Switch the config to the latest version without comments
Taken from the 18.12.1 default config
This commit is contained in:
		
							parent
							
								
									aa64456fc7
								
							
						
					
					
						commit
						3a8a2b6be0
					
				| @ -1,116 +1,15 @@ | |||||||
| ### | language: "en" | ||||||
| ###'           ejabberd configuration file |  | ||||||
| ### |  | ||||||
| ### |  | ||||||
| 
 | 
 | ||||||
| ### The parameters used in this configuration file are explained in more detail | loglevel: 4 | ||||||
| ### in the ejabberd Installation and Operation Guide. |  | ||||||
| ### Please consult the Guide in case of doubts, it is included with |  | ||||||
| ### your copy of ejabberd, and is also available online at |  | ||||||
| ### http://www.process-one.net/en/ejabberd/docs/ |  | ||||||
| 
 |  | ||||||
| ### The configuration file is written in YAML. |  | ||||||
| ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. |  | ||||||
| ### However, ejabberd treats different literals as different types: |  | ||||||
| ### |  | ||||||
| ### - unquoted or single-quoted strings. They are called "atoms". |  | ||||||
| ###   Example: dog, 'Jupiter', '3.14159', YELLOW |  | ||||||
| ### |  | ||||||
| ### - numeric literals. Example: 3, -45.0, .0 |  | ||||||
| ### |  | ||||||
| ### - quoted or folded strings. |  | ||||||
| ###   Examples of quoted string: "Lizzard", "orange". |  | ||||||
| ###   Example of folded string: |  | ||||||
| ###   > Art thou not Romeo, |  | ||||||
| ###     and a Montague? |  | ||||||
| 
 |  | ||||||
| ###.  ======= |  | ||||||
| ###'  LOGGING |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## loglevel: Verbosity of log files generated by ejabberd. |  | ||||||
| ## 0: No ejabberd log at all (not recommended) |  | ||||||
| ## 1: Critical |  | ||||||
| ## 2: Error |  | ||||||
| ## 3: Warning |  | ||||||
| ## 4: Info |  | ||||||
| ## 5: Debug |  | ||||||
| ## |  | ||||||
| loglevel: 5 |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## rotation: Describe how to rotate logs. Either size and/or date can trigger |  | ||||||
| ## log rotation. Setting count to N keeps N rotated logs. Setting count to 0 |  | ||||||
| ## does not disable rotation, it instead rotates the file and keeps no previous |  | ||||||
| ## versions around. Setting size to X rotate log when it reaches X bytes. |  | ||||||
| ## To disable rotation set the size to 0 and the date to "" |  | ||||||
| ## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf. |  | ||||||
| ## Some examples: |  | ||||||
| ##  $D0     rotate every night at midnight |  | ||||||
| ##  $D23    rotate every day at 23:00 hr |  | ||||||
| ##  $W0D23  rotate every week on Sunday at 23:00 hr |  | ||||||
| ##  $W5D16  rotate every week on Friday at 16:00 hr |  | ||||||
| ##  $M1D0   rotate on the first day of every month at midnight |  | ||||||
| ##  $M5D6   rotate on every 5th day of the month at 6:00 hr |  | ||||||
| ## |  | ||||||
| log_rotate_size: 10485760 | log_rotate_size: 10485760 | ||||||
| log_rotate_date: "" | log_rotate_date: "" | ||||||
| log_rotate_count: 1 | log_rotate_count: 1 | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## overload protection: If you want to limit the number of messages per second |  | ||||||
| ## allowed from error_logger, which is a good idea if you want to avoid a flood |  | ||||||
| ## of messages when system is overloaded, you can set a limit. |  | ||||||
| ## 100 is ejabberd's default. |  | ||||||
| log_rate_limit: 100 | log_rate_limit: 100 | ||||||
| 
 | 
 | ||||||
| ## |  | ||||||
| ## watchdog_admins: Only useful for developers: if an ejabberd process |  | ||||||
| ## consumes a lot of memory, send live notifications to these XMPP |  | ||||||
| ## accounts. |  | ||||||
| ## |  | ||||||
| ##watchdog_admins: |  | ||||||
| ##  - "sebastian@5apps.com" |  | ||||||
| 
 |  | ||||||
| ###.  =============== |  | ||||||
| ###'  NODE PARAMETERS |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have |  | ||||||
| ## identical value on all nodes, and in most cases shouldn't be changed at all from |  | ||||||
| ## default value. |  | ||||||
| ## |  | ||||||
| ## net_ticktime: 60 |  | ||||||
| 
 |  | ||||||
| ###.  ================ |  | ||||||
| ###'  SERVED HOSTNAMES |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## hosts: Domains served by ejabberd. |  | ||||||
| ## You can define one or several, for example: |  | ||||||
| ## hosts: |  | ||||||
| ##   - "example.net" |  | ||||||
| ##   - "example.com" |  | ||||||
| ##   - "example.org" |  | ||||||
| ## |  | ||||||
| hosts: | hosts: | ||||||
|   - "kosmos.org" |   - "kosmos.org" | ||||||
|   - "5apps.com" |   - "5apps.com" | ||||||
| 
 | 
 | ||||||
| ## |  | ||||||
| ## route_subdomains: Delegate subdomains to other XMPP servers. |  | ||||||
| ## For example, if this ejabberd serves example.org and you want |  | ||||||
| ## to allow communication with an XMPP server called im.example.org. |  | ||||||
| ## |  | ||||||
| ## route_subdomains: s2s |  | ||||||
| 
 |  | ||||||
| ###.  ============ |  | ||||||
| ###'  Certificates |  | ||||||
| 
 |  | ||||||
| ## List all available PEM files containing certificates for your domains, |  | ||||||
| ## chains of certificates or certificate keys. Full chains will be built |  | ||||||
| ## automatically by ejabberd. |  | ||||||
| ## |  | ||||||
| <% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") || File.exist?("/opt/ejabberd/conf/5apps.com.pem") -%> | <% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") || File.exist?("/opt/ejabberd/conf/5apps.com.pem") -%> | ||||||
| certfiles: | certfiles: | ||||||
| <% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%> | <% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%> | ||||||
| @ -123,9 +22,6 @@ certfiles: | |||||||
| 
 | 
 | ||||||
| ca_file: "/opt/ejabberd/conf/cacert.pem" | ca_file: "/opt/ejabberd/conf/cacert.pem" | ||||||
| 
 | 
 | ||||||
| ###.  ================= |  | ||||||
| ###'  TLS configuration |  | ||||||
| 
 |  | ||||||
| define_macro: | define_macro: | ||||||
|   'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" |   'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" | ||||||
|   'TLS_OPTIONS': |   'TLS_OPTIONS': | ||||||
| @ -141,248 +37,41 @@ s2s_ciphers: 'TLS_CIPHERS' | |||||||
| c2s_protocol_options: 'TLS_OPTIONS' | c2s_protocol_options: 'TLS_OPTIONS' | ||||||
| s2s_protocol_options: 'TLS_OPTIONS' | s2s_protocol_options: 'TLS_OPTIONS' | ||||||
| 
 | 
 | ||||||
| ###.  =============== |  | ||||||
| ###'  LISTENING PORTS |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## listen: The ports ejabberd will listen on, which service each is handled |  | ||||||
| ## by and what options to start it with. |  | ||||||
| ## |  | ||||||
| listen: | listen: | ||||||
|   - |   - | ||||||
|     port: 5222 |     port: 5222 | ||||||
|     ip: "::" |     ip: "::" | ||||||
|     module: ejabberd_c2s |     module: ejabberd_c2s | ||||||
|     starttls: true |     max_stanza_size: 262144 | ||||||
|     max_stanza_size: 65536 |  | ||||||
|     shaper: c2s_shaper |     shaper: c2s_shaper | ||||||
|     access: c2s |     access: c2s | ||||||
|  |     starttls_required: true | ||||||
|   - |   - | ||||||
|     port: 5269 |     port: 5269 | ||||||
|     ip: "::" |     ip: "::" | ||||||
|     module: ejabberd_s2s_in |     module: ejabberd_s2s_in | ||||||
|     max_stanza_size: 131072 |     max_stanza_size: 524288 | ||||||
|     shaper: s2s_shaper |  | ||||||
|   - |   - | ||||||
|     port: 5280 |     port: 5280 | ||||||
|     ip: "::" |     ip: "::" | ||||||
|     module: ejabberd_http |     module: ejabberd_http | ||||||
|     request_handlers: |  | ||||||
|       "/ws": ejabberd_http_ws |  | ||||||
|       "/bosh": mod_bosh |  | ||||||
|       "/api": mod_http_api |  | ||||||
|     ##  "/pub/archive": mod_http_fileserver |  | ||||||
|     web_admin: true |     web_admin: true | ||||||
|     ## register: true |  | ||||||
|     captcha: false |  | ||||||
|   ## |  | ||||||
|   ## ejabberd_service: Interact with external components (transports, ...) |  | ||||||
|   ## |  | ||||||
|   ## - |  | ||||||
|   ##   port: 8888 |  | ||||||
|   ##   ip: "::" |  | ||||||
|   ##   module: ejabberd_service |  | ||||||
|   ##   access: all |  | ||||||
|   ##   shaper_rule: fast |  | ||||||
|   ##   ip: "127.0.0.1" |  | ||||||
|   ##   privilege_access: |  | ||||||
|   ##      roster: "both" |  | ||||||
|   ##      message: "outgoing" |  | ||||||
|   ##      presence: "roster" |  | ||||||
|   ##   delegations: |  | ||||||
|   ##      "urn:xmpp:mam:1": |  | ||||||
|   ##        filtering: ["node"] |  | ||||||
|   ##      "http://jabber.org/protocol/pubsub": |  | ||||||
|   ##        filtering: [] |  | ||||||
|   ##   hosts: |  | ||||||
|   ##     "icq.example.org": |  | ||||||
|   ##       password: "secret" |  | ||||||
|   ##     "sms.example.org": |  | ||||||
|   ##       password: "secret" |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## ejabberd_stun: Handles STUN Binding requests |  | ||||||
|   ## |  | ||||||
|   ## - |  | ||||||
|   ##   port: 3478 |  | ||||||
|   ##   transport: udp |  | ||||||
|   ##   module: ejabberd_stun |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## To handle XML-RPC requests that provide admin credentials: |  | ||||||
|   ## |  | ||||||
|   ## - |  | ||||||
|   ##   port: 4560 |  | ||||||
|   ##   ip: "::" |  | ||||||
|   ##   module: ejabberd_xmlrpc |  | ||||||
|   ##   maxsessions: 10 |  | ||||||
|   ##   timeout: 5000 |  | ||||||
|   ##   access_commands: |  | ||||||
|   ##     admin: |  | ||||||
|   ##       commands: all |  | ||||||
|   ##       options: [] |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## To enable secure http upload |  | ||||||
|   ## |  | ||||||
|   - |   - | ||||||
|     port: 5443 |     port: 5443 | ||||||
|  |     ip: "::" | ||||||
|     module: ejabberd_http |     module: ejabberd_http | ||||||
|     request_handlers: |     request_handlers: | ||||||
|       "upload": mod_http_upload |       "/api": mod_http_api | ||||||
|  |       "/bosh": mod_bosh | ||||||
|  |       "/upload": mod_http_upload | ||||||
|  |       "/ws": ejabberd_http_ws | ||||||
|  |       "/oauth": ejabberd_oauth | ||||||
|  |     web_admin: true | ||||||
|  |     captcha: false | ||||||
|     tls: true |     tls: true | ||||||
|     ##protocol_options: 'TLS_OPTIONS' |  | ||||||
|     ##dhfile: 'DH_FILE' |  | ||||||
|     ##ciphers: 'TLS_CIPHERS' |  | ||||||
| 
 | 
 | ||||||
| ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text |  | ||||||
| ## password storage (see auth_password_format option). |  | ||||||
| ## disable_sasl_mechanisms: "digest-md5" |  | ||||||
| 
 |  | ||||||
| ###.  ================== |  | ||||||
| ###'  S2S GLOBAL OPTIONS |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## s2s_use_starttls: Enable STARTTLS for S2S connections. |  | ||||||
| ## Allowed values are: false, optional or required |  | ||||||
| ## You must specify 'certfiles' option |  | ||||||
| ## |  | ||||||
| s2s_use_starttls: optional | s2s_use_starttls: optional | ||||||
| 
 | 
 | ||||||
| ## |  | ||||||
| ## S2S whitelist or blacklist |  | ||||||
| ## |  | ||||||
| ## Default s2s policy for undefined hosts. |  | ||||||
| ## |  | ||||||
| ## s2s_access: s2s |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Outgoing S2S options |  | ||||||
| ## |  | ||||||
| ## Preferred address families (which to try first) and connect timeout |  | ||||||
| ## in seconds. |  | ||||||
| ## |  | ||||||
| ## outgoing_s2s_families: |  | ||||||
| ##   - ipv4 |  | ||||||
| ##   - ipv6 |  | ||||||
| ## outgoing_s2s_timeout: 190 |  | ||||||
| 
 |  | ||||||
| ###.  ============== |  | ||||||
| ###'  AUTHENTICATION |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## auth_method: Method used to authenticate the users. |  | ||||||
| ## The default method is the internal. |  | ||||||
| ## If you want to use a different method, |  | ||||||
| ## comment this line and enable the correct ones. |  | ||||||
| ## |  | ||||||
| ## auth_method: sql |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Store the plain passwords or hashed for SCRAM: |  | ||||||
| ## auth_password_format: plain |  | ||||||
| auth_password_format: scram |  | ||||||
| ## |  | ||||||
| ## Define the FQDN if ejabberd doesn't detect it: |  | ||||||
| ## fqdn: "server3.example.com" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Authentication using external script |  | ||||||
| ## Make sure the script is executable by ejabberd. |  | ||||||
| ## |  | ||||||
| ## auth_method: external |  | ||||||
| ## extauth_program: "/path/to/authentication/script" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Authentication using SQL |  | ||||||
| ## Remember to setup a database in the next section. |  | ||||||
| ## |  | ||||||
| auth_method: sql |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Authentication using PAM |  | ||||||
| ## |  | ||||||
| ## auth_method: pam |  | ||||||
| ## pam_service: "pamservicename" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Authentication using LDAP |  | ||||||
| ## |  | ||||||
| ## auth_method: ldap |  | ||||||
| ## |  | ||||||
| ## List of LDAP servers: |  | ||||||
| ## ldap_servers: |  | ||||||
| ##   - "localhost" |  | ||||||
| ## |  | ||||||
| ## Encryption of connection to LDAP servers: |  | ||||||
| ## ldap_encrypt: none |  | ||||||
| ## ldap_encrypt: tls |  | ||||||
| ## |  | ||||||
| ## Port to connect to on LDAP servers: |  | ||||||
| ## ldap_port: 389 |  | ||||||
| ## ldap_port: 636 |  | ||||||
| ## |  | ||||||
| ## LDAP manager: |  | ||||||
| ## ldap_rootdn: "dc=example,dc=com" |  | ||||||
| ## |  | ||||||
| ## Password of LDAP manager: |  | ||||||
| ## ldap_password: "******" |  | ||||||
| ## |  | ||||||
| ## Search base of LDAP directory: |  | ||||||
| ## ldap_base: "dc=example,dc=com" |  | ||||||
| ## |  | ||||||
| ## LDAP attribute that holds user ID: |  | ||||||
| ## ldap_uids: |  | ||||||
| ##   - "mail": "%u@mail.example.org" |  | ||||||
| ## |  | ||||||
| ## LDAP filter: |  | ||||||
| ## ldap_filter: "(objectClass=shadowAccount)" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Anonymous login support: |  | ||||||
| ##   auth_method: anonymous |  | ||||||
| ##   anonymous_protocol: sasl_anon | login_anon | both |  | ||||||
| ##   allow_multiple_connections: true | false |  | ||||||
| ## |  | ||||||
| ## host_config: |  | ||||||
| ##   "public.example.org": |  | ||||||
| ##     auth_method: anonymous |  | ||||||
| ##     allow_multiple_connections: false |  | ||||||
| ##     anonymous_protocol: sasl_anon |  | ||||||
| ## |  | ||||||
| ## To use both anonymous and internal authentication: |  | ||||||
| ## |  | ||||||
| ## host_config: |  | ||||||
| ##   "public.example.org": |  | ||||||
| ##     auth_method: |  | ||||||
| ##       - internal |  | ||||||
| ##       - anonymous |  | ||||||
| 
 |  | ||||||
| ###.  ============== |  | ||||||
| ###'  DATABASE SETUP |  | ||||||
| 
 |  | ||||||
| ## ejabberd by default uses the internal Mnesia database, |  | ||||||
| ## so you do not necessarily need this section. |  | ||||||
| ## This section provides configuration examples in case |  | ||||||
| ## you want to use other database backends. |  | ||||||
| ## Please consult the ejabberd Guide for details on database creation. |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## MySQL server: |  | ||||||
| ## |  | ||||||
| ## sql_type: mysql |  | ||||||
| ## sql_server: "server" |  | ||||||
| ## sql_database: "database" |  | ||||||
| ## sql_username: "username" |  | ||||||
| ## sql_password: "password" |  | ||||||
| ## |  | ||||||
| ## If you want to specify the port: |  | ||||||
| ## sql_port: 1234 |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## PostgreSQL server: |  | ||||||
| ## |  | ||||||
| 
 |  | ||||||
| default_db: sql | default_db: sql | ||||||
| 
 | 
 | ||||||
| sql_type: pgsql | sql_type: pgsql | ||||||
| @ -391,65 +80,14 @@ sql_database: "ejabberd" | |||||||
| sql_username: "ejabberd" | sql_username: "ejabberd" | ||||||
| sql_password: "<%= @pgsql_password %>" | sql_password: "<%= @pgsql_password %>" | ||||||
| new_sql_schema: true | new_sql_schema: true | ||||||
| ## |  | ||||||
| ## If you want to specify the port: |  | ||||||
| ## sql_port: 1234 |  | ||||||
| ## |  | ||||||
| ## If you use PostgreSQL, have a large database, and need a |  | ||||||
| ## faster but inexact replacement for "select count(*) from users" |  | ||||||
| ## |  | ||||||
| ## pgsql_users_number_estimate: true |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## SQLite: |  | ||||||
| ## |  | ||||||
| ## sql_type: sqlite |  | ||||||
| ## sql_database: "/opt/ejabberd/database/ejabberd.db" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## ODBC compatible or MSSQL server: |  | ||||||
| ## |  | ||||||
| ## sql_type: odbc |  | ||||||
| ## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Number of connections to open to the database for each virtual host |  | ||||||
| ## |  | ||||||
| ## sql_pool_size: 10 |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Interval to make a dummy SQL request to keep the connections to the |  | ||||||
| ## database alive. Specify in seconds: for example 28800 means 8 hours |  | ||||||
| ## |  | ||||||
| ## sql_keepalive_interval: undefined |  | ||||||
| 
 |  | ||||||
| ###.  =============== |  | ||||||
| ###'  TRAFFIC SHAPERS |  | ||||||
| 
 |  | ||||||
| shaper: |  | ||||||
|   ## |  | ||||||
|   ## The "normal" shaper limits traffic speed to 1000 B/s |  | ||||||
|   ## |  | ||||||
|   normal: 1000 |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## The "fast" shaper limits traffic speed to 50000 B/s |  | ||||||
|   ## |  | ||||||
|   fast: 50000 |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## This option specifies the maximum number of elements in the queue |  | ||||||
| ## of the FSM. Refer to the documentation for details. |  | ||||||
| ## |  | ||||||
| max_fsm_queue: 10000 |  | ||||||
| 
 |  | ||||||
| ###.   ==================== |  | ||||||
| ###'   ACCESS CONTROL LISTS |  | ||||||
| acl: | acl: | ||||||
|   ## |   local: | ||||||
|   ## The 'admin' ACL grants administrative privileges to XMPP accounts. |     user_regexp: "" | ||||||
|   ## You can put here as many accounts as you want. |   loopback: | ||||||
|   ## |     ip: | ||||||
|  |       - "127.0.0.0/8" | ||||||
|  |       - "::1/128" | ||||||
|  |       - "::FFFF:127.0.0.1/128" | ||||||
|   admin: |   admin: | ||||||
|     user: |     user: | ||||||
|       - "greg@5apps.com" |       - "greg@5apps.com" | ||||||
| @ -457,133 +95,25 @@ acl: | |||||||
|       - "garret@5apps.com" |       - "garret@5apps.com" | ||||||
|       - "raucao@kosmos.org" |       - "raucao@kosmos.org" | ||||||
| 
 | 
 | ||||||
|   ## |  | ||||||
|   ## Blocked users |  | ||||||
|   ## |  | ||||||
|   ## blocked: |  | ||||||
|   ##   user: |  | ||||||
|   ##     - "baduser@example.org" |  | ||||||
|   ##     - "test" |  | ||||||
| 
 |  | ||||||
|   ## Local users: don't modify this. |  | ||||||
|   ## |  | ||||||
|   local: |  | ||||||
|     user_regexp: "" |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## More examples of ACLs |  | ||||||
|   ## |  | ||||||
|   ## jabberorg: |  | ||||||
|   ##   server: |  | ||||||
|   ##     - "jabber.org" |  | ||||||
|   ## aleksey: |  | ||||||
|   ##   user: |  | ||||||
|   ##     - "aleksey@jabber.ru" |  | ||||||
|   ## test: |  | ||||||
|   ##   user_regexp: "^test" |  | ||||||
|   ##   user_glob: "test*" |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## Loopback network |  | ||||||
|   ## |  | ||||||
|   loopback: |  | ||||||
|     ip: |  | ||||||
|       - "127.0.0.0/8" |  | ||||||
|       - "::1/128" |  | ||||||
|       - "::FFFF:127.0.0.1/128" |  | ||||||
| 
 |  | ||||||
|   ## |  | ||||||
|   ## Bad XMPP servers |  | ||||||
|   ## |  | ||||||
|   ## bad_servers: |  | ||||||
|   ##   server: |  | ||||||
|   ##     - "xmpp.zombie.org" |  | ||||||
|   ##     - "xmpp.spam.com" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Define specific ACLs in a virtual host. |  | ||||||
| ## |  | ||||||
| ## host_config: |  | ||||||
| ##   "localhost": |  | ||||||
| ##     acl: |  | ||||||
| ##       admin: |  | ||||||
| ##         user: |  | ||||||
| ##           - "bob-local@localhost" |  | ||||||
| 
 |  | ||||||
| ###.  ============ |  | ||||||
| ###'  SHAPER RULES |  | ||||||
| 
 |  | ||||||
| shaper_rules: |  | ||||||
|   ## Maximum number of simultaneous sessions allowed for a single user: |  | ||||||
|   max_user_sessions: 10 |  | ||||||
|   ## Maximum number of offline messages that users can have: |  | ||||||
|   max_user_offline_messages: |  | ||||||
|     - 5000: admin |  | ||||||
|     - 100 |  | ||||||
|   ## For C2S connections, all users except admins use the "normal" shaper |  | ||||||
|   c2s_shaper: |  | ||||||
|     - none: admin |  | ||||||
|     - normal |  | ||||||
|   ## All S2S connections use the "fast" shaper |  | ||||||
|   s2s_shaper: fast |  | ||||||
| 
 |  | ||||||
| ###.  ============ |  | ||||||
| ###'  ACCESS RULES |  | ||||||
| access_rules: | access_rules: | ||||||
|   ## This rule allows access only for local users: |  | ||||||
|   local: |   local: | ||||||
|     - allow: local |     - allow: local | ||||||
|   ## Only non-blocked users can use c2s connections: |  | ||||||
|   c2s: |   c2s: | ||||||
|     - deny: blocked |     - deny: blocked | ||||||
|     - allow |     - allow | ||||||
|   ## Only admins can send announcement messages: |  | ||||||
|   announce: |   announce: | ||||||
|     - allow: admin |     - allow: admin | ||||||
|   ## Only admins can use the configuration interface: |  | ||||||
|   configure: |   configure: | ||||||
|     - allow: admin |     - allow: admin | ||||||
|   ## Only accounts of the local ejabberd server can create rooms: |  | ||||||
|   muc_create: |   muc_create: | ||||||
|     - allow: admin |  | ||||||
|     - allow: local |     - allow: local | ||||||
|   ## Only accounts on the local ejabberd server can create Pubsub nodes: |  | ||||||
|   pubsub_createnode: |   pubsub_createnode: | ||||||
|     - allow: local |     - allow: local | ||||||
|   ## In-band registration allows registration of any possible username. |  | ||||||
|   ## To disable in-band registration, replace 'allow' with 'deny'. |  | ||||||
|   register: |   register: | ||||||
|     - allow |     - allow | ||||||
|   ## Only allow to register from localhost |  | ||||||
|   trusted_network: |   trusted_network: | ||||||
|     - allow: loopback |     - allow: loopback | ||||||
|   ## Do not establish S2S connections with bad servers |  | ||||||
|   ## If you enable this you also have to uncomment "s2s_access: s2s" |  | ||||||
|   ## s2s: |  | ||||||
|   ##   - deny: |  | ||||||
|   ##     - ip: "XXX.XXX.XXX.XXX/32" |  | ||||||
|   ##   - deny: |  | ||||||
|   ##     - ip: "XXX.XXX.XXX.XXX/32" |  | ||||||
|   ##   - allow |  | ||||||
| 
 | 
 | ||||||
| ## =============== |  | ||||||
| ## API PERMISSIONS |  | ||||||
| ## =============== |  | ||||||
| ## |  | ||||||
| ## This section allows you to define who and using what method |  | ||||||
| ## can execute commands offered by ejabberd. |  | ||||||
| ## |  | ||||||
| ## By default "console commands" section allow executing all commands |  | ||||||
| ## issued using ejabberdctl command, and "admin access" section allows |  | ||||||
| ## users in admin acl that connect from 127.0.0.1 to  execute all |  | ||||||
| ## commands except start and stop with any available access method |  | ||||||
| ## (ejabberdctl, http-api, xmlrpc depending what is enabled on server). |  | ||||||
| ## |  | ||||||
| ## If you remove "console commands" there will be one added by |  | ||||||
| ## default allowing executing all commands, but if you just change |  | ||||||
| ## permissions in it, version from config file will be used instead |  | ||||||
| ## of default one. |  | ||||||
| ## |  | ||||||
| api_permissions: | api_permissions: | ||||||
|   "console commands": |   "console commands": | ||||||
|     from: |     from: | ||||||
| @ -613,220 +143,100 @@ api_permissions: | |||||||
|       - "status" |       - "status" | ||||||
|       - "connected_users_number" |       - "connected_users_number" | ||||||
| 
 | 
 | ||||||
| ## By default the frequency of account registrations from the same IP | shaper: | ||||||
| ## is limited to 1 account every 10 minutes. To disable, specify: infinity |   normal: 1000 | ||||||
| ## registration_timeout: 600 |   fast: 50000 | ||||||
|    |  | ||||||
| ## |  | ||||||
| ## Define specific Access Rules in a virtual host. |  | ||||||
| ## |  | ||||||
| ## host_config: |  | ||||||
| ##   "localhost": |  | ||||||
| ##     access: |  | ||||||
| ##       c2s: |  | ||||||
| ##         - allow: admin |  | ||||||
| ##         - deny |  | ||||||
| ##       register: |  | ||||||
| ##         - deny |  | ||||||
| 
 | 
 | ||||||
| ###.  ================ | shaper_rules: | ||||||
| ###'  DEFAULT LANGUAGE |   max_user_sessions: 10 | ||||||
|  |   max_user_offline_messages: | ||||||
|  |     - 5000: admin | ||||||
|  |     - 100 | ||||||
|  |   c2s_shaper: | ||||||
|  |     - none: admin | ||||||
|  |     - normal | ||||||
|  |   s2s_shaper: fast | ||||||
| 
 | 
 | ||||||
| ## | max_fsm_queue: 10000 | ||||||
| ## language: Default language used for server messages. |  | ||||||
| ## |  | ||||||
| language: "en" |  | ||||||
| 
 | 
 | ||||||
| ## | acme: | ||||||
| ## Set a different default language in a virtual host. |    contact: "mailto:admin@vagrant.vm" | ||||||
| ## |    ca_url: "https://acme-v01.api.letsencrypt.org" | ||||||
| ## host_config: |  | ||||||
| ##   "localhost": |  | ||||||
| ##     language: "ru" |  | ||||||
| 
 | 
 | ||||||
| ###.  ======= |  | ||||||
| ###'  CAPTCHA |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Full path to a script that generates the image. |  | ||||||
| ## |  | ||||||
| ## captcha_cmd: "/opt/ejabberd-17.12/lib/ejabberd-17.12/priv/bin/captcha.sh" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Host for the URL and port where ejabberd listens for CAPTCHA requests. |  | ||||||
| ## |  | ||||||
| ## captcha_host: "xmpp:5280" |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS. |  | ||||||
| ## |  | ||||||
| ## captcha_limit: 5 |  | ||||||
| 
 |  | ||||||
| ###.  ==== |  | ||||||
| ###'  ACME |  | ||||||
| ## |  | ||||||
| ## In order to use the acme certificate acquiring through "Let's Encrypt" |  | ||||||
| ## an http listener has to be configured to listen to port 80 so that |  | ||||||
| ## the authorization challenges posed by "Let's Encrypt" can be solved. |  | ||||||
| ##  |  | ||||||
| ## A simple way of doing this would be to add the following in the listening |  | ||||||
| ## section and to configure port forwarding from 80 to 5280 either via NAT |  | ||||||
| ## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc. |  | ||||||
| ##   -  |  | ||||||
| ##    port: 5280 |  | ||||||
| ##    ip: "::" |  | ||||||
| ##    module: ejabberd_http |  | ||||||
| 
 |  | ||||||
| ##acme: |  | ||||||
| 
 |  | ||||||
|    ## A contact mail that the ACME Certificate Authority can contact in case of |  | ||||||
|    ## an authorization issue, such as a server-initiated certificate revocation. |  | ||||||
|    ## It is not mandatory to provide an email address but it is highly suggested. |  | ||||||
|    ##contact: "mailto:ops@5apps.com" |  | ||||||
| 
 |  | ||||||
|    ## The ACME Certificate Authority URL. |  | ||||||
|    ## This could either be: |  | ||||||
|    ##   - https://acme-v01.api.letsencrypt.org - (Default) for the production CA |  | ||||||
|    ##   - https://acme-staging.api.letsencrypt.org - for the staging CA |  | ||||||
|    ##   - http://localhost:4000 - for a local version of the CA |  | ||||||
|    ##ca_url: "https://acme-v01.api.letsencrypt.org" |  | ||||||
| 
 |  | ||||||
| ###.  ======= |  | ||||||
| ###'  MODULES |  | ||||||
| 
 |  | ||||||
| ## |  | ||||||
| ## Modules enabled in all ejabberd virtual hosts. |  | ||||||
| ## |  | ||||||
| modules: | modules: | ||||||
|   mod_adhoc: {} |   mod_adhoc: {} | ||||||
|   mod_admin_extra: {} |   mod_admin_extra: {} | ||||||
|   mod_announce: # recommends mod_adhoc |   mod_announce: | ||||||
|     access: announce |     access: announce | ||||||
|   mod_blocking: {} # requires mod_privacy |   mod_avatar: {} | ||||||
|  |   mod_blocking: {} | ||||||
|  |   mod_bosh: {} | ||||||
|   mod_caps: {} |   mod_caps: {} | ||||||
|   mod_carboncopy: {} |   mod_carboncopy: {} | ||||||
|   mod_client_state: {} |   mod_client_state: {} | ||||||
|   mod_configure: {} # requires mod_adhoc |   mod_configure: {} | ||||||
|   ## mod_delegation: {} # for xep0356 |   mod_disco: {} | ||||||
|   mod_disco: |   mod_fail2ban: {} | ||||||
|     server_info: |   mod_http_api: {} | ||||||
|       - |  | ||||||
|         modules: all |  | ||||||
|         name: "abuse-addresses" |  | ||||||
|         urls: ["mailto:abuse@kosmos.org"] |  | ||||||
|   ## mod_echo: {} |  | ||||||
|   ## mod_irc: {} |  | ||||||
|   mod_bosh: {} |  | ||||||
|   ## mod_http_fileserver: |  | ||||||
|   ##   docroot: "/var/www" |  | ||||||
|   ##   accesslog: "/opt/ejabberd-17.12/logs/access.log" |  | ||||||
|   mod_http_upload: |   mod_http_upload: | ||||||
|     docroot: "/var/www/xmpp.@HOST@/uploads/" |     docroot: "/var/www/xmpp.@HOST@/uploads/" | ||||||
|     put_url: "https://xmpp.@HOST@:5443/upload" |     put_url: "https://xmpp.@HOST@:5443/upload" | ||||||
|     thumbnail: false # otherwise needs the identify command from ImageMagick installed |  | ||||||
|   ## mod_http_upload_quota: |  | ||||||
|   ##   max_days: 30 |  | ||||||
|   mod_last: {} |   mod_last: {} | ||||||
|   ## XEP-0313: Message Archive Management |  | ||||||
|   ## You might want to setup a SQL backend for MAM because the mnesia database is |  | ||||||
|   ## limited to 2GB which might be exceeded on large servers |  | ||||||
|   mod_mam: |   mod_mam: | ||||||
|  |     db_type: sql | ||||||
|  |     assume_mam_usage: true | ||||||
|     default: always |     default: always | ||||||
|     request_activates_archiving: true |   mod_muc: | ||||||
|   mod_muc: {} |     access: | ||||||
|  |       - allow | ||||||
|  |     access_admin: | ||||||
|  |       - allow: admin | ||||||
|  |     access_create: muc_create | ||||||
|  |     access_persistent: muc_create | ||||||
|  |     default_room_options: | ||||||
|  |       allow_subscription: true  # enable MucSub | ||||||
|  |       mam: true | ||||||
|   mod_muc_admin: {} |   mod_muc_admin: {} | ||||||
|   ## mod_muc_log: {} |  | ||||||
|   ## mod_multicast: {} |  | ||||||
|   mod_offline: |   mod_offline: | ||||||
|     access_max_user_messages: max_user_offline_messages |     access_max_user_messages: max_user_offline_messages | ||||||
|   mod_ping: {} |   mod_ping: {} | ||||||
|   ## mod_pres_counter: |  | ||||||
|   ##   count: 5 |  | ||||||
|   ##   interval: 60 |  | ||||||
|   mod_privacy: {} |   mod_privacy: {} | ||||||
|   mod_private: {} |   mod_private: {} | ||||||
|   mod_proxy65: {} |   mod_proxy65: | ||||||
|  |     access: local | ||||||
|  |     max_connections: 5 | ||||||
|   mod_pubsub: |   mod_pubsub: | ||||||
|     access_createnode: pubsub_createnode |     access_createnode: pubsub_createnode | ||||||
|     ## reduces resource comsumption, but XEP incompliant |  | ||||||
|     ignore_pep_from_offline: true |  | ||||||
|     ## XEP compliant, but increases resource comsumption |  | ||||||
|     ## ignore_pep_from_offline: false |  | ||||||
|     last_item_cache: false |  | ||||||
|     max_items_node: 10 |  | ||||||
|     plugins: |     plugins: | ||||||
|       - "flat" |       - "flat" | ||||||
|       - "pep" # pep requires mod_caps |       - "pep" | ||||||
|  |     force_node_config: | ||||||
|  |       ## Change from "whitelist" to "open" to enable OMEMO support | ||||||
|  |       ## See https://github.com/processone/ejabberd/issues/2425 | ||||||
|  |       "eu.siacs.conversations.axolotl.*": | ||||||
|  |         access_model: whitelist | ||||||
|  |       ## Avoid buggy clients to make their bookmarks public | ||||||
|  |       "storage:bookmarks": | ||||||
|  |         access_model: whitelist | ||||||
|   mod_push: {} |   mod_push: {} | ||||||
|   mod_push_keepalive: {} |   mod_push_keepalive: {} | ||||||
|   mod_register: |   mod_register: | ||||||
|     ## |     ## Only accept registration requests from the "trusted" | ||||||
|     ## Protect In-Band account registrations with CAPTCHA. |     ## network (see access_rules section above). | ||||||
|     ## |     ## Think twice before enabling registration from any | ||||||
|     ##   captcha_protected: true |     ## address. See the Jabber SPAM Manifesto for details: | ||||||
|     ## |     ## https://github.com/ge0rg/jabber-spam-fighting-manifesto | ||||||
|     ## Set the minimum informational entropy for passwords. |  | ||||||
|     ## |  | ||||||
|     ##   password_strength: 32 |  | ||||||
|     ## |  | ||||||
|     ## After successful registration, the user receives |  | ||||||
|     ## a message with this subject and body. |  | ||||||
|     ## |  | ||||||
|     welcome_message: |  | ||||||
|       subject: "Welcome!" |  | ||||||
|       body: |- |  | ||||||
|         Hi. |  | ||||||
|         Welcome to this XMPP server. |  | ||||||
|     ## |  | ||||||
|     ## When a user registers, send a notification to |  | ||||||
|     ## these XMPP accounts. |  | ||||||
|     ## |  | ||||||
|     ##   registration_watchers: |  | ||||||
|     ##     - "admin1@example.org" |  | ||||||
|     ## |  | ||||||
|     ## Only clients in the server machine can register accounts |  | ||||||
|     ## |  | ||||||
|     ip_access: trusted_network |     ip_access: trusted_network | ||||||
|     ## |  | ||||||
|     ## Local c2s or remote s2s users cannot register accounts |  | ||||||
|     ## |  | ||||||
|     ##   access_from: deny |  | ||||||
|     access: register |  | ||||||
|   mod_roster: |   mod_roster: | ||||||
|     versioning: true |     versioning: true | ||||||
|     store_current_id: true |  | ||||||
|   mod_shared_roster: {} |  | ||||||
|   ## mod_stats: {} |  | ||||||
|   ## mod_time: {} |  | ||||||
|   mod_vcard: |  | ||||||
|     search: false |  | ||||||
|   mod_vcard_xupdate: {} |  | ||||||
|   ## Convert all avatars posted by Android clients from WebP to JPEG |  | ||||||
|   ## mod_avatar:  # this module needs compile option --enable-graphics |  | ||||||
|   ##   convert: |  | ||||||
|   ##     webp: jpeg |  | ||||||
|   mod_version: {} |  | ||||||
|   mod_stream_mgmt: {} |  | ||||||
|   ##   Non-SASL Authentication (XEP-0078) is now disabled by default |  | ||||||
|   ##   because it's obsoleted and is used mostly by abandoned |  | ||||||
|   ##   client software |  | ||||||
|   ## mod_legacy_auth: {} |  | ||||||
|   ##   The module for S2S dialback (XEP-0220). Please note that you cannot |  | ||||||
|   ##   rely solely on dialback if you want to federate with other servers, |  | ||||||
|   ##   because a lot of servers have dialback disabled and instead rely on |  | ||||||
|   ##   PKIX authentication. Make sure you have proper certificates installed |  | ||||||
|   ##   and check your accessibility at https://check.messaging.one/ |  | ||||||
|   mod_s2s_dialback: {} |   mod_s2s_dialback: {} | ||||||
|   mod_http_api: {} |   mod_shared_roster: {} | ||||||
| 
 |   mod_stream_mgmt: | ||||||
| ## |     resend_on_timeout: if_offline | ||||||
| ## Enable modules with custom options in a specific virtual host |   mod_vcard: {} | ||||||
| ## |   mod_vcard_xupdate: {} | ||||||
| ## host_config: |   mod_version: | ||||||
| ##   "localhost": |     show_os: false | ||||||
| ##     modules: |  | ||||||
| ##       mod_echo: |  | ||||||
| ##         host: "mirror.localhost" |  | ||||||
| 
 | 
 | ||||||
| host_config: | host_config: | ||||||
|   "kosmos.org": |   "kosmos.org": | ||||||
| @ -850,17 +260,7 @@ host_config: | |||||||
|         access_create: muc_create |         access_create: muc_create | ||||||
|         access_persistent: muc_create |         access_persistent: muc_create | ||||||
| 
 | 
 | ||||||
| ## |  | ||||||
| ## Enable modules management via ejabberdctl for installation and |  | ||||||
| ## uninstallation of public/private contributed modules |  | ||||||
| ## (enabled by default) |  | ||||||
| ## |  | ||||||
| 
 |  | ||||||
| allow_contrib_modules: true |  | ||||||
| 
 |  | ||||||
| ###. |  | ||||||
| ###' |  | ||||||
| ### Local Variables: | ### Local Variables: | ||||||
| ### mode: yaml | ### mode: yaml | ||||||
| ### End: | ### End: | ||||||
| ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: | ### vim: set filetype=yaml tabstop=8 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user