:
- local:
- - allow: local
- ## Only non-blocked users can use c2s connections:
- c2s:
- - deny: blocked
- - allow
- ## Only admins can send announcement messages:
- announce:
- - allow: admin
- ## Only admins can use the configuration interface:
- configure:
- - allow: admin
- ## Only accounts of the local ejabberd server can create rooms:
- muc_create:
- - allow: local
- ## Only accounts on the local ejabberd server can create Pubsub nodes:
- pubsub_createnode:
- - allow: local
- ## In-band registration allows registration of any possible username.
- ## To disable in-band registration, replace 'allow' with 'deny'.
- register:
- - allow
- ## Only allow to register from localhost
- trusted_network:
- - allow: loopback
- ## Do not establish S2S connections with bad servers
- ## If you enable this you also have to uncomment "s2s_access: s2s"
- ## s2s:
- ## - deny:
- ## - ip: "XXX.XXX.XXX.XXX/32"
- ## - deny:
- ## - ip: "XXX.XXX.XXX.XXX/32"
- ## - allow
- ## ===============
- ## API PERMISSIONS
- ## ===============
- ##
- ## This section allows you to define who and using what method
- ## can execute commands offered by ejabberd.
- ##
- ## By default "console commands" section allow executing all commands
- ## issued using ejabberdctl command, and "admin access" section allows
- ## users in admin acl that connect from 127.0.0.1 to execute all
- ## commands except start and stop with any available access method
- ## (ejabberdctl, http-api, xmlrpc depending what is enabled on server).
- ##
- ## If you remove "console commands" there will be one added by
- ## default allowing executing all commands, but if you just change
- ## permissions in it, version from config file will be used instead
- ## of default one.
- ##
- api_permissions:
- "console commands":
- from:
- - ejabberd_ctl
- who: all
- what: "*"
- "admin access":
- who:
- - access:
- - allow:
- - acl: loopback
- - acl: admin
- - oauth:
- - scope: "ejabberd:admin"
- - access:
- - allow:
- - acl: loopback
- - acl: admin
- what:
- - "*"
- - "!stop"
- - "!start"
- "public commands":
- who:
- - ip: "127.0.0.1/8"
- what:
- - "status"
- - "connected_users_number"
- ## By default the frequency of account registrations from the same IP
- ## is limited to 1 account every 10 minutes. To disable, specify: infinity
- ## registration_timeout: 600
-
- ##
- ## Define specific Access Rules in a virtual host.
- ##
- ## host_config:
- ## "localhost":
- ## access:
- ## c2s:
- ## - allow: admin
- ## - deny
- ## register:
- ## - deny
- ###. ================
- ###' DEFAULT LANGUAGE
- ##
- ## language: Default language used for server messages.
- ##
- language: "en"
- ##
- ## Set a different default language in a virtual host.
- ##
- ## host_config:
- ## "localhost":
- ## language: "ru"
- ###. =======
- ###' CAPTCHA
- ##
- ## Full path to a script that generates the image.
- ##
- ## captcha_cmd: "/home/ejabberd/lib/ejabberd-xx.yy/priv/bin/captcha.sh"
- ##
- ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
- ##
- ## captcha_host: "example.org:5280"
- ##
- ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
- ##
- ## captcha_limit: 5
- ###. ====
- ###' ACME
- ##
- ## In order to use the acme certificate acquiring through "Let's Encrypt"
- ## an http listener has to be configured to listen to port 80 so that
- ## the authorization challenges posed by "Let's Encrypt" can be solved.
- ##
- ## A simple way of doing this would be to add the following in the listening
- ## section and to configure port forwarding from 80 to 5280 either via NAT
- ## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc.
- ## -
- ## port: 5280
- ## ip: "::"
- ## module: ejabberd_http
- acme:
- ## A contact mail that the ACME Certificate Authority can contact in case of
- ## an authorization issue, such as a server-initiated certificate revocation.
- ## It is not mandatory to provide an email address but it is highly suggested.
- contact: "mailto:example-admin@example.com"
- ## The ACME Certificate Authority URL.
- ## This could either be:
- ## - https://acme-v01.api.letsencrypt.org - (Default) for the production CA
- ## - https://acme-staging.api.letsencrypt.org - for the staging CA
- ## - http://localhost:4000 - for a local version of the CA
- ca_url: "https://acme-v01.api.letsencrypt.org"
- ###. =======
- ###' MODULES
- ##
- ## Modules enabled in all ejabberd virtual hosts.
- ##
- modules:
- mod_adhoc: {}
- mod_admin_extra: {}
- mod_announce: # recommends mod_adhoc
- access: announce
- mod_blocking: {} # requires mod_privacy
- mod_caps: {}
- mod_carboncopy: {}
- mod_client_state: {}
- mod_configure: {} # requires mod_adhoc
- ## mod_delegation: {} # for xep0356
- mod_disco: {}
- mod_stun_disco: {}
- ## mod_echo: {}
- ## mod_irc: {}
- mod_bosh: {}
- mod_http_fileserver:
- default_content_type: "text/html"
- docroot: "/var/www/"
- directory_indices:
- - "index.html"
- ## docroot: "/var/www"
- ## accesslog: "/home/ejabberd/logs/access.log"
- mod_http_upload:
- put_url: "https://@HOST@:5443/upload"
- thumbnail: false # otherwise needs ejabberd to be compiled with libgd support
- max_size: 524288 # 5MB
- mod_http_upload_quota:
- max_days: 3
- mod_last: {}
- ## XEP-0313: Message Archive Management
- ## You might want to setup a SQL backend for MAM because the mnesia database is
- ## limited to 2GB which might be exceeded on large servers
- ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
- mod_mam: {}
- mod_muc:
- ## host: "conference.@HOST@"
- access:
- - allow
- access_admin:
- - allow: admin
- access_create: muc_create
- access_persistent: muc_create
- mod_muc_admin: {}
- ## mod_muc_log: {}
- ## mod_multicast: {}
- mod_offline:
- access_max_user_messages: max_user_offline_messages
- mod_ping: {}
- ## mod_pres_counter:
- ## count: 5
- ## interval: 60
- mod_privacy: {}
- mod_private: {}
- mod_proxy65: {}
- mod_pubsub:
- access_createnode: pubsub_createnode
- ## reduces resource comsumption, but XEP incompliant
- ignore_pep_from_offline: true
- ## XEP compliant, but increases resource comsumption
- ## ignore_pep_from_offline: false
- last_item_cache: false
- max_items_node: 10
- plugins:
- - "flat"
- - "pep" # pep requires mod_caps
- force_node_config:
- # ## Avoid using OMEMO by default because it
- # ## introduces a lot of hard-to-track problems
- # "eu.siacs.conversations.axolotl.*":
- # access_model: whitelist
- ## Avoid buggy clients to make their bookmarks public
- "storage:bookmarks":
- access_model: whitelist
- mod_push: {}
- mod_push_keepalive: {}
- mod_register:
- ##
- ## Protect In-Band account registrations with CAPTCHA.
- ##
- ## captcha_protected: true
- ##
- ## Set the minimum informational entropy for passwords.
- ##
- ## password_strength: 32
- ##
- ## After successful registration, the user receives
- ## a message with this subject and body.
- ##
- welcome_message:
- subject: "Welcome!"
- body: |-
- Hi.
- Welcome to this XMPP server.
- ##
- ## When a user registers, send a notification to
- ## these XMPP accounts.
- ##
- ## registration_watchers:
- ## - "admin1@example.org"
- ##
- ## Only clients in the server machine can register accounts
- ##
- ip_access: trusted_network
- ##
- ## Local c2s or remote s2s users cannot register accounts
- ##
- ## access_from: deny
- access: register
- # mod_roster: {}
- mod_roster:
- versioning: true
- mod_shared_roster: {}
- ## mod_stats: {}
- ## mod_time: {}
- mod_vcard:
- search: false
- mod_vcard_xupdate: {}
- mod_avatar: {}
- mod_version: {}
- mod_stream_mgmt: {}
- ## Non-SASL Authentication (XEP-0078) is now disabled by default
- ## because it's obsoleted and is used mostly by abandoned
- ## client software
- ## mod_legacy_auth: {}
- ## The module for S2S dialback (XEP-0220). Please note that you cannot
- ## rely solely on dialback if you want to federate with other servers,
- ## because a lot of servers have dialback disabled and instead rely on
- ## PKIX authentication. Make sure you have proper certificates installed
- ## and check your accessibility at https://check.messaging.one/
- mod_s2s_dialback: {}
- mod_http_api: {}
- mod_fail2ban: {}
- ##
- ## Enable modules with custom options in a specific virtual host
- ##
- ## host_config:
- ## "localhost":
- ## modules:
- ## mod_echo:
- ## host: "mirror.localhost"
- ##
- ## Enable modules management via ejabberdctl for installation and
- ## uninstallation of public/private contributed modules
- ## (enabled by default)
- ##
- allow_contrib_modules: true
- ###.
- ###'
- ### Local Variables:
- ### mode: yaml
- ### End:
- ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
|