Advertisement
Guest User

ejabberd config file

a guest
May 8th, 2019
169
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.41 KB | None | 0 0
  1. ###
  2. ###' ejabberd configuration file
  3. ###
  4. ###
  5.  
  6. ### The parameters used in this configuration file are explained in more detail
  7. ### in the ejabberd Installation and Operation Guide.
  8. ### Please consult the Guide in case of doubts, it is included with
  9. ### your copy of ejabberd, and is also available online at
  10. ### http://www.process-one.net/en/ejabberd/docs/
  11.  
  12. ### The configuration file is written in YAML.
  13. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  14. ### However, ejabberd treats different literals as different types:
  15. ###
  16. ### - unquoted or single-quoted strings. They are called "atoms".
  17. ### Example: dog, 'Jupiter', '3.14159', YELLOW
  18. ###
  19. ### - numeric literals. Example: 3, -45.0, .0
  20. ###
  21. ### - quoted or folded strings.
  22. ### Examples of quoted string: "Lizzard", "orange".
  23. ### Example of folded string:
  24. ### > Art thou not Romeo,
  25. ### and a Montague?
  26.  
  27. ###. =======
  28. ###' LOGGING
  29.  
  30. ##
  31. ## loglevel: Verbosity of log files generated by ejabberd.
  32. ## 0: No ejabberd log at all (not recommended)
  33. ## 1: Critical
  34. ## 2: Error
  35. ## 3: Warning
  36. ## 4: Info
  37. ## 5: Debug
  38. ##
  39. loglevel: 4
  40.  
  41. ##
  42. ## rotation: Describe how to rotate logs. Either size and/or date can trigger
  43. ## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
  44. ## does not disable rotation, it instead rotates the file and keeps no previous
  45. ## versions around. Setting size to X rotate log when it reaches X bytes.
  46. ## To disable rotation set the size to 0 and the date to ""
  47. ## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
  48. ## Some examples:
  49. ## $D0 rotate every night at midnight
  50. ## $D23 rotate every day at 23:00 hr
  51. ## $W0D23 rotate every week on Sunday at 23:00 hr
  52. ## $W5D16 rotate every week on Friday at 16:00 hr
  53. ## $M1D0 rotate on the first day of every month at midnight
  54. ## $M5D6 rotate on every 5th day of the month at 6:00 hr
  55. ##
  56. log_rotate_size: 10485760
  57. log_rotate_date: ""
  58. log_rotate_count: 1
  59.  
  60. ##
  61. ## overload protection: If you want to limit the number of messages per second
  62. ## allowed from error_logger, which is a good idea if you want to avoid a flood
  63. ## of messages when system is overloaded, you can set a limit.
  64. ## 100 is ejabberd's default.
  65. log_rate_limit: 100
  66.  
  67. ##
  68. ## watchdog_admins: Only useful for developers: if an ejabberd process
  69. ## consumes a lot of memory, send live notifications to these XMPP
  70. ## accounts.
  71. ##
  72. ## watchdog_admins:
  73. ## - "admin@srv2.searacon.nl"
  74.  
  75. ###. ===============
  76. ###' NODE PARAMETERS
  77.  
  78. ##
  79. ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
  80. ## identical value on all nodes, and in most cases shouldn't be changed at all from
  81. ## default value.
  82. ##
  83. ## net_ticktime: 60
  84.  
  85. ###. ================
  86. ###' SERVED HOSTNAMES
  87.  
  88. ##
  89. ## hosts: Domains served by ejabberd.
  90. ## You can define one or several, for example:
  91. ## hosts:
  92. ## - "example.net"
  93. ## - "example.com"
  94. ## - "example.org"
  95. ##
  96. hosts:
  97. - "srv2.searacon.nl"
  98. - "chat.searacon.nl"
  99. - "xmpp.searacon.nl"
  100. ##
  101. ## route_subdomains: Delegate subdomains to other XMPP servers.
  102. ## For example, if this ejabberd serves example.org and you want
  103. ## to allow communication with an XMPP server called im.example.org.
  104. ##
  105. ## route_subdomains: s2s
  106.  
  107. ### CERTFILES
  108.  
  109. certfiles:
  110. - "/opt/ejabberd/conf/server.pem"
  111.  
  112. ###. ===============
  113. ###' LISTENING PORTS
  114.  
  115. ##
  116. ## listen: The ports ejabberd will listen on, which service each is handled
  117. ## by and what options to start it with.
  118. ##
  119. listen:
  120. -
  121. port: 5222
  122. module: ejabberd_c2s
  123. # certfile: "/opt/ejabberd/conf/server.pem"
  124. # tls: true
  125. ## To enforce TLS encryption for client connections,
  126. ## use this instead of the "starttls" option:
  127. starttls_required: true
  128. ##
  129. ## Custom OpenSSL options
  130. ##
  131. protocol_options:
  132. - "no_sslv3"
  133. ## - "no_tlsv1"
  134. max_stanza_size: 65536
  135. shaper: c2s_shaper
  136. access: c2s
  137. -
  138. port: 5269
  139. module: ejabberd_s2s_in
  140. max_stanza_size: 131072
  141. shaper: s2s_shaper
  142. -
  143. module: ejabberd_http
  144. port: 5443
  145. tls: true
  146. # certfile: "/opt/ejabberd/conf/server.pem"
  147. request_handlers:
  148. "files": mod_http_fileserver
  149. "upload": mod_http_upload
  150. -
  151. port: 5275
  152. module: ejabberd_service
  153. shaper: fast
  154. access: all
  155. hosts:
  156. "jv.srv2.searacon.nl":
  157. password: "groenboterhoed"
  158. -
  159. port: 5060
  160. transport: udp
  161. module: ejabberd_sip
  162. -
  163. port: 5060
  164. module: ejabberd_sip
  165. -
  166. port: 5061
  167. module: ejabberd_sip
  168. tls: true
  169. # certfile: "/opt/ejabberd/conf/server.pem"
  170. ##
  171. ## ejabberd_service: Interact with external components (transports, ...)
  172. ##
  173. ## -
  174. ## port: 8888
  175. ## module: ejabberd_service
  176. ## access: all
  177. ## shaper_rule: fast
  178. ## ip: "127.0.0.1"
  179. ## hosts:
  180. ## "icq.example.org":
  181. ## password: "secret"
  182. ## "sms.example.org":
  183. ## password: "secret"
  184.  
  185. ##
  186. ## ejabberd_stun: Handles STUN Binding requests
  187. ##
  188. -
  189. port: 3478
  190. transport: udp
  191. use_turn: true
  192. turn_ip: "5.79.72.162"
  193. module: ejabberd_stun
  194. -
  195. port: 3478
  196. module: ejabberd_stun
  197. -
  198. port: 5349
  199. module: ejabberd_stun
  200. # certfile: "/opt/ejabberd/conf/server.pem"
  201. tls: true
  202. ##
  203. ## To handle XML-RPC requests that provide admin credentials:
  204. ##
  205. ## -
  206. ## port: 4560
  207. ## module: ejabberd_xmlrpc
  208. ## maxsessions: 10
  209. ## timeout: 5000
  210. ## access_commands:
  211. ## admin:
  212. ## commands: all
  213. ## options: []
  214. -
  215. port: 5280
  216. module: ejabberd_http
  217. request_handlers:
  218. "/websocket": ejabberd_http_ws
  219. ## "/pub/archive": mod_http_fileserver
  220. # certfile: "/opt/ejabberd/conf/server.pem"
  221. tls: true
  222. web_admin: true
  223. http_bind: true
  224. register: true
  225. captcha: true
  226.  
  227. ###. ==================
  228. ###' S2S GLOBAL OPTIONS
  229.  
  230. ##
  231. ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
  232. ## Allowed values are: false optional required required_trusted
  233. ## You must specify a certificate file.
  234. ##
  235. s2s_use_starttls: optional
  236.  
  237. ##
  238. ## s2s_certfile: Specify a certificate file.
  239. ##
  240. #certfile: "/opt/ejabberd/conf/server.pem"
  241.  
  242. ## Custom OpenSSL options
  243. ##
  244. ## s2s_protocol_options:
  245. ## - "no_sslv3"
  246. ## - "no_tlsv1"
  247.  
  248. ##
  249. ## domain_certfile: Specify a different certificate for each served hostname.
  250. ##
  251. ## host_config:
  252. ## "example.org":
  253. ## domain_certfile: "/opt/ejabberd-17.01/conf/example_org.pem"
  254. ## "example.com":
  255. ## domain_certfile: "/opt/ejabberd-17.01/conf/example_com.pem"
  256.  
  257. ##
  258. ## S2S whitelist or blacklist
  259. ##
  260. ## Default s2s policy for undefined hosts.
  261. ##
  262. ## s2s_access: s2s
  263.  
  264. ##
  265. ## Outgoing S2S options
  266. ##
  267. ## Preferred address families (which to try first) and connect timeout
  268. ## in milliseconds.
  269. ##
  270. ## outgoing_s2s_families:
  271. ## - ipv4
  272. ## - ipv6
  273. ## outgoing_s2s_timeout: 10000
  274.  
  275. ###. ==============
  276. ###' AUTHENTICATION
  277.  
  278. ##
  279. ## auth_method: Method used to authenticate the users.
  280. ## The default method is the internal.
  281. ## If you want to use a different method,
  282. ## comment this line and enable the correct ones.
  283. ##
  284. auth_method: internal
  285.  
  286. ##
  287. ## Store the plain passwords or hashed for SCRAM:
  288. ## auth_password_format: plain
  289. ## auth_password_format: scram
  290. ##
  291. ## Define the FQDN if ejabberd doesn't detect it:
  292. ## fqdn: "server3.example.com"
  293.  
  294. ##
  295. ## Authentication using external script
  296. ## Make sure the script is executable by ejabberd.
  297. ##
  298. ## auth_method: external
  299. ## extauth_program: "/path/to/authentication/script"
  300.  
  301. ##
  302. ## Authentication using SQL
  303. ## Remember to setup a database in the next section.
  304. ##
  305. ## auth_method: sql
  306.  
  307. ##
  308. ## Authentication using PAM
  309. ##
  310. ## auth_method: pam
  311. ## pam_service: "pamservicename"
  312.  
  313. ##
  314. ## Authentication using LDAP
  315. ##
  316. ## auth_method: ldap
  317. ##
  318. ## List of LDAP servers:
  319. ## ldap_servers:
  320. ## - "localhost"
  321. ##
  322. ## Encryption of connection to LDAP servers:
  323. ## ldap_encrypt: none
  324. ## ldap_encrypt: tls
  325. ##
  326. ## Port to connect to on LDAP servers:
  327. ## ldap_port: 389
  328. ## ldap_port: 636
  329. ##
  330. ## LDAP manager:
  331. ## ldap_rootdn: "dc=example,dc=com"
  332. ##
  333. ## Password of LDAP manager:
  334. ## ldap_password: "******"
  335. ##
  336. ## Search base of LDAP directory:
  337. ## ldap_base: "dc=example,dc=com"
  338. ##
  339. ## LDAP attribute that holds user ID:
  340. ## ldap_uids:
  341. ## - "mail": "%u@mail.example.org"
  342. ##
  343. ## LDAP filter:
  344. ## ldap_filter: "(objectClass=shadowAccount)"
  345.  
  346. ##
  347. ## Anonymous login support:
  348. ## auth_method: anonymous
  349. ## anonymous_protocol: sasl_anon | login_anon | both
  350. ## allow_multiple_connections: true | false
  351. ##
  352. ## host_config:
  353. ## "public.example.org":
  354. ## auth_method: anonymous
  355. ## allow_multiple_connections: false
  356. ## anonymous_protocol: sasl_anon
  357. ##
  358. ## To use both anonymous and internal authentication:
  359. ##
  360. ## host_config:
  361. ## "public.example.org":
  362. ## auth_method:
  363. ## - internal
  364. ## - anonymous
  365.  
  366. ###. ==============
  367. ###' DATABASE SETUP
  368.  
  369. ## ejabberd by default uses the internal Mnesia database,
  370. ## so you do not necessarily need this section.
  371. ## This section provides configuration examples in case
  372. ## you want to use other database backends.
  373. ## Please consult the ejabberd Guide for details on database creation.
  374.  
  375. ##
  376. ## MySQL server:
  377. ##
  378. ## sql_type: mysql
  379. ## sql_server: "server"
  380. ## sql_database: "database"
  381. ## sql_username: "username"
  382. ## sql_password: "password"
  383. ##
  384. ## If you want to specify the port:
  385. ## sql_port: 1234
  386.  
  387. ##
  388. ## PostgreSQL server:
  389. ##
  390. ## sql_type: pgsql
  391. ## sql_server: "server"
  392. ## sql_database: "database"
  393. ## sql_username: "username"
  394. ## sql_password: "password"
  395. ##
  396. ## If you want to specify the port:
  397. ## sql_port: 1234
  398. ##
  399. ## If you use PostgreSQL, have a large database, and need a
  400. ## faster but inexact replacement for "select count(*) from users"
  401. ##
  402. ## pgsql_users_number_estimate: true
  403.  
  404. ##
  405. ## SQLite:
  406. ##
  407. #sql_type: sqlite
  408. #sql_database: "/opt/ejabberd-17.01/database/ejabberd.db"
  409.  
  410. ##
  411. ## ODBC compatible or MSSQL server:
  412. ##
  413. ## sql_type: odbc
  414. ## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
  415.  
  416. ##
  417. ## Number of connections to open to the database for each virtual host
  418. ##
  419. ## sql_pool_size: 10
  420.  
  421. ##
  422. ## Interval to make a dummy SQL request to keep the connections to the
  423. ## database alive. Specify in seconds: for example 28800 means 8 hours
  424. ##
  425. ## sql_keepalive_interval: undefined
  426.  
  427. ###. ===============
  428. ###' TRAFFIC SHAPERS
  429.  
  430. shaper:
  431. ##
  432. ## The "normal" shaper limits traffic speed to 1000 B/s
  433. ##
  434. normal: 1000
  435.  
  436. ##
  437. ## The "fast" shaper limits traffic speed to 50000 B/s
  438. ##
  439. fast: 50000
  440.  
  441. ##
  442. ## This option specifies the maximum number of elements in the queue
  443. ## of the FSM. Refer to the documentation for details.
  444. ##
  445. max_fsm_queue: 1000
  446.  
  447. ###. ====================
  448. ###' ACCESS CONTROL LISTS
  449. acl:
  450. ##
  451. ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  452. ## You can put here as many accounts as you want.
  453. ##
  454. admin:
  455. user:
  456. - "admin@srv2.searacon.nl"
  457. - "activate@srv2.searacon.nl"
  458. - "eelco@srv2.searacon.nl"
  459.  
  460. ##
  461. ## Blocked users
  462. ##
  463. ## blocked:
  464. ## user:
  465. ## - "baduser@example.org"
  466. ## - "test"
  467.  
  468. ## Local users: don't modify this.
  469. ##
  470. local:
  471. user_regexp: ""
  472.  
  473. ##
  474. ## More examples of ACLs
  475. ##
  476. ## jabberorg:
  477. ## server:
  478. ## - "jabber.org"
  479. ## aleksey:
  480. ## user:
  481. ## - "aleksey@jabber.ru"
  482. ## test:
  483. ## user_regexp: "^test"
  484. ## user_glob: "test*"
  485.  
  486. ##
  487. ## Loopback network
  488. ##
  489. loopback:
  490. ip:
  491. - "127.0.0.0/8"
  492.  
  493. ##
  494. ## Bad XMPP servers
  495. ##
  496. ## bad_servers:
  497. ## server:
  498. ## - "xmpp.zombie.org"
  499. ## - "xmpp.spam.com"
  500.  
  501. ##
  502. ## Define specific ACLs in a virtual host.
  503. ##
  504. ## host_config:
  505. ## "localhost":
  506. ## acl:
  507. ## admin:
  508. ## user:
  509. ## - "bob-local@localhost"
  510.  
  511. ###. ============
  512. ###' SHAPER RULES
  513.  
  514. shaper_rules:
  515. ## Maximum number of simultaneous sessions allowed for a single user:
  516. max_user_sessions: 10
  517. ## Maximum number of offline messages that users can have:
  518. max_user_offline_messages:
  519. - 5000: admin
  520. - 100
  521. ## For C2S connections, all users except admins use the "normal" shaper
  522. c2s_shaper:
  523. - none: admin
  524. - normal
  525. ## All S2S connections use the "fast" shaper
  526. s2s_shaper: fast
  527.  
  528. ###. ============
  529. ###' ACCESS RULES
  530. access_rules:
  531. ## This rule allows access only for local users:
  532. local:
  533. - allow: local
  534. ## Only non-blocked users can use c2s connections:
  535. c2s:
  536. - deny: blocked
  537. - allow
  538. ## Only admins can send announcement messages:
  539. announce:
  540. - allow: admin
  541. ## Only admins can use the configuration interface:
  542. configure:
  543. - allow: admin
  544.  
  545. muc_admin:
  546. - allow: admin
  547. ## Only accounts of the local ejabberd server can create rooms:
  548. muc_create:
  549. - allow: local
  550. ## Only accounts on the local ejabberd server can create Pubsub nodes:
  551. pubsub_createnode:
  552. - allow: local
  553. ## In-band registration allows registration of any possible username.
  554. ## To disable in-band registration, replace 'allow' with 'deny'.
  555. register:
  556. - allow
  557. ## Only allow to register from localhost
  558. ## trusted_network:
  559. ## - allow: loopback
  560. ## Do not establish S2S connections with bad servers
  561. ## s2s:
  562. ## - deny:
  563. ## - ip: "XXX.XXX.XXX.XXX/32"
  564. ## - deny:
  565. ## - ip: "XXX.XXX.XXX.XXX/32"
  566. ## - allow
  567.  
  568. ## By default the frequency of account registrations from the same IP
  569. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
  570. ## registration_timeout: 600
  571.  
  572. ##
  573. ## Define specific Access Rules in a virtual host.
  574. ##
  575. ## host_config:
  576. ## "localhost":
  577. ## access:
  578. ## c2s:
  579. ## - allow: admin
  580. ## - deny
  581. ## register:
  582. ## - deny
  583.  
  584. ###. ================
  585. ###' DEFAULT LANGUAGE
  586.  
  587. ##
  588. ## language: Default language used for server messages.
  589. ##
  590. language: "en"
  591.  
  592. ##
  593. ## Set a different default language in a virtual host.
  594. ##
  595. ## host_config:
  596. ## "localhost":
  597. ## language: "ru"
  598.  
  599. ###. =======
  600. ###' CAPTCHA
  601.  
  602. ##
  603. ## Full path to a script that generates the image.
  604. ##
  605. captcha_cmd: "/opt/ejabberd/lib/ejabberd-19.02/priv/bin/captcha.sh"
  606.  
  607. ##
  608. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
  609. ##
  610. captcha_host: "srv2.searacon.nl:5280"
  611.  
  612. ##
  613. ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
  614. ##
  615. captcha_limit: 5
  616.  
  617. ###. =======
  618. ###' MODULES
  619.  
  620. ##
  621. ## Modules enabled in all ejabberd virtual hosts.
  622. ##
  623. modules:
  624. mod_adhoc: {}
  625. mod_admin_extra: {}
  626. mod_announce: # recommends mod_adhoc
  627. access: announce
  628. mod_bosh: {}
  629. mod_blocking: {} # requires mod_privacy
  630. mod_caps: {}
  631. mod_carboncopy: {}
  632. mod_client_state: {}
  633. mod_configure: {} # requires mod_adhoc
  634. mod_disco: {}
  635. ## mod_echo: {}
  636. ## mod_http_bind: {}
  637. mod_http_upload:
  638. docroot: "/opt/ejabberd/www/upload"
  639. put_url: "https://@HOST@:5443/upload"
  640. mod_http_fileserver:
  641. docroot: "/opt/ejabberd/www"
  642. accesslog: "/opt/ejabberd/logs/access.log"
  643. # mod_irc: {}
  644. mod_last: {}
  645. mod_mam: {}
  646. mod_muc:
  647. host: "conference.@HOST@"
  648. ##host: "@HOST@"
  649. access: all
  650. access_admin: muc_admin
  651. access_create: all
  652. access_persistent: muc_create
  653. history_size: 0
  654. default_room_options:
  655. allow_subscription: true
  656. persistent: true
  657. mod_muc_admin: {}
  658. mod_muc_log: {}
  659. ## mod_multicast: {}
  660. mod_offline:
  661. access_max_user_messages: max_user_offline_messages
  662. mod_ping: {}
  663. ## mod_pres_counter:
  664. ## count: 5
  665. ## interval: 60
  666. mod_privacy: {}
  667. mod_private: {}
  668. mod_proxy65: {}
  669. mod_pubsub:
  670. access_createnode: pubsub_createnode
  671. ## reduces resource comsumption, but XEP incompliant
  672. ignore_pep_from_offline: true
  673. ## XEP compliant, but increases resource comsumption
  674. ## ignore_pep_from_offline: false
  675. last_item_cache: false
  676. plugins:
  677. - "flat"
  678. - "pep" # pep requires mod_caps
  679. mod_register:
  680. ##
  681. ## Protect In-Band account registrations with CAPTCHA.
  682. ##
  683. captcha_protected: true
  684. ##
  685. ## Set the minimum informational entropy for passwords.
  686. ##
  687. ## password_strength: 32
  688. ##
  689. ## After successful registration, the user receives
  690. ## a message with this subject and body.
  691. ##
  692. welcome_message:
  693. subject: "Welcome!"
  694. body: |-
  695. Howdy!
  696. Welcome to the Searacon XMPP server.
  697.  
  698. Enjoy your stay and be nice!
  699. ##
  700. ## When a user registers, send a notification to
  701. ## these XMPP accounts.
  702. ##
  703. registration_watchers:
  704. - "eelco@srv2.searacon.nl"
  705. ##
  706. ## Only clients in the server machine can register accounts
  707. ##
  708. ## ip_access: trusted_network
  709. ##
  710. ## Local c2s or remote s2s users cannot register accounts
  711. ##
  712. ## access_from: deny
  713. access: register
  714. mod_roster: {}
  715. mod_shared_roster: {}
  716. mod_sip: {}
  717. mod_stats: {}
  718. mod_time: {}
  719. mod_vcard:
  720. search: true
  721. mod_version: {}
  722.  
  723. ##
  724. ## Enable modules with custom options in a specific virtual host
  725. ##
  726. ## host_config:
  727. ## "localhost":
  728. ## modules:
  729. ## mod_echo:
  730. ## host: "mirror.localhost"
  731.  
  732. ##
  733. ## Enable modules management via ejabberdctl for installation and
  734. ## uninstallation of public/private contributed modules
  735. ## (enabled by default)
  736. ##
  737.  
  738. allow_contrib_modules: true
  739.  
  740. ###.
  741. ###'
  742. ### Local Variables:
  743. ### mode: yaml
  744. ### End:
  745. ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement