daily pastebin goal
69%
SHARE
TWEET

Untitled

a guest Jun 5th, 2017 536 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. user1@evergreen:~$ sudo cat /etc/ejabberd/ejabberd.yml
  2. ###
  3. ###'              ejabberd configuration file
  4. ###
  5. ###
  6.  
  7. ### The parameters used in this configuration file are explained in more detail
  8. ### in the ejabberd Installation and Operation Guide.
  9. ### Please consult the Guide in case of doubts, it is included with
  10. ### your copy of ejabberd, and is also available online at
  11. ### http://www.process-one.net/en/ejabberd/docs/
  12.  
  13. ### The configuration file is written in YAML.
  14. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  15. ### However, ejabberd treats different literals as different types:
  16. ###
  17. ### - unquoted or single-quoted strings. They are called "atoms".
  18. ###   Example: dog, 'Jupiter', '3.14159', YELLOW
  19. ###
  20. ### - numeric literals. Example: 3, -45.0, .0
  21. ###
  22. ### - quoted or folded strings.
  23. ###   Examples of quoted string: "Lizzard", "orange".
  24. ###   Example of folded string:
  25. ###   > Art thou not Romeo,
  26. ###     and a Montague?
  27.  
  28. ###.  =======
  29. ###'  LOGGING
  30.  
  31. ##
  32. ## loglevel: Verbosity of log files generated by ejabberd.
  33. ## 0: No ejabberd log at all (not recommended)
  34. ## 1: Critical
  35. ## 2: Error
  36. ## 3: Warning
  37. ## 4: Info
  38. ## 5: Debug
  39. ##
  40. loglevel: 4
  41.  
  42. ##
  43. ## rotation: Disable ejabberd's internal log rotation, as the Debian package
  44. ## uses logrotate(8).
  45. log_rotate_size: 0
  46. log_rotate_date: ""
  47.  
  48. ##
  49. ## overload protection: If you want to limit the number of messages per second
  50. ## allowed from error_logger, which is a good idea if you want to avoid a flood
  51. ## of messages when system is overloaded, you can set a limit.
  52. ## 100 is ejabberd's default.
  53. log_rate_limit: 100
  54.  
  55. ##
  56. ## watchdog_admins: Only useful for developers: if an ejabberd process
  57. ## consumes a lot of memory, send live notifications to these XMPP
  58. ## accounts.
  59. ##
  60. ## watchdog_admins:
  61. ##   - "bob@example.com"
  62.  
  63. ###.  ===============
  64. ###'  NODE PARAMETERS
  65.  
  66. ##
  67. ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
  68. ## identical value on all nodes, and in most cases shouldn't be changed at all from
  69. ## default value.
  70. ##
  71. ## net_ticktime: 60
  72.  
  73. ###.  ================
  74. ###'  SERVED HOSTNAMES
  75.  
  76. ##
  77. ## hosts: Domains served by ejabberd.
  78. ## You can define one or several, for example:
  79. ## hosts:
  80. ##   - "example.net"
  81. ##   - "example.com"
  82. ##   - "example.org"
  83. ##
  84. hosts:
  85.   - "localhost"
  86.   - "private.localhost"
  87.   - "public.localhost"
  88.  
  89. ##
  90. ## route_subdomains: Delegate subdomains to other XMPP servers.
  91. ## For example, if this ejabberd serves example.org and you want
  92. ## to allow communication with an XMPP server called im.example.org.
  93. ##
  94. ## route_subdomains: s2s
  95.  
  96. ###.  ===============
  97. ###'  LISTENING PORTS
  98.  
  99. ##
  100. ## listen: The ports ejabberd will listen on, which service each is handled
  101. ## by and what options to start it with.
  102. ##
  103. listen:
  104.   -
  105.     port: 5222
  106.     ip: "0.0.0.0"
  107.     module: ejabberd_c2s
  108.     ##
  109.     ## If TLS is compiled in and you installed a SSL
  110.     ## certificate, specify the full path to the
  111.     ## file and uncomment these lines:
  112.     ##
  113.     certfile: "/etc/ejabberd/ejabberd.pem"
  114.     starttls: true
  115.     ##
  116.     ## To enforce TLS encryption for client connections,
  117.     ## use this instead of the "starttls" option:
  118.     ##
  119.     ## starttls_required: true
  120.     ##
  121.     ## Custom OpenSSL options
  122.     ##
  123.     protocol_options:
  124.       - "no_sslv3"
  125.     ##   - "no_tlsv1"
  126.     max_stanza_size: 65536
  127.     shaper: c2s_shaper
  128.     access: c2s
  129.     zlib: true
  130.     resend_on_timeout: if_offline
  131.   -
  132.     port: 5269
  133.     ip: "::"
  134.     module: ejabberd_s2s_in
  135.   ##
  136.   ## ejabberd_service: Interact with external components (transports, ...)
  137.   ##
  138.   ## -
  139.   ##   port: 8888
  140.   ##   module: ejabberd_service
  141.   ##   access: all
  142.   ##   shaper_rule: fast
  143.   ##   ip: "127.0.0.1"
  144.   ##   hosts:
  145.   ##     "icq.example.org":
  146.   ##       password: "secret"
  147.   ##     "sms.example.org":
  148.   ##       password: "secret"
  149.  
  150.   ##
  151.   ## ejabberd_stun: Handles STUN Binding requests
  152.   ##
  153.   ## -
  154.   ##   port: 3478
  155.   ##   transport: udp
  156.   ##   module: ejabberd_stun
  157.  
  158.   ##
  159.   ## To handle XML-RPC requests that provide admin credentials:
  160.   ##
  161.   ## -
  162.   ##   port: 4560
  163.   ##   module: ejabberd_xmlrpc
  164.   ##   access_commands: {}
  165.   -
  166.     port: 5280
  167.     ip: "::"
  168.     module: ejabberd_http
  169.     request_handlers:
  170.       "/websocket": ejabberd_http_ws
  171.     ##  "/pub/archive": mod_http_fileserver
  172.     web_admin: true
  173.     http_bind: true
  174.     ## register: true
  175.     captcha: true
  176.     tls: true
  177.     certfile: "/etc/ejabberd/ejabberd.pem"
  178.  
  179. ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
  180. ## password storage (see auth_password_format option).
  181. disable_sasl_mechanisms: "digest-md5"
  182.  
  183. ###.  ==================
  184. ###'  S2S GLOBAL OPTIONS
  185.  
  186. ##
  187. ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
  188. ## Allowed values are: false optional required required_trusted
  189. ## You must specify a certificate file.
  190. ##
  191. s2s_use_starttls: optional
  192.  
  193. ##
  194. ## s2s_certfile: Specify a certificate file.
  195. ##
  196. s2s_certfile: "/etc/ejabberd/ejabberd.pem"
  197.  
  198. ## Custom OpenSSL options
  199. ##
  200. s2s_protocol_options:
  201.   - "no_sslv3"
  202. ##   - "no_tlsv1"
  203.  
  204. ##
  205. ## domain_certfile: Specify a different certificate for each served hostname.
  206. ##
  207. ## host_config:
  208. ##   "example.org":
  209. ##     domain_certfile: "/path/to/example_org.pem"
  210. ##   "example.com":
  211. ##     domain_certfile: "/path/to/example_com.pem"
  212.  
  213. ##
  214. ## S2S whitelist or blacklist
  215. ##
  216. ## Default s2s policy for undefined hosts.
  217. ##
  218. ## s2s_access: s2s
  219.  
  220. ##
  221. ## Outgoing S2S options
  222. ##
  223. ## Preferred address families (which to try first) and connect timeout
  224. ## in milliseconds.
  225. ##
  226. ## outgoing_s2s_families:
  227. ##   - ipv4
  228. ##   - ipv6
  229. ## outgoing_s2s_timeout: 10000
  230.  
  231. ###.  ==============
  232. ###'  AUTHENTICATION
  233.  
  234. ##
  235. ## auth_method: Method used to authenticate the users.
  236. ## The default method is the internal.
  237. ## If you want to use a different method,
  238. ## comment this line and enable the correct ones.
  239. ##
  240. auth_method: internal
  241.  
  242. ##
  243. ## Store the plain passwords or hashed for SCRAM:
  244. ## auth_password_format: plain
  245. auth_password_format: plain
  246. ##
  247. ## Define the FQDN if ejabberd doesn't detect it:
  248. ## fqdn: "server3.example.com"
  249.  
  250. ##
  251. ## Authentication using external script
  252. ## Make sure the script is executable by ejabberd.
  253. ##
  254. ## auth_method: external
  255. ## extauth_program: "/path/to/authentication/script"
  256.  
  257. ##
  258. ## Authentication using ODBC
  259. ## Remember to setup a database in the next section.
  260. ##
  261. ## auth_method: odbc
  262.  
  263. ##
  264. ## Authentication using PAM
  265. ##
  266. ## auth_method: pam
  267. ## pam_service: "pamservicename"
  268.  
  269. ##
  270. ## Authentication using LDAP
  271. ##
  272. ## auth_method: ldap
  273. ##
  274. ## List of LDAP servers:
  275. ## ldap_servers:
  276. ##   - "localhost"
  277. ##
  278. ## Encryption of connection to LDAP servers:
  279. ## ldap_encrypt: none
  280. ## ldap_encrypt: tls
  281. ##
  282. ## Port to connect to on LDAP servers:
  283. ## ldap_port: 389
  284. ## ldap_port: 636
  285. ##
  286. ## LDAP manager:
  287. ## ldap_rootdn: "dc=example,dc=com"
  288. ##
  289. ## Password of LDAP manager:
  290. ## ldap_password: "******"
  291. ##
  292. ## Search base of LDAP directory:
  293. ## ldap_base: "dc=example,dc=com"
  294. ##
  295. ## LDAP attribute that holds user ID:
  296. ## ldap_uids:
  297. ##   - "mail": "%u@mail.example.org"
  298. ##
  299. ## LDAP filter:
  300. ## ldap_filter: "(objectClass=shadowAccount)"
  301.  
  302. ##
  303. ## Anonymous login support:
  304. ##   auth_method: anonymous
  305. ##   anonymous_protocol: sasl_anon | login_anon | both
  306. ##   allow_multiple_connections: true | false
  307. ##
  308. ## host_config:
  309. ##   "public.example.org":
  310. ##     auth_method: anonymous
  311. ##     allow_multiple_connections: false
  312. ##     anonymous_protocol: sasl_anon
  313. ##
  314. ## To use both anonymous and internal authentication:
  315. ##
  316. ## host_config:
  317. ##   "public.example.org":
  318. ##     auth_method:
  319. ##       - internal
  320. ##       - anonymous
  321.  
  322. ###.  ==============
  323. ###'  DATABASE SETUP
  324.  
  325. ## ejabberd by default uses the internal Mnesia database,
  326. ## so you do not necessarily need this section.
  327. ## This section provides configuration examples in case
  328. ## you want to use other database backends.
  329. ## Please consult the ejabberd Guide for details on database creation.
  330.  
  331. ##
  332. ## MySQL server:
  333. ##
  334. ## odbc_type: mysql
  335. ## odbc_server: "server"
  336. ## odbc_database: "database"
  337. ## odbc_username: "username"
  338. ## odbc_password: "password"
  339. ##
  340. ## If you want to specify the port:
  341. ## odbc_port: 1234
  342.  
  343. ##
  344. ## PostgreSQL server:
  345. ##
  346. ## odbc_type: pgsql
  347. ## odbc_server: "server"
  348. ## odbc_database: "database"
  349. ## odbc_username: "username"
  350. ## odbc_password: "password"
  351. ##
  352. ## If you want to specify the port:
  353. ## odbc_port: 1234
  354. ##
  355. ## If you use PostgreSQL, have a large database, and need a
  356. ## faster but inexact replacement for "select count(*) from users"
  357. ##
  358. ## pgsql_users_number_estimate: true
  359.  
  360. ##
  361. ## SQLite:
  362. ##
  363. ## odbc_type: sqlite
  364. ## odbc_database: "/path/to/database.db"
  365.  
  366. ##
  367. ## ODBC compatible or MSSQL server:
  368. ##
  369. ## odbc_type: odbc
  370. ## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
  371.  
  372. ##
  373. ## Number of connections to open to the database for each virtual host
  374. ##
  375. ## odbc_pool_size: 10
  376.  
  377. ##
  378. ## Interval to make a dummy SQL request to keep the connections to the
  379. ## database alive. Specify in seconds: for example 28800 means 8 hours
  380. ##
  381. ## odbc_keepalive_interval: undefined
  382.  
  383. ###.  ===============
  384. ###'  TRAFFIC SHAPERS
  385.  
  386. shaper:
  387.   ##
  388.   ## The "normal" shaper limits traffic speed to 1000 B/s
  389.   ##
  390.   normal: 500000
  391.  
  392.   ##
  393.   ## The "fast" shaper limits traffic speed to 50000 B/s
  394.   ##
  395.   fast: 500000
  396.  
  397. ##
  398. ## This option specifies the maximum number of elements in the queue
  399. ## of the FSM. Refer to the documentation for details.
  400. ##
  401. max_fsm_queue: 1000
  402.  
  403. ###.   ====================
  404. ###'   ACCESS CONTROL LISTS
  405. acl:
  406.   ##
  407.   ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  408.   ## You can put here as many accounts as you want.
  409.   ##
  410.   admin:
  411.      user:
  412.          - "": "localhost"
  413.  
  414.   ##
  415.   ## Blocked users
  416.   ##
  417.   ## blocked:
  418.   ##   user:
  419.   ##     - "baduser": "example.org"
  420.   ##     - "test"
  421.  
  422.   ## Local users: don't modify this.
  423.   ##
  424.   local:
  425.     user_regexp: ""
  426.  
  427.   ##
  428.   ## More examples of ACLs
  429.   ##
  430.   ## jabberorg:
  431.   ##   server:
  432.   ##     - "jabber.org"
  433.   ## aleksey:
  434.   ##   user:
  435.   ##     - "aleksey": "jabber.ru"
  436.   ## test:
  437.   ##   user_regexp: "^test"
  438.   ##   user_glob: "test*"
  439.  
  440.   ##
  441.   ## Loopback network
  442.   ##
  443.   loopback:
  444.     ip:
  445.       - "127.0.0.0/8"
  446.  
  447.   ##
  448.   ## Bad XMPP servers
  449.   ##
  450.   ## bad_servers:
  451.   ##   server:
  452.   ##     - "xmpp.zombie.org"
  453.   ##     - "xmpp.spam.com"
  454.  
  455. ##
  456. ## Define specific ACLs in a virtual host.
  457. ##
  458. ## host_config:
  459. ##   "localhost":
  460. ##     acl:
  461. ##       admin:
  462. ##         user:
  463. ##           - "bob-local": "localhost"
  464.  
  465. ###.  ============
  466. ###'  ACCESS RULES
  467. access:
  468.   ## Maximum number of simultaneous sessions allowed for a single user:
  469.   max_user_sessions:
  470.     all: 10
  471.   ## Maximum number of offline messages that users can have:
  472.   max_user_offline_messages:
  473.     admin: 5000
  474.     all: 10000
  475.   ## This rule allows access only for local users:
  476.   local:
  477.     local: allow
  478.   ## Only non-blocked users can use c2s connections:
  479.   c2s:
  480.     blocked: deny
  481.     all: allow
  482.   ## For C2S connections, all users except admins use the "normal" shaper
  483.   c2s_shaper:
  484.     admin: none
  485.     all: normal
  486.   ## All S2S connections use the "fast" shaper
  487.   s2s_shaper:
  488.     all: fast
  489.   ## Only admins can send announcement messages:
  490.   announce:
  491.     admin: allow
  492.   ## Only admins can use the configuration interface:
  493.   configure:
  494.     admin: allow
  495.   ## Admins of this server are also admins of the MUC service:
  496.   muc_admin:
  497.     admin: allow
  498.   ## Only accounts of the local ejabberd server can create rooms:
  499.   muc_create:
  500.     local: allow
  501.   ## All users are allowed to use the MUC service:
  502.   muc:
  503.     all: allow
  504.   ## Only accounts on the local ejabberd server can create Pubsub nodes:
  505.   pubsub_createnode:
  506.     local: allow
  507.   ## In-band registration allows registration of any possible username.
  508.   ## To disable in-band registration, replace 'allow' with 'deny'.
  509.   register:
  510.     all: allow
  511.   ## Only allow to register from localhost
  512.   trusted_network:
  513.     loopback: allow
  514.   ## Do not establish S2S connections with bad servers
  515.   ## s2s:
  516.   ##   bad_servers: deny
  517.   ##   all: allow
  518.  
  519. ## By default the frequency of account registrations from the same IP
  520. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
  521. ## registration_timeout: 600
  522.  
  523. ##
  524. ## Define specific Access Rules in a virtual host.
  525. ##
  526. ## host_config:
  527. ##   "localhost":
  528. ##     access:
  529. ##       c2s:
  530. ##         admin: allow
  531. ##         all: deny
  532. ##       register:
  533. ##         all: deny
  534.  
  535. ###.  ================
  536. ###'  DEFAULT LANGUAGE
  537.  
  538. ##
  539. ## language: Default language used for server messages.
  540. ##
  541. language: "en"
  542.  
  543. ##
  544. ## Set a different default language in a virtual host.
  545. ##
  546. ## host_config:
  547. ##   "localhost":
  548. ##     language: "ru"
  549.  
  550. ###.  =======
  551. ###'  CAPTCHA
  552.  
  553. ##
  554. ## Full path to a script that generates the image.
  555. ##
  556. ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
  557.  
  558. ##
  559. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
  560. ##
  561. ## captcha_host: "example.org:5280"
  562.  
  563. ##
  564. ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
  565. ##
  566. ## captcha_limit: 5
  567.  
  568. ###.  =======
  569. ###'  MODULES
  570.  
  571. ##
  572. ## Modules enabled in all ejabberd virtual hosts.
  573. ##
  574. modules:
  575.   mod_adhoc: {}
  576.   mod_admin_extra: {}
  577.   mod_announce: # recommends mod_adhoc
  578.     access: announce
  579.   mod_blocking: {} # requires mod_privacy
  580.   mod_caps: {}
  581.   mod_carboncopy: {}
  582.   mod_client_state: {}
  583.   mod_configure: {} # requires mod_adhoc
  584.   mod_disco: {}
  585.   mod_echo: {}
  586.   mod_irc: {}
  587.   mod_http_bind: {}
  588.   ## mod_http_fileserver:
  589.   ##   docroot: "/var/www"
  590.   ##   accesslog: "/var/log/ejabberd/access.log"
  591.   mod_last: {}
  592.   mod_muc:
  593.     ## host: "conference.@HOST@"
  594.     access: muc
  595.     access_create: muc_create
  596.     access_persistent: muc_create
  597.     access_admin: muc_admin
  598.   ## mod_muc_log: {}
  599.   mod_muc_admin: {}
  600.   ## mod_multicast: {}
  601.   ##mod_offline:
  602.     ##access_max_user_messages: max_user_offline_messages
  603.   mod_ping: {}
  604.   ## mod_pres_counter:
  605.   ##   count: 5
  606.   ##   interval: 60
  607.   mod_privacy: {}
  608.   mod_private: {}
  609.   ## mod_proxy65: {}
  610.   mod_pubsub:
  611.     access_createnode: pubsub_createnode
  612.     ## reduces resource comsumption, but XEP incompliant
  613.     ignore_pep_from_offline: true
  614.     ## XEP compliant, but increases resource comsumption
  615.     ## ignore_pep_from_offline: false
  616.     last_item_cache: false
  617.     plugins:
  618.       - "flat"
  619.       - "hometree"
  620.       - "pep" # pep requires mod_caps
  621.   mod_register:
  622.     ##
  623.     ## Protect In-Band account registrations with CAPTCHA.
  624.     ##
  625.     ## captcha_protected: true
  626.  
  627.     ##
  628.     ## Set the minimum informational entropy for passwords.
  629.     ##
  630.     ## password_strength: 32
  631.  
  632.     ##
  633.     ## After successful registration, the user receives
  634.     ## a message with this subject and body.
  635.     ##
  636.     welcome_message:
  637.       subject: "Welcome!"
  638.       body: |-
  639.         Hi.
  640.         Welcome to this XMPP server.
  641.  
  642.     ##
  643.     ## When a user registers, send a notification to
  644.     ## these XMPP accounts.
  645.     ##
  646.     ## registration_watchers:
  647.     ##   - "admin1@example.org"
  648.  
  649.     ##
  650.     ## Only clients in the server machine can register accounts
  651.     ##
  652.     ip_access: trusted_network
  653.  
  654.     ##
  655.     ## Local c2s or remote s2s users cannot register accounts
  656.     ##
  657.     ## access_from: deny
  658.  
  659.     access: register
  660.   mod_roster: {}
  661.   mod_shared_roster: {}
  662.   mod_stats: {}
  663.   mod_time: {}
  664.   mod_vcard:
  665.     search: false
  666.   mod_version: {}
  667.  
  668. ##
  669. ## Enable modules with custom options in a specific virtual host
  670. ##
  671. ## host_config:
  672. ##   "localhost":
  673. ##     modules:
  674. ##       mod_echo:
  675. ##         host: "mirror.localhost"
  676.  
  677. ##
  678. ## Enable modules management via ejabberdctl for installation and
  679. ## uninstallation of public/private contributed modules
  680. ## (enabled by default)
  681. ##
  682.  
  683. allow_contrib_modules: true
  684.  
  685. ###.
  686. ###'
  687. ### Local Variables:
  688. ### mode: yaml
  689. ### End:
  690. ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top