diff --git a/seqs/ejabberd.sh b/seqs/ejabberd.sh index da39151..e49191c 100755 --- a/seqs/ejabberd.sh +++ b/seqs/ejabberd.sh @@ -2,6 +2,7 @@ toolName=ejabberd toolConfLoc="/etc/ejabberd/ejabberd.yml" +toolAdminConf="/etc/ejabberd/ejabberdctl.cfg" # for http upload toolStorageLoc="/var/ejabberd" certRoot="/etc/letsencrypt" @@ -14,15 +15,15 @@ myPass= step_1_info() { echo "Install $toolName via apt"; } step_1_alias() { ALIAS="install"; } step_1() { - exe apt update - exe apt install -y $toolName - exe systemctl stop $toolName + exe apt update + exe apt install -y $toolName + exe systemctl stop $toolName } step_2_info() { echo "Use certificate from local letsencrypt"; } step_2() { readDomain - + local certLoc="${certRoot}/${myDomain}/full.pem" if [ ! -f "$certLoc" ] ; then echo "[ERROR] $certLoc not found" @@ -57,12 +58,13 @@ step_3() { # create storage for http upload exe mkdir -p "$toolStorageLoc" exe chown root:$toolName "$toolStorageLoc" - exe chmod 770 "$toolStorageLoc" + exe chmod 770 "$toolStorageLoc" fi + # Erlang-VM to listen only on local interface + exe sed -i "s/#\(INET_DIST_INTERFACE=127\.0\.0\.1\)/\1/" "$toolAdminConf" } -MissingConfEntry="\ -Seq's basic configuration file \"$SEQDIR/ejabberd.yml\" missing. +MissingConfEntry="Seq's basic configuration file \"$SEQDIR/ejabberd.yml\" missing. Backup $toolConfLoc and create a configuration manually. Some essential settings needed: diff --git a/seqs/ejabberd.yml b/seqs/ejabberd.yml index 9b752d4..cb28e53 100644 --- a/seqs/ejabberd.yml +++ b/seqs/ejabberd.yml @@ -1,4 +1,5 @@ -loglevel: 3 +loglevel: 3 +hide_sensitive_log_data: true log_rotate_size: 0 log_rotate_date: "" @@ -18,18 +19,19 @@ listen: ## file and uncomment these lines: ## certfile: "/etc/ejabberd/ejabberd.pem" - starttls: true + ## starttls: true ## ## To enforce TLS encryption for client connections, ## use this instead of the "starttls" option: ## - ## starttls_required: true + starttls_required: true ## ## Custom OpenSSL options ## protocol_options: - "no_sslv3" - ## - "no_tlsv1" + - "no_tlsv1" + - "no_tlsv1_1" max_stanza_size: 65536 shaper: c2s_shaper access: c2s @@ -67,14 +69,16 @@ listen: ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text ## password storage (see auth_password_format option). -disable_sasl_mechanisms: "digest-md5" - -s2s_use_starttls: optional +disable_sasl_mechanisms: + - "digest-md5" + - "x-oauth2" +s2s_use_starttls: required s2s_certfile: "/etc/ejabberd/ejabberd.pem" - s2s_protocol_options: - "no_sslv3" + - "no_tlsv1" + - "no_tlsv1_1" outgoing_s2s_families: - ipv4 @@ -84,6 +88,22 @@ outgoing_s2s_timeout: 10000 auth_method: internal auth_password_format: scram +###. =============== +###' DATABASE _SETUP + +### MySQL server: +### +#sql_type: mysql +#sql_server: "localhost" +#sql_database: "db_name" +#sql_username: "db_user" +#sql_password: "db_pass" +## Keepalive in seconds +#sql_keepalive_interval: 28800 +#sql_pool_size: 5 + +###. =============== +###' TRAFFIC SHAPERS shaper: ## ## The "normal" shaper limits traffic speed to 1000 B/s @@ -176,7 +196,13 @@ modules: mod_client_state: {} mod_configure: {} # requires mod_adhoc ##mod_delegation: {} # for xep0356 - mod_disco: {} + mod_disco: + server_info: + - + modules: all + name: "abuse-addresses" + urls: + - "mailto:jabberadmin@mydomain.eu" mod_echo: {} mod_irc: {} mod_http_bind: {} @@ -224,7 +250,7 @@ modules: - "flat" - "hometree" - "pep" # pep requires mod_caps - ## mod_register: + mod_register: ## ## Protect In-Band account registrations with CAPTCHA. ## @@ -257,6 +283,9 @@ modules: ## ## access_from: deny ## access: register + + # No registration, but allow existing accounts to change password + access: none mod_roster: versioning: true mod_shared_roster: {} @@ -264,7 +293,8 @@ modules: mod_time: {} mod_vcard: search: false - mod_version: {} + mod_version: + show_os: false ## ## Enable modules with custom options in a specific virtual host