ejabberd.yml

1. ###
2. ###' ejabberd configuration file
3. ###
4. ###
5.  
6. ### The parameters used in this configuration file are explained in more detail
7. ### in the ejabberd Installation and Operation Guide.
8. ### Please consult the Guide in case of doubts, it is included with
9. ### your copy of ejabberd, and is also available online at
10. ### http://www.process-one.net/en/ejabberd/docs/
11.  
12. ### The configuration file is written in YAML.
13. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
14. ### However, ejabberd treats different literals as different types:
15. ###
16. ### - unquoted or single-quoted strings. They are called "atoms".
17. ### Example: dog, 'Jupiter', '3.14159', YELLOW
18. ###
19. ### - numeric literals. Example: 3, -45.0, .0
20. ###
21. ### - quoted or folded strings.
22. ### Examples of quoted string: "Lizzard", "orange".
23. ### Example of folded string:
24. ### > Art thou not Romeo,
25. ### and a Montague?
26.  
27. ###. =======
28. ###' LOGGING
29.  
30. ##
31. ## loglevel: Verbosity of log files generated by ejabberd.
32. ## 0: No ejabberd log at all (not recommended)
33. ## 1: Critical
34. ## 2: Error
35. ## 3: Warning
36. ## 4: Info
37. ## 5: Debug
38. ##
39. loglevel: 4
40.  
41. ##
42. ## rotation: Disable ejabberd's internal log rotation, as the Debian package
43. ## uses logrotate(8).
44. log_rotate_size: 0
45. log_rotate_date: ""
46.  
47. ##
48. ## overload protection: If you want to limit the number of messages per second
49. ## allowed from error_logger, which is a good idea if you want to avoid a flood
50. ## of messages when system is overloaded, you can set a limit.
51. ## 100 is ejabberd's default.
52. log_rate_limit: 100
53.  
54. ##
55. ## watchdog_admins: Only useful for developers: if an ejabberd process
56. ## consumes a lot of memory, send live notifications to these XMPP
57. ## accounts.
58. ##
59. ## watchdog_admins:
60. ## - "bob@example.com"
61.  
62. ###. ===============
63. ###' NODE PARAMETERS
64.  
65. ##
66. ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
67. ## identical value on all nodes, and in most cases shouldn't be changed at all from
68. ## default value.
69. ##
70. ## net_ticktime: 60
71.  
72. ###. ================
73. ###' SERVED HOSTNAMES
74.  
75. ##
76. ## hosts: Domains served by ejabberd.
77. ## You can define one or several, for example:
78. ## hosts:
79. ## - "example.net"
80. ## - "example.com"
81. ## - "example.org"
82. ##
83. hosts:
84. - "localhost"
85.  
86. ##
87. ## route_subdomains: Delegate subdomains to other XMPP servers.
88. ## For example, if this ejabberd serves example.org and you want
89. ## to allow communication with an XMPP server called im.example.org.
90. ##
91. ## route_subdomains: s2s
92.  
93. ###. ===============
94. ###' LISTENING PORTS
95.  
96. ##
97. ## listen: The ports ejabberd will listen on, which service each is handled
98. ## by and what options to start it with.
99. ##
100. listen:
101. -
102. port: 5222
103. ip: "::"
104. module: ejabberd_c2s
105. ##
106. ## If TLS is compiled in and you installed a SSL
107. ## certificate, specify the full path to the
108. ## file and uncomment these lines:
109. ##
110. certfile: "/etc/ejabberd/ejabberd.pem"
111. starttls: true
112. ##
113. ## To enforce TLS encryption for client connections,
114. ## use this instead of the "starttls" option:
115. ##
116. ## starttls_required: true
117. ##
118. ## Custom OpenSSL options
119. ##
120. protocol_options:
121. - "no_sslv3"
122. ## - "no_tlsv1"
123. max_stanza_size: 65536
124. shaper: c2s_shaper
125. access: c2s
126. zlib: true
127. resend_on_timeout: if_offline
128. -
129. port: 5269
130. ip: "::"
131. module: ejabberd_s2s_in
132. ##
133. ## ejabberd_service: Interact with external components (transports, ...)
134. ##
135. ## -
136. ## port: 8888
137. ## module: ejabberd_service
138. ## access: all
139. ## shaper_rule: fast
140. ## ip: "127.0.0.1"
141. ## privilege_access:
142. ## roster: "both"
143. ## message: "outgoing"
144. ## presence: "roster"
145. ## delegations:
146. ## "urn:xmpp:mam:1":
147. ## filtering: ["node"]
148. ## "http://jabber.org/protocol/pubsub":
149. ## filtering: []
150. ## hosts:
151. ## "icq.example.org":
152. ## password: "secret"
153. ## "sms.example.org":
154. ## password: "secret"
155. -
156. port: 5556
157. module: ejabberd_service
158. ip: "127.0.0.1"
159. access: all
160. shaper_rule: fast
161. hosts:
162. "vk.localhost":
163. password: "secret"
164.  
165. ##
166. ## ejabberd_stun: Handles STUN Binding requests
167. ##
168. ## -
169. ## port: 3478
170. ## transport: udp
171. ## module: ejabberd_stun
172.  
173. ##
174. ## To handle XML-RPC requests that provide admin credentials:
175. ##
176. ## -
177. ## port: 4560
178. ## module: ejabberd_xmlrpc
179. ## access_commands: {}
180. -
181. port: 5280
182. ip: "::"
183. module: ejabberd_http
184. request_handlers:
185. "/websocket": ejabberd_http_ws
186. ## "/pub/archive": mod_http_fileserver
187. web_admin: true
188. http_bind: true
189. ## register: true
190. ## captcha: true
191. tls: true
192. certfile: "/etc/ejabberd/ejabberd.pem"
193.  
194. ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
195. ## password storage (see auth_password_format option).
196. disable_sasl_mechanisms: "digest-md5"
197.  
198. ###. ==================
199. ###' S2S GLOBAL OPTIONS
200.  
201. ##
202. ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
203. ## Allowed values are: false optional required required_trusted
204. ## You must specify a certificate file.
205. ##
206. s2s_use_starttls: optional
207.  
208. ##
209. ## s2s_certfile: Specify a certificate file.
210. ##
211. s2s_certfile: "/etc/ejabberd/ejabberd.pem"
212.  
213. ## Custom OpenSSL options
214. ##
215. s2s_protocol_options:
216. - "no_sslv3"
217. ## - "no_tlsv1"
218.  
219. ##
220. ## domain_certfile: Specify a different certificate for each served hostname.
221. ##
222. ## host_config:
223. ## "example.org":
224. ## domain_certfile: "/path/to/example_org.pem"
225. ## "example.com":
226. ## domain_certfile: "/path/to/example_com.pem"
227.  
228. ##
229. ## S2S whitelist or blacklist
230. ##
231. ## Default s2s policy for undefined hosts.
232. ##
233. ## s2s_access: s2s
234.  
235. ##
236. ## Outgoing S2S options
237. ##
238. ## Preferred address families (which to try first) and connect timeout
239. ## in milliseconds.
240. ##
241. ## outgoing_s2s_families:
242. ## - ipv4
243. ## - ipv6
244. ## outgoing_s2s_timeout: 10000
245.  
246. ###. ==============
247. ###' AUTHENTICATION
248.  
249. ##
250. ## auth_method: Method used to authenticate the users.
251. ## The default method is the internal.
252. ## If you want to use a different method,
253. ## comment this line and enable the correct ones.
254. ##
255. auth_method: internal
256.  
257. ##
258. ## Store the plain passwords or hashed for SCRAM:
259. ## auth_password_format: plain
260. auth_password_format: scram
261. ##
262. ## Define the FQDN if ejabberd doesn't detect it:
263. ## fqdn: "server3.example.com"
264.  
265. ##
266. ## Authentication using external script
267. ## Make sure the script is executable by ejabberd.
268. ##
269. ## auth_method: external
270. ## extauth_program: "/path/to/authentication/script"
271.  
272. ##
273. ## Authentication using SQL
274. ## Remember to setup a database in the next section.
275. ##
276. ## auth_method: sql
277.  
278. ##
279. ## Authentication using PAM
280. ##
281. ## auth_method: pam
282. ## pam_service: "pamservicename"
283.  
284. ##
285. ## Authentication using LDAP
286. ##
287. ## auth_method: ldap
288. ##
289. ## List of LDAP servers:
290. ## ldap_servers:
291. ## - "localhost"
292. ##
293. ## Encryption of connection to LDAP servers:
294. ## ldap_encrypt: none
295. ## ldap_encrypt: tls
296. ##
297. ## Port to connect to on LDAP servers:
298. ## ldap_port: 389
299. ## ldap_port: 636
300. ##
301. ## LDAP manager:
302. ## ldap_rootdn: "dc=example,dc=com"
303. ##
304. ## Password of LDAP manager:
305. ## ldap_password: "******"
306. ##
307. ## Search base of LDAP directory:
308. ## ldap_base: "dc=example,dc=com"
309. ##
310. ## LDAP attribute that holds user ID:
311. ## ldap_uids:
312. ## - "mail": "%u@mail.example.org"
313. ##
314. ## LDAP filter:
315. ## ldap_filter: "(objectClass=shadowAccount)"
316.  
317. ##
318. ## Anonymous login support:
319. ## auth_method: anonymous
320. ## anonymous_protocol: sasl_anon | login_anon | both
321. ## allow_multiple_connections: true | false
322. ##
323. ## host_config:
324. ## "public.example.org":
325. ## auth_method: anonymous
326. ## allow_multiple_connections: false
327. ## anonymous_protocol: sasl_anon
328. ##
329. ## To use both anonymous and internal authentication:
330. ##
331. ## host_config:
332. ## "public.example.org":
333. ## auth_method:
334. ## - internal
335. ## - anonymous
336.  
337. ###. ==============
338. ###' DATABASE SETUP
339.  
340. ## ejabberd by default uses the internal Mnesia database,
341. ## so you do not necessarily need this section.
342. ## This section provides configuration examples in case
343. ## you want to use other database backends.
344. ## Please consult the ejabberd Guide for details on database creation.
345.  
346. ##
347. ## MySQL server:
348. ##
349. ## sql_type: mysql
350. ## sql_server: "server"
351. ## sql_database: "database"
352. ## sql_username: "username"
353. ## sql_password: "password"
354. ##
355. ## If you want to specify the port:
356. ## sql_port: 1234
357.  
358. ##
359. ## PostgreSQL server:
360. ##
361. ## sql_type: pgsql
362. ## sql_server: "server"
363. ## sql_database: "database"
364. ## sql_username: "username"
365. ## sql_password: "password"
366. ##
367. ## If you want to specify the port:
368. ## sql_port: 1234
369. ##
370. ## If you use PostgreSQL, have a large database, and need a
371. ## faster but inexact replacement for "select count(*) from users"
372. ##
373. ## pgsql_users_number_estimate: true
374.  
375. ##
376. ## SQLite:
377. ##
378. ## sql_type: sqlite
379. ## sql_database: "/path/to/database.db"
380.  
381. ##
382. ## ODBC compatible or MSSQL server:
383. ##
384. ## sql_type: odbc
385. ## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
386.  
387. ##
388. ## Number of connections to open to the database for each virtual host
389. ##
390. ## sql_pool_size: 10
391.  
392. ##
393. ## Interval to make a dummy SQL request to keep the connections to the
394. ## database alive. Specify in seconds: for example 28800 means 8 hours
395. ##
396. ## sql_keepalive_interval: undefined
397.  
398. ###. ===============
399. ###' TRAFFIC SHAPERS
400.  
401. shaper:
402. ##
403. ## The "normal" shaper limits traffic speed to 1000 B/s
404. ##
405. normal: 1000
406.  
407. ##
408. ## The "fast" shaper limits traffic speed to 50000 B/s
409. ##
410. fast: 50000
411.  
412. ##
413. ## This option specifies the maximum number of elements in the queue
414. ## of the FSM. Refer to the documentation for details.
415. ##
416. max_fsm_queue: 1000
417.  
418. ###. ====================
419. ###' ACCESS CONTROL LISTS
420. acl:
421. ##
422. ## The 'admin' ACL grants administrative privileges to XMPP accounts.
423. ## You can put here as many accounts as you want.
424. ##
425. admin:
426. user:
427. - "@localhost"
428.  
429. ##
430. ## Blocked users
431. ##
432. ## blocked:
433. ## user:
434. ## - "baduser@example.org"
435. ## - "test"
436.  
437. ## Local users: don't modify this.
438. ##
439. local:
440. user_regexp: ""
441.  
442. ##
443. ## More examples of ACLs
444. ##
445. ## jabberorg:
446. ## server:
447. ## - "jabber.org"
448. ## aleksey:
449. ## user:
450. ## - "aleksey@jabber.ru"
451. ## test:
452. ## user_regexp: "^test"
453. ## user_glob: "test*"
454.  
455. ##
456. ## Loopback network
457. ##
458. loopback:
459. ip:
460. - "127.0.0.0/8"
461.  
462. ##
463. ## Bad XMPP servers
464. ##
465. ## bad_servers:
466. ## server:
467. ## - "xmpp.zombie.org"
468. ## - "xmpp.spam.com"
469.  
470. ##
471. ## Define specific ACLs in a virtual host.
472. ##
473. ## host_config:
474. ## "localhost":
475. ## acl:
476. ## admin:
477. ## user:
478. ## - "bob-local@localhost"
479.  
480. ###. ============
481. ###' SHAPER RULES
482.  
483. shaper_rules:
484. ## Maximum number of simultaneous sessions allowed for a single user:
485. max_user_sessions: 10
486. ## Maximum number of offline messages that users can have:
487. max_user_offline_messages:
488. - 5000: admin
489. - 100
490. ## For C2S connections, all users except admins use the "normal" shaper
491. c2s_shaper:
492. - none: admin
493. - normal
494. ## All S2S connections use the "fast" shaper
495. s2s_shaper: fast
496.  
497. ###. ============
498. ###' ACCESS RULES
499. access_rules:
500. ## This rule allows access only for local users:
501. local:
502. - allow: local
503. ## Only non-blocked users can use c2s connections:
504. c2s:
505. - deny: blocked
506. - allow
507. ## Only admins can send announcement messages:
508. announce:
509. - allow: admin
510. ## Only admins can use the configuration interface:
511. configure:
512. - allow: admin
513. ## Only accounts of the local ejabberd server can create rooms:
514. muc_create:
515. - allow: local
516. ## Only accounts on the local ejabberd server can create Pubsub nodes:
517. pubsub_createnode:
518. - allow: local
519. ## In-band registration allows registration of any possible username.
520. ## To disable in-band registration, replace 'allow' with 'deny'.
521. register:
522. - allow
523. ## Only allow to register from localhost
524. trusted_network:
525. - allow: loopback
526. ## Do not establish S2S connections with bad servers
527. ## s2s:
528. ## - deny:
529. ## - ip: "XXX.XXX.XXX.XXX/32"
530. ## - deny:
531. ## - ip: "XXX.XXX.XXX.XXX/32"
532. ## - allow
533.  
534. ## By default the frequency of account registrations from the same IP
535. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
536. ## registration_timeout: 600
537.  
538. ##
539. ## Define specific Access Rules in a virtual host.
540. ##
541. ## host_config:
542. ## "localhost":
543. ## access:
544. ## c2s:
545. ## - allow: admin
546. ## - deny
547. ## register:
548. ## - deny
549.  
550. ###. ================
551. ###' DEFAULT LANGUAGE
552.  
553. ##
554. ## language: Default language used for server messages.
555. ##
556. language: "en"
557.  
558. ##
559. ## Set a different default language in a virtual host.
560. ##
561. ## host_config:
562. ## "localhost":
563. ## language: "ru"
564.  
565. ###. =======
566. ###' CAPTCHA
567.  
568. ##
569. ## Full path to a script that generates the image.
570. ##
571. ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
572.  
573. ##
574. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
575. ##
576. ## captcha_host: "example.org:5280"
577.  
578. ##
579. ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
580. ##
581. ## captcha_limit: 5
582.  
583. ###. =======
584. ###' MODULES
585.  
586. ##
587. ## Modules enabled in all ejabberd virtual hosts.
588. ##
589. modules:
590. mod_adhoc: {}
591. mod_admin_extra: {}
592. mod_announce: # recommends mod_adhoc
593. access: announce
594. mod_blocking: {} # requires mod_privacy
595. mod_caps: {}
596. mod_carboncopy: {}
597. mod_client_state: {}
598. mod_configure: {} # requires mod_adhoc
599. ##mod_delegation: {} # for xep0356
600. mod_disco: {}
601. mod_echo: {}
602. mod_irc: {}
603. mod_http_bind: {}
604. ## mod_http_fileserver:
605. ## docroot: "/var/www"
606. ## accesslog: "/var/log/ejabberd/access.log"
607. mod_last: {}
608. mod_muc:
609. ## host: "conference.@HOST@"
610. access:
611. - allow
612. access_admin:
613. - allow: admin
614. access_create: muc_create
615. access_persistent: muc_create
616. ## mod_muc_log: {}
617. mod_muc_admin: {}
618. ## mod_multicast: {}
619. mod_offline:
620. access_max_user_messages: max_user_offline_messages
621. mod_ping: {}
622. ## mod_pres_counter:
623. ## count: 5
624. ## interval: 60
625. mod_privacy: {}
626. mod_private: {}
627. ## mod_proxy65: {}
628. mod_pubsub:
629. access_createnode: pubsub_createnode
630. ## reduces resource comsumption, but XEP incompliant
631. ignore_pep_from_offline: true
632. ## XEP compliant, but increases resource comsumption
633. ## ignore_pep_from_offline: false
634. last_item_cache: false
635. plugins:
636. - "flat"
637. - "hometree"
638. - "pep" # pep requires mod_caps
639. ## mod_register:
640. ##
641. ## Protect In-Band account registrations with CAPTCHA.
642. ##
643. ## captcha_protected: true
644. ##
645. ## Set the minimum informational entropy for passwords.
646. ##
647. ## password_strength: 32
648. ##
649. ## After successful registration, the user receives
650. ## a message with this subject and body.
651. ##
652. ## welcome_message:
653. ## subject: "Welcome!"
654. ## body: |-
655. ## Hi.
656. ## Welcome to this XMPP server.
657. ##
658. ## When a user registers, send a notification to
659. ## these XMPP accounts.
660. ##
661. ## registration_watchers:
662. ## - "admin1@example.org"
663. ##
664. ## Only clients in the server machine can register accounts
665. ##
666. ## ip_access: trusted_network
667. ##
668. ## Local c2s or remote s2s users cannot register accounts
669. ##
670. ## access_from: deny
671. ## access: register
672. mod_roster:
673. versioning: true
674. mod_shared_roster: {}
675. mod_stats: {}
676. mod_time: {}
677. mod_vcard:
678. search: false
679. mod_version: {}
680.  
681. ##
682. ## Enable modules with custom options in a specific virtual host
683. ##
684. ## host_config:
685. ## "localhost":
686. ## modules:
687. ## mod_echo:
688. ## host: "mirror.localhost"
689.  
690. ##
691. ## Enable modules management via ejabberdctl for installation and
692. ## uninstallation of public/private contributed modules
693. ## (enabled by default)
694. ##
695.  
696. allow_contrib_modules: true
697.  
698. ###.
699. ###'
700. ### Local Variables:
701. ### mode: yaml
702. ### End:
703. ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: