###### ejabberd configuration file######### The paramete

1. ###
2. ### ejabberd configuration file
3. ###
4. ###
5.  
6. ### The parameters used in this configuration file are explained in more detail
7. ### in the ejabberd Installation and Operation Guide.
8. ### Please consult the Guide in case of doubts, it is included with
9. ### your copy of ejabberd, and is also available online at
10. ### http://www.process-one.net/en/ejabberd/docs/
11.  
12. ### The configuration file is written in YAML.
13. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
14. ### However, ejabberd treats different literals as different types:
15. ###
16. ### - unquoted or single-quoted strings. They are called "atoms".
17. ### Example: dog, 'Jupiter', '3.14159', YELLOW
18. ###
19. ### - numeric literals. Example: 3, -45.0, .0
20. ###
21. ### - quoted or folded strings.
22. ### Examples of quoted string: "Lizzard", "orange".
23. ### Example of folded string:
24. ### > Art thou not Romeo,
25. ### and a Montague?
26.  
27. ### =======
28. ### LOGGING
29.  
30. ##
31. ## loglevel: Verbosity of log files generated by ejabberd.
32. ## 0: No ejabberd log at all (not recommended)
33. ## 1: Critical
34. ## 2: Error
35. ## 3: Warning
36. ## 4: Info
37. ## 5: Debug
38. ##
39. loglevel: 4
40.  
41. ##
42. ## rotation: Describe how to rotate logs. Either size and/or date can trigger
43. ## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
44. ## does not disable rotation, it instead rotates the file and keeps no previous
45. ## versions around. Setting size to X rotate log when it reaches X bytes.
46. ## To disable rotation set the size to 0 and the date to ""
47. ## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
48. ## Some examples:
49. ## $D0 rotate every night at midnight
50. ## $D23 rotate every day at 23:00 hr
51. ## $W0D23 rotate every week on Sunday at 23:00 hr
52. ## $W5D16 rotate every week on Friday at 16:00 hr
53. ## $M1D0 rotate on the first day of every month at midnight
54. ## $M5D6 rotate on every 5th day of the month at 6:00 hr
55. ##
56. log_rotate_size: 10485760
57. log_rotate_date: ""
58. log_rotate_count: 1
59.  
60. ##
61. ## overload protection: If you want to limit the number of messages per second
62. ## allowed from error_logger, which is a good idea if you want to avoid a flood
63. ## of messages when system is overloaded, you can set a limit.
64. ## 100 is ejabberd's default.
65. log_rate_limit: 100
66.  
67. ##
68. ## watchdog_admins: Only useful for developers: if an ejabberd process
69. ## consumes a lot of memory, send live notifications to these XMPP
70. ## accounts.
71. ##
72. ## watchdog_admins:
73. ## - "admin@archipel.domain.local
74. "
75.  
76.  
77. ### ================
78. ### SERVED HOSTNAMES
79.  
80. ##
81. ## hosts: Domains served by ejabberd.
82. ## You can define one or several, for example:
83. ## hosts:
84. ## - "example.net"
85. ## - "example.com"
86. ## - "example.org"
87. ##
88. hosts:
89. - "archipel.domain.local"
90.  
91. ##
92. ## route_subdomains: Delegate subdomains to other XMPP servers.
93. ## For example, if this ejabberd serves example.org and you want
94. ## to allow communication with an XMPP server called im.example.org.
95. ##
96. ## route_subdomains: s2s
97.  
98. ### ===============
99. ### LISTENING PORTS
100.  
101. ##
102. ## listen: The ports ejabberd will listen on, which service each is handled
103. ## by and what options to start it with.
104. ##
105. listen:
106. -
107. port: 5222
108. module: ejabberd_c2s
109. max_stanza_size: 65536
110. shaper: c2s_shaper
111. access: c2s
112. starttls: true
113. certfile: "/opt/ejabberd/conf/server.pem"
114. ## Custom OpenSSL options
115. ##
116. ## protocol_options:
117. ## - "no_sslv3"
118. ## - "no_tlsv1"
119. -
120. port: 5269
121. module: ejabberd_s2s_in
122. max_stanza_size: 131072
123. shaper: s2s_shaper
124. ##
125. ## ejabberd_service: Interact with external components (transports, ...)
126. ## -
127. ## port: 8888
128. ## module: ejabberd_service
129. ## access: all
130. ## shaper_rule: fast
131. ## ip: "127.0.0.1"
132. ## hosts:
133. ## "icq.example.org":
134. ## password: "secret"
135. ## "sms.example.org":
136. ## password: "secret"
137.  
138. ##
139. ## ejabberd_stun: Handles STUN Binding requests
140. ##
141. ## -
142. ## port: 3478
143. ## transport: udp
144. ## module: ejabberd_stun
145.  
146. ##
147. ## To handle XML-RPC requests that provide admin credentials:
148. ##
149. ## -
150. ## port: 4560
151. ## module: ejabberd_xmlrpc
152. -
153. port: 5280
154. module: ejabberd_http
155. request_handlers:
156. "/websocket": ejabberd_http_ws
157. # "/pub/archive": mod_http_fileserver
158. web_admin: true
159. http_poll: false
160. http_bind: true
161. ## register: true
162. captcha: false
163.  
164. ##
165. ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
166. ## Allowed values are: false optional required required_trusted
167. ## You must specify a certificate file.
168. ##
169. ## s2s_use_starttls: optional
170.  
171. ##
172. ## s2s_certfile: Specify a certificate file.
173. ##
174. ## s2s_certfile: "/opt/ejabberd/conf/server.pem"
175.  
176. ## Custom OpenSSL options
177. ##
178. ## s2s_protocol_options:
179. ## - "no_sslv3"
180. ## - "no_tlsv1"
181.  
182. ##
183. ## domain_certfile: Specify a different certificate for each served hostname.
184. ##
185. ## host_config:
186. ## "example.org":
187. ## domain_certfile: "/opt/ejabberd/conf/example_org.pem"
188. ## "example.com":
189. ## domain_certfile: "/opt/ejabberd/conf/example_com.pem"
190.  
191. ##
192. ## S2S whitelist or blacklist
193. ##
194. ## Default s2s policy for undefined hosts.
195. ##
196. ## s2s_policy: s2s
197.  
198. ##
199. ## Outgoing S2S options
200. ##
201. ## Preferred address families (which to try first) and connect timeout
202. ## in milliseconds.
203. ##
204. ## outgoing_s2s_families:
205. ## - ipv4
206. ## - ipv6
207. ## outgoing_s2s_timeout: 10000
208.  
209. ### ==============
210. ### AUTHENTICATION
211.  
212. ##
213. ## auth_method: Method used to authenticate the users.
214. ## The default method is the internal.
215. ## If you want to use a different method,
216. ## comment this line and enable the correct ones.
217. ##
218. auth_method: internal
219.  
220. ##
221. ## Store the plain passwords or hashed for SCRAM:
222. ## auth_password_format: plain
223. ## auth_password_format: scram
224. ##
225. ## Define the FQDN if ejabberd doesn't detect it:
226. ## fqdn: "server3.example.com"
227.  
228. ##
229. ## Authentication using external script
230. ## Make sure the script is executable by ejabberd.
231. ##
232. ## auth_method: external
233. ## extauth_program: "/path/to/authentication/script"
234.  
235. ##
236. ## Authentication using ODBC
237. ## Remember to setup a database in the next section.
238. ##
239. ## auth_method: odbc
240.  
241. ##
242. ## Authentication using PAM
243. ##
244. ## auth_method: pam
245. ## pam_service: "pamservicename"
246. ##
247. ## Authentication using LDAP
248. ##
249. ## auth_method: ldap
250. ##
251. ## List of LDAP servers:
252. ## ldap_servers:
253. ## - "loalhost"
254. ##
255. ## Encryption of connection to LDAP servers:
256. ## ldap_encrypt: none
257. ## ldap_encrypt: tls
258. ##
259. ## Port to connect to on LDAP servers:
260. ## ldap_port: 389
261. ## ldap_port: 636
262. ##
263. ## LDAP manager:
264. ## ldap_rootdn: "dc=example,dc=com"
265. ##
266. ## Password of LDAP manager:
267. ## ldap_password: "******"
268. ##
269. ## Search base of LDAP directory:
270. ## ldap_base: "dc=example,dc=com"
271. ##
272. ## LDAP attribute that holds user ID:
273. ## ldap_uids:
274. ## - "mail": "%u@mail.example.org"
275. ##
276. ## LDAP filter:
277. ## ldap_filter: "(objectClass=shadowAccount)"
278.  
279. ##
280. ## Anonymous login support:
281. ## auth_method: anonymous
282. ## anonymous_protocol: sasl_anon | login_anon | both
283. ## allow_multiple_connections: true | false
284. ##
285. ## host_config:
286. ## "public.example.org":
287. ## auth_method: anonymous
288. ## allow_multiple_connections: false
289. ## anonymous_protocol: sasl_anon
290. ##
291. ## To use both anonymous and internal authentication:
292. ##
293. ## host_config:
294. ## "public.example.org":
295. ## auth_method:
296. ## - internal
297. ## - anonymous
298.  
299. ### ==============
300. ### DATABASE SETUP
301.  
302. ## ejabberd by default uses the internal Mnesia database,
303. ## so you do not necessarily need this section.
304. ## This section provides configuration examples in case
305. ## you want to use other database backends.
306. ## Please consult the ejabberd Guide for details on database creation.
307.  
308. ##
309. ## MySQL server:
310. ##
311. ## odbc_type: mysql
312. ## odbc_server: "server"
313. ## odbc_database: "database"
314. ## odbc_username: "username"
315. ## odbc_password: "password"
316. ##
317. ## If you want to specify the port:
318. ## odbc_port: 1234
319.  
320. ##
321. ## PostgreSQL server:
322. ##
323. ## odbc_type: pgsql
324. ## odbc_server: "server"
325. ## odbc_database: "database"
326. ## odbc_username: "username"
327. ## odbc_password: "password"
328. ##
329. ## If you want to specify the port:
330. ## odbc_port: 1234
331. ##
332. ## If you use PostgreSQL, have a large database, and need a
333. ## faster but inexact replacement for "select count(*) from users"
334. ##
335. ## pgsql_users_number_estimate: true
336.  
337. ##
338. ## ODBC compatible or MSSQL server:
339. ##
340. ## odbc_type: odbc
341. ## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
342.  
343. ##
344. ## Number of connections to open to the database for each virtual host
345. ##
346. ## odbc_pool_size: 10
347.  
348. ##
349. ## Interval to make a dummy SQL request to keep the connections to the
350. ## database alive. Specify in seconds: for example 28800 means 8 hours
351. ##
352. ## odbc_keepalive_interval: undefined
353.  
354. ### ===============
355. ### TRAFFIC SHAPERS
356.  
357. shaper:
358. ##
359. ## The "normal" shaper limits traffic speed to 1000 B/s
360. ##
361. normal: 1000
362.  
363. ##
364. ## The "fast" shaper limits traffic speed to 50000 B/s
365. ##
366. fast: 50000
367.  
368. ##
369. ## This option specifies the maximum number of elements in the queue
370. ## of the FSM. Refer to the documentation for details.
371. ##
372. max_fsm_queue: 1000
373.  
374. ###. ====================
375. ###' ACCESS CONTROL LISTS
376. acl:
377. ##
378. ## The 'admin' ACL grants administrative privileges to XMPP accounts.
379. ## You can put here as many accounts as you want.
380. ##
381. admin:
382. user:
383. - "admin": "archipel.local.domain"
384.  
385. ##
386. ## Blocked users
387. ##
388. ## blocked:
389. ## user:
390. ## - "baduser": "example.org"
391. ## - "test"
392.  
393. ## Local users: don't modify this.
394. ##
395. local:
396. user_regexp: ""
397.  
398. ##
399. ## More examples of ACLs
400. ##
401. ## jabberorg:
402. ## server:
403. ## - "jabber.org"
404. ## aleksey:
405. ## user:
406. ## - "aleksey": "jabber.ru"
407. ## test:
408. ## user_regexp: "^test"
409. ## user_glob: "test*"
410.  
411. ##
412. ## Loopback network
413. ##
414. loopback:
415. ip:
416. - "127.0.0.0/8"
417.  
418. ##
419. ## Bad XMPP servers
420. ##
421. ## bad_servers:
422. ## server:
423. ## - "xmpp.zombie.org"
424. ## - "xmpp.spam.com"
425.  
426. ##
427. ## Define specific ACLs in a virtual host.
428. ##
429. ## host_config:
430. ## "localhost":
431. ## acl:
432. ## admin:
433. ## user:
434. ## - "bob-local": "localhost"
435.  
436. ### ============
437. ### ACCESS RULES
438. access:
439. ## Maximum number of simultaneous sessions allowed for a single user:
440. max_user_sessions:
441. all: 10
442. ## Maximum number of offline messages that users can have:
443. max_user_offline_messages:
444. admin: 5000
445. all: 100
446. ## This rule allows access only for local users:
447. local:
448. local: allow
449. ## Only non-blocked users can use c2s connections:
450. c2s:
451. blocked: deny
452. all: allow
453. ## For C2S connections, all users except admins use the "normal" shaper
454. c2s_shaper:
455. admin: none
456. all: normal
457. ## All S2S connections use the "fast" shaper
458. s2s_shaper:
459. all: fast
460. ## Only admins can send announcement messages:
461. announce:
462. admin: allow
463. ## Only admins can use the configuration interface:
464. configure:
465. admin: allow
466. ## Admins of this server are also admins of the MUC service:
467. muc_admin:
468. admin: allow
469. ## Only accounts of the local ejabberd server can create rooms:
470. muc_create:
471. local: allow
472. ## All users are allowed to use the MUC service:
473. muc:
474. all: allow
475. ## Only accounts on the local ejabberd server can create Pubsub nodes:
476. pubsub_createnode:
477. local: allow
478. ## In-band registration allows registration of any possible username.
479. ## To disable in-band registration, replace 'allow' with 'deny'.
480. register:
481. all: allow
482. ## Only allow to register from localhost
483. trusted_network:
484. loopback: allow
485. ## Do not establish S2S connections with bad servers
486. ## s2s:
487. ## bad_servers: deny
488. ## all: allow
489.  
490. ## By default the frequency of account registrations from the same IP
491. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
492. ## registration_timeout: 600
493.  
494. ##
495. ## Define specific Access Rules in a virtual host.
496. ##
497. ## host_config:
498. ## "localhost":
499. ## access:
500. ## c2s:
501. ## admin: allow
502. ## all: deny
503. ## register:
504. ## all: deny
505.  
506. ### ================
507. ### DEFAULT LANGUAGE
508.  
509. ##
510. ## language: Default language used for server messages.
511. ##
512. language: "en"
513.  
514. ##
515. ## Set a different default language in a virtual host.
516. ##
517. ## host_config:
518. ## "localhost":
519. ## language: "ru"
520.  
521. ### =======
522. ### CAPTCHA
523.  
524. ##
525. ## Full path to a script that generates the image.
526. ##
527. ## captcha_cmd: "/opt/ejabberd/lib/ejabberd-15.04/priv/bin/captcha.sh"
528.  
529. ##
530. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
531. ##
532. ## captcha_host: "example.org:5280"
533.  
534. ##
535. ##
536. ## captcha_limit: 5
537.  
538. ### =======
539. ### MODULES
540.  
541. ##
542. ## Modules enabled in all ejabberd virtual hosts.
543. ##
544. modules:
545. mod_adhoc: []
546. mod_announce: # recommends mod_adhoc
547. access: announce
548. ## mod_blocking: [] # requires mod_privacy
549. mod_caps: []
550. mod_carboncopy: []
551. mod_configure: [] # requires mod_adhoc
552. mod_disco: []
553. ## mod_echo: []
554. ## mod_irc: []
555. mod_http_bind: []
556. ## mod_http_fileserver:
557. ## docroot: "/var/www"
558. ## accesslog: "/opt/ejabberd/logs/access.log"
559. mod_last: []
560. mod_muc:
561. ## host: "conference.@HOST@"
562. access: muc
563. access_create: muc_create
564. access_persistent: muc_create
565. access_admin: muc_admin
566. ## mod_muc_log: []
567. mod_offline:
568. access_max_user_messages: max_user_offline_messages
569. ## mod_ping: []
570. ## mod_pres_counter:
571. ## count: 5
572. ## interval: 60
573. mod_privacy: []
574. mod_private: []
575. ## mod_proxy65: []
576. mod_pubsub:
577. access_createnode: pubsub_createnode
578. ## reduces resource comsumption, but XEP incompliant
579. ignore_pep_from_offline: true
580. ## XEP compliant, but increases resource comsumption
581. ## ignore_pep_from_offline: false
582. last_item_cache: false
583. plugins:
584. - "flat"
585. - "hometree"
586. - "pep" # pep requires mod_caps
587. mod_register:
588. ##
589. ## Protect In-Band account registrations with CAPTCHA.
590. ##
591. ## captcha_protected: true
592.  
593. ##
594. ## Set the minimum informational entropy for passwords.
595. ##
596. ## password_strength: 32
597. ##
598. ## After successful registration, the user receives
599. ## a message with this subject and body.
600. ##
601. welcome_message:
602. subject: "Welcome!"
603. body: |-
604. Hi.
605. Welcome to this XMPP server.
606.  
607. ##
608. ## When a user registers, send a notification to
609. ## these XMPP accounts.
610. ##
611. ## registration_watchers:
612. ## - "admin1@example.org"
613.  
614. ##
615. ## Only clients in the server machine can register accounts
616. ##
617. ip_access: trusted_network
618.  
619. ##
620. ## Local c2s or remote s2s users cannot register accounts
621. ##
622. ## access_from: deny
623.  
624. access: register
625. mod_roster: []
626. mod_shared_roster: []
627. ## mod_time: []
628. mod_vcard: []
629. mod_version: []
630.  
631. ##
632. ## Enable modules with custom options in a specific virtual host
633. ##
634. ## append_host_config:
635. ## "localhost":
636. ## modules:
637. ## mod_echo:
638. ## host: "mirror.localhost"
639.  
640. ##
641. ## Enable modules management via ejabberdctl for installation and
642. ## uninstallation of public/private contributed modules
643. ## (enabled by default)
644. ##
645.  
646. allow_contrib_modules: true
647.  
648. ### Local Variables:
649. ### mode: yaml
650. ### End:
651. ### vim: set filetype=yaml tabstop=8