Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###
- ### ejabberd configuration file
- ###
- ###
- ### =======
- ### LOGGING
- ## 0: No ejabberd log at all (not recommended)
- ## 1: Critical
- ## 2: Error
- ## 3: Warning
- ## 4: Info
- ## 5: Debug
- ##
- loglevel: 4
- ## $D0 rotate every night at midnight
- ## $D23 rotate every day at 23:00 hr
- ## $W0D23 rotate every week on Sunday at 23:00 hr
- ## $W5D16 rotate every week on Friday at 16:00 hr
- ## $M1D0 rotate on the first day of every month at midnight
- ## $M5D6 rotate on every 5th day of the month at 6:00 hr
- ##
- log_rotate_size: 10485760
- log_rotate_date: ""
- log_rotate_count: 1
- log_rate_limit: 100
- ## watchdog_admins:
- ## - "bob@example.com"
- ### ================
- ### SERVED HOSTNAMES
- hosts:
- - "example.com"
- ### ===============
- ### LISTENING PORTS
- listen:
- -
- port: 443
- ip: "199.0.0.1"
- module: ejabberd_c2s
- certfile: "/etc/ssl/private/example_com_chain.pem"
- starttls: true
- max_stanza_size: 65536
- shaper: c2s_shaper
- access: c2s
- -
- port: 5222
- ip: "199.0.0.1"
- module: ejabberd_c2s
- certfile: "/etc/ssl/private/example_com_chain.pem"
- starttls: true
- max_stanza_size: 65536
- shaper: c2s_shaper
- access: c2s
- -
- port: 5223
- ip: "199.0.0.1"
- module: ejabberd_c2s
- certfile: "/etc/ssl/private/example_com_chain.pem"
- tls: true
- max_stanza_size: 65536
- shaper: c2s_shaper
- access: c2s
- -
- port: 5269
- ip: "199.0.0.1"
- shaper: s2s_shaper
- module: ejabberd_s2s_in
- -
- port: 5280
- module: ejabberd_http
- ip: "199.0.0.1"
- ##request_handlers:
- ##"archive": mod_archive_webview
- web_admin: true
- http_poll: true
- http_bind: true
- ## register: true
- captcha: true
- -
- port: 5281
- module: ejabberd_http
- ip: "199.0.0.1"
- certfile: "/etc/ssl/private/example_com_chain.pem"
- tls: true
- ##request_handlers:
- ##"archive": mod_archive_webview
- web_admin: true
- http_poll: true
- http_bind: true
- ## register: true
- captcha: true
- -
- port: 5349
- ip: "199.0.0.1"
- module: ejabberd_stun
- certfile: "/etc/ssl/private/example_com_chain.pem"
- -
- port: 3478
- ip: "199.0.0.1"
- module: ejabberd_stun
- -
- port: 3478
- transport: udp
- ip: "199.0.0.1"
- module: ejabberd_stun
- s2s_use_starttls: optional
- s2s_certfile: "/etc/ssl/private/example_com_chain.pem"
- ## S2S whitelist or blacklist
- ##
- ## Default s2s policy for undefined hosts.
- ##
- ## s2s_access: s2s
- ##
- ## Outgoing S2S options
- ##
- ## Preferred address families (which to try first) and connect timeout
- ## in milliseconds.
- ##
- ## outgoing_s2s_families:
- ## - ipv4
- ## - ipv6
- ## outgoing_s2s_timeout: 10000
- ### ==============
- ### AUTHENTICATION
- ##
- ## auth_method: Method used to authenticate the users.
- ## The default method is the internal.
- ## If you want to use a different method,
- ## comment this line and enable the correct ones.
- ##
- auth_method: odbc
- ##
- ## Store the plain passwords or hashed for SCRAM:
- ## auth_password_format: plain
- ## auth_password_format: scram
- ##
- ## Define the FQDN if ejabberd doesn't detect it:
- fqdn: "xmpp.example.com"
- ## MySQL server:
- ##
- odbc_type: mysql
- odbc_server: "localhost"
- odbc_database: "ejabberd"
- odbc_username: "ejabberd"
- odbc_password: "guesswhat"
- ##
- ## If you want to specify the port:
- ## odbc_port: 1234
- odbc_keepalive_interval: 3600
- ### ===============
- ### TRAFFIC SHAPERS
- shaper:
- ##
- ## The "normal" shaper limits traffic speed to 1000 B/s
- ##
- normal: 1000
- ##
- ## The "fast" shaper limits traffic speed to 50000 B/s
- ##
- fast: 50000
- ##
- ## This option specifies the maximum number of elements in the queue
- ## of the FSM. Refer to the documentation for details.
- ##
- max_fsm_queue: 1000
- ###. ====================
- ###' ACCESS CONTROL LISTS
- acl:
- ##
- ## The 'admin' ACL grants administrative privileges to XMPP accounts.
- ## You can put here as many accounts as you want.
- ##
- admin:
- user:
- - "admin": "example.com"
- ##
- ## Blocked users
- ##
- ## blocked:
- ## user:
- ## - "baduser": "example.org"
- ## - "test"
- ## Local users: don't modify this.
- ##
- local:
- user_regexp: ""
- ##
- ## Loopback network
- ##
- loopback:
- ip:
- - "127.0.0.0/8"
- ### ============
- ### ACCESS RULES
- access:
- ## Maximum number of simultaneous sessions allowed for a single user:
- max_user_sessions:
- all: 10
- ## Maximum number of offline messages that users can have:
- max_user_offline_messages:
- admin: 5000
- all: 100
- ## This rule allows access only for local users:
- local:
- local: allow
- ## Only non-blocked users can use c2s connections:
- c2s:
- blocked: deny
- all: allow
- ## For C2S connections, all users except admins use the "normal" shaper
- c2s_shaper:
- admin: none
- all: normal
- ## All S2S connections use the "fast" shaper
- s2s_shaper:
- all: fast
- ## Only admins can send announcement messages:
- announce:
- admin: allow
- ## Only admins can use the configuration interface:
- configure:
- admin: allow
- ## Admins of this server are also admins of the MUC service:
- muc_admin:
- admin: allow
- ## Only accounts of the local ejabberd server can create rooms:
- muc_create:
- local: allow
- ## All users are allowed to use the MUC service:
- muc:
- all: allow
- ## Only accounts on the local ejabberd server can create Pubsub nodes:
- pubsub_createnode:
- local: allow
- ## In-band registration allows registration of any possible username.
- ## To disable in-band registration, replace 'allow' with 'deny'.
- register:
- all: allow
- ## Only allow to register from localhost
- trusted_network:
- loopback: allow
- ## Do not establish S2S connections with bad servers
- ## s2s:
- ## bad_servers: deny
- ## all: allow
- ### ================
- ### DEFAULT LANGUAGE
- ##
- ## language: Default language used for server messages.
- ##
- language: "en"
- ### =======
- ### CAPTCHA
- ##
- ## Full path to a script that generates the image.
- ##
- captcha_cmd: "/usr/lib64/ejabberd/priv/bin/captcha.sh"
- ##
- ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
- ##
- captcha_host: "example.com:5280"
- ##
- ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
- ##
- captcha_limit: 5
- ### =======
- ### MODULES
- ##
- ## Modules enabled in all ejabberd virtual hosts.
- ##
- modules:
- mod_adhoc: {}
- mod_announce: # recommends mod_adhoc
- access: announce
- db_type: odbc
- mod_blocking: {} # requires mod_privacy
- mod_caps: {}
- mod_carboncopy: {}
- mod_configure: {} # requires mod_adhoc
- mod_disco: {}
- ## mod_echo: {}
- mod_irc:
- db_type: odbc
- mod_http_bind: {}
- ## mod_http_fileserver:
- ## docroot: "/var/www"
- ## accesslog: "/var/log/ejabberd/access.log"
- mod_last:
- db_type: odbc
- mod_mam:
- request_activates_archiving: false
- mod_muc:
- host: "conference.example.com"
- access: muc
- access_create: muc_create
- access_persistent: muc_create
- access_admin: muc_admin
- ## mod_muc_log: {}
- mod_offline:
- db_type: odbc
- access_max_user_messages: max_user_offline_messages
- mod_ping: {}
- ## mod_pres_counter:
- ## count: 5
- ## interval: 60
- mod_privacy:
- db_type: odbc
- mod_private:
- db_type: odbc
- mod_proxy65:
- host: "proxy.example.com"
- ip: "199.0.0.1"
- port: 7777
- mod_pubsub_odbc:
- host: "pubsub.example.com"
- access_createnode: pubsub_createnode
- ## reduces resource comsumption, but XEP incompliant
- ## ignore_pep_from_offline: true
- ## XEP compliant, but increases resource comsumption
- ignore_pep_from_offline: false
- last_item_cache: false
- plugins:
- - "flat_odbc"
- - "hometree_odbc"
- - "pep_odbc" # pep requires mod_caps
- mod_register:
- ##
- ## Protect In-Band account registrations with CAPTCHA.
- ##
- captcha_protected: true
- ##
- ## Set the minimum informational entropy for passwords.
- ##
- ## password_strength: 32
- ##
- ## After successful registration, the user receives
- ## a message with this subject and body.
- ##
- welcome_message:
- subject: "Welcome!"
- body: |-
- Hi.
- Welcome to this XMPP server.
- ##
- ## When a user registers, send a notification to
- ## these XMPP accounts.
- ##
- ## registration_watchers:
- ## - "admin1@example.org"
- ##
- ## Only clients in the server machine can register accounts
- ##
- ip_access: trusted_network
- ##
- ## Local c2s or remote s2s users cannot register accounts
- ##
- ## access_from: deny
- access: register
- mod_roster:
- db_type: odbc
- versioning: true
- store_current_id: true
- mod_shared_roster:
- db_type: odbc
- mod_stats: {}
- mod_time: {}
- mod_vcard:
- db_type: odbc
- mod_vcard_xupdate:
- db_type: odbc
- mod_version: {}
- ##
- ## Enable modules with custom options in a specific virtual host
- ##
- ## append_host_config:
- ## "localhost":
- ## modules:
- ## mod_echo:
- ## host: "mirror.localhost"
- ### Local Variables:
- ### mode: yaml
- ### End:
- ### vim: set filetype=yaml tabstop=8
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement