Martin Winkler
5f662828a2
- Publish abbuse addresse using mod_disco Allow users to change password with client - ...
322 lines
7.3 KiB
YAML
322 lines
7.3 KiB
YAML
loglevel: 3
|
|
hide_sensitive_log_data: true
|
|
|
|
log_rotate_size: 0
|
|
log_rotate_date: ""
|
|
log_rate_limit: 100
|
|
|
|
hosts:
|
|
- "mydomain.eu"
|
|
|
|
listen:
|
|
-
|
|
port: 5222
|
|
ip: "::"
|
|
module: ejabberd_c2s
|
|
##
|
|
## If TLS is compiled in and you installed a SSL
|
|
## certificate, specify the full path to the
|
|
## file and uncomment these lines:
|
|
##
|
|
certfile: "/etc/ejabberd/ejabberd.pem"
|
|
## starttls: true
|
|
##
|
|
## To enforce TLS encryption for client connections,
|
|
## use this instead of the "starttls" option:
|
|
##
|
|
starttls_required: true
|
|
##
|
|
## Custom OpenSSL options
|
|
##
|
|
protocol_options:
|
|
- "no_sslv3"
|
|
- "no_tlsv1"
|
|
- "no_tlsv1_1"
|
|
max_stanza_size: 65536
|
|
shaper: c2s_shaper
|
|
access: c2s
|
|
zlib: true
|
|
resend_on_timeout: if_offline
|
|
-
|
|
port: 5269
|
|
ip: "::"
|
|
module: ejabberd_s2s_in
|
|
-
|
|
port: 5280
|
|
ip: "::"
|
|
module: ejabberd_http
|
|
request_handlers:
|
|
"/websocket": ejabberd_http_ws
|
|
## "/pub/archive": mod_http_fileserver
|
|
web_admin: true
|
|
http_bind: true
|
|
## register: true
|
|
## captcha: true
|
|
tls: true
|
|
certfile: "/etc/ejabberd/ejabberd.pem"
|
|
-
|
|
port: 5443
|
|
module: ejabberd_http
|
|
tls: true
|
|
certfile: "/etc/ejabberd/ejabberd.pem"
|
|
request_handlers:
|
|
"upload": mod_http_upload
|
|
custom_headers:
|
|
"Access-Control-Allow-Origin": "*"
|
|
"Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
|
|
"Access-Control-Allow-Headers": "Authorization"
|
|
"Access-Control-Allow-Credentials": "true"
|
|
|
|
## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
|
|
## password storage (see auth_password_format option).
|
|
disable_sasl_mechanisms:
|
|
- "digest-md5"
|
|
- "x-oauth2"
|
|
|
|
s2s_use_starttls: required
|
|
s2s_certfile: "/etc/ejabberd/ejabberd.pem"
|
|
s2s_protocol_options:
|
|
- "no_sslv3"
|
|
- "no_tlsv1"
|
|
- "no_tlsv1_1"
|
|
|
|
outgoing_s2s_families:
|
|
- ipv4
|
|
## - ipv6
|
|
outgoing_s2s_timeout: 10000
|
|
|
|
auth_method: internal
|
|
auth_password_format: scram
|
|
|
|
###. ===============
|
|
###' DATABASE _SETUP
|
|
|
|
### MySQL server:
|
|
###
|
|
#sql_type: mysql
|
|
#sql_server: "localhost"
|
|
#sql_database: "db_name"
|
|
#sql_username: "db_user"
|
|
#sql_password: "db_pass"
|
|
## Keepalive in seconds
|
|
#sql_keepalive_interval: 28800
|
|
#sql_pool_size: 5
|
|
|
|
###. ===============
|
|
###' TRAFFIC SHAPERS
|
|
shaper:
|
|
##
|
|
## The "normal" shaper limits traffic speed to 1000 B/s
|
|
##
|
|
normal: 1000
|
|
|
|
##
|
|
## The "fast" shaper limits traffic speed to 50000 B/s
|
|
##
|
|
fast: 50000
|
|
|
|
max_fsm_queue: 1000
|
|
|
|
###. ====================
|
|
###' ACCESS CONTROL LISTS
|
|
acl:
|
|
admin:
|
|
user:
|
|
- "myuser": "mydomain.eu"
|
|
#- "@localhost"
|
|
|
|
local:
|
|
user_regexp: ""
|
|
|
|
loopback:
|
|
ip:
|
|
- "127.0.0.0/8"
|
|
|
|
shaper_rules:
|
|
## Maximum number of simultaneous sessions allowed for a single user:
|
|
max_user_sessions: 10
|
|
## Maximum number of offline messages that users can have:
|
|
max_user_offline_messages:
|
|
- 5000: admin
|
|
- 100
|
|
## For C2S connections, all users except admins use the "normal" shaper
|
|
c2s_shaper:
|
|
- none: admin
|
|
- normal
|
|
## All S2S connections use the "fast" shaper
|
|
s2s_shaper: fast
|
|
|
|
###. ============
|
|
###' ACCESS RULES
|
|
access_rules:
|
|
## This rule allows access only for local users:
|
|
local:
|
|
- allow: local
|
|
## Only non-blocked users can use c2s connections:
|
|
c2s:
|
|
- deny: blocked
|
|
- allow
|
|
## Only admins can send announcement messages:
|
|
announce:
|
|
- allow: admin
|
|
## Only admins can use the configuration interface:
|
|
configure:
|
|
- allow: admin
|
|
## Only accounts of the local ejabberd server can create rooms:
|
|
muc_create:
|
|
- allow: local
|
|
## Only accounts on the local ejabberd server can create Pubsub nodes:
|
|
pubsub_createnode:
|
|
- allow: local
|
|
## In-band registration allows registration of any possible username.
|
|
## To disable in-band registration, replace 'allow' with 'deny'.
|
|
register:
|
|
- deny
|
|
## Only allow to register from localhost
|
|
trusted_network:
|
|
- allow: loopback
|
|
## Do not establish S2S connections with bad servers
|
|
s2s:
|
|
## - deny:
|
|
## - ip: "XXX.XXX.XXX.XXX/32"
|
|
## - deny:
|
|
## - ip: "XXX.XXX.XXX.XXX/32"
|
|
- allow
|
|
|
|
language: "en"
|
|
|
|
modules:
|
|
mod_adhoc: {}
|
|
mod_admin_extra: {}
|
|
mod_announce: # recommends mod_adhoc
|
|
access: announce
|
|
mod_blocking: {} # requires mod_privacy
|
|
mod_caps: {}
|
|
mod_carboncopy: {}
|
|
mod_client_state: {}
|
|
mod_configure: {} # requires mod_adhoc
|
|
##mod_delegation: {} # for xep0356
|
|
mod_disco:
|
|
server_info:
|
|
-
|
|
modules: all
|
|
name: "abuse-addresses"
|
|
urls:
|
|
- "mailto:jabberadmin@mydomain.eu"
|
|
mod_echo: {}
|
|
mod_irc: {}
|
|
mod_http_bind: {}
|
|
mod_http_upload:
|
|
docroot: "/var/ejabberd"
|
|
put_url: "https://@HOST@:5443/upload"
|
|
thumbnail: true
|
|
dir_mode: "2770"
|
|
max_size: 104857600 # 100MB
|
|
## mod_http_fileserver:
|
|
## docroot: "/var/www"
|
|
## accesslog: "/var/log/ejabberd/access.log"
|
|
mod_last: {}
|
|
mod_muc:
|
|
## host: "conference.@HOST@"
|
|
access:
|
|
- allow
|
|
access_admin:
|
|
- allow: admin
|
|
access_create: muc_create
|
|
access_persistent: muc_create
|
|
## mod_muc_log: {}
|
|
mod_muc_admin: {}
|
|
## mod_multicast: {}
|
|
mod_offline:
|
|
access_max_user_messages: max_user_offline_messages
|
|
mod_ping: {}
|
|
## mod_pres_counter:
|
|
## count: 5
|
|
## interval: 60
|
|
mod_privacy: {}
|
|
mod_private: {}
|
|
## mod_proxy65: {}
|
|
mod_pubsub:
|
|
access_createnode: pubsub_createnode
|
|
## reduces resource comsumption, but XEP incompliant
|
|
#ignore_pep_from_offline: true
|
|
## XEP compliant, but increases resource comsumption
|
|
ignore_pep_from_offline: false
|
|
last_item_cache: false
|
|
max_items_node: 1000
|
|
default_node_config:
|
|
max_items: 1000
|
|
plugins:
|
|
- "flat"
|
|
- "hometree"
|
|
- "pep" # pep requires mod_caps
|
|
mod_register:
|
|
##
|
|
## Protect In-Band account registrations with CAPTCHA.
|
|
##
|
|
## captcha_protected: true
|
|
##
|
|
## Set the minimum informational entropy for passwords.
|
|
##
|
|
## password_strength: 32
|
|
##
|
|
## After successful registration, the user receives
|
|
## a message with this subject and body.
|
|
##
|
|
## welcome_message:
|
|
## subject: "Welcome!"
|
|
## body: |-
|
|
## Hi.
|
|
## Welcome to this XMPP server.
|
|
##
|
|
## When a user registers, send a notification to
|
|
## these XMPP accounts.
|
|
##
|
|
## registration_watchers:
|
|
## - "admin1@example.org"
|
|
##
|
|
## Only clients in the server machine can register accounts
|
|
##
|
|
## ip_access: trusted_network
|
|
##
|
|
## Local c2s or remote s2s users cannot register accounts
|
|
##
|
|
## access_from: deny
|
|
## access: register
|
|
|
|
# No registration, but allow existing accounts to change password
|
|
access: none
|
|
mod_roster:
|
|
versioning: true
|
|
mod_shared_roster: {}
|
|
mod_stats: {}
|
|
mod_time: {}
|
|
mod_vcard:
|
|
search: false
|
|
mod_version:
|
|
show_os: false
|
|
|
|
##
|
|
## Enable modules with custom options in a specific virtual host
|
|
##
|
|
## host_config:
|
|
## "localhost":
|
|
## modules:
|
|
## mod_echo:
|
|
## host: "mirror.localhost"
|
|
|
|
##
|
|
## Enable modules management via ejabberdctl for installation and
|
|
## uninstallation of public/private contributed modules
|
|
## (enabled by default)
|
|
##
|
|
|
|
allow_contrib_modules: true
|
|
|
|
###.
|
|
###'
|
|
### Local Variables:
|
|
### mode: yaml
|
|
### End:
|
|
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
|