SHARE
TWEET

root

a guest Apr 21st, 2017 57 in 22 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ###
  2. ###'              ejabberd configuration file
  3. ###
  4. ###
  5.  
  6. ### The parameters used in this configuration file are explained in more detail
  7. ### in the ejabberd Installation and Operation Guide.
  8. ### Please consult the Guide in case of doubts, it is included with
  9. ### your copy of ejabberd, and is also available online at
  10. ### http://www.process-one.net/en/ejabberd/docs/
  11.  
  12. ### The configuration file is written in YAML.
  13. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  14. ### However, ejabberd treats different literals as different types:
  15. ###
  16. ### - unquoted or single-quoted strings. They are called "atoms".
  17. ###   Example: dog, 'Jupiter', '3.14159', YELLOW
  18. ###
  19. ### - numeric literals. Example: 3, -45.0, .0
  20. ###
  21. ### - quoted or folded strings.
  22. ###   Examples of quoted string: "Lizzard", "orange".
  23. ###   Example of folded string:
  24. ###   > Art thou not Romeo,
  25. ###     and a Montague?
  26.  
  27. ###.  =======
  28. ###'  LOGGING
  29.  
  30. ##
  31. ## loglevel: Verbosity of log files generated by ejabberd.
  32. ## 0: No ejabberd log at all (not recommended)
  33. ## 1: Critical
  34. ## 2: Error
  35. ## 3: Warning
  36. ## 4: Info
  37. ## 5: Debug
  38. ##
  39. loglevel: 5
  40.  
  41. ##
  42. ## rotation: Disable ejabberd's internal log rotation, as the Debian package
  43. ## uses logrotate(8).
  44. log_rotate_size: 0
  45. log_rotate_date: ""
  46.  
  47. ##
  48. ## overload protection: If you want to limit the number of messages per second
  49. ## allowed from error_logger, which is a good idea if you want to avoid a flood
  50. ## of messages when system is overloaded, you can set a limit.
  51. ## 100 is ejabberd's default.
  52. log_rate_limit: 100
  53.  
  54. ##
  55. ## watchdog_admins: Only useful for developers: if an ejabberd process
  56. ## consumes a lot of memory, send live notifications to these XMPP
  57. ## accounts.
  58. ##
  59. ## watchdog_admins:
  60. ##   - "bob@example.com"
  61.  
  62. ###.  ===============
  63. ###'  NODE PARAMETERS
  64.  
  65. ##
  66. ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
  67. ## identical value on all nodes, and in most cases shouldn't be changed at all from
  68. ## default value.
  69. ##
  70. ## net_ticktime: 60
  71.  
  72. ###.  ================
  73. ###'  SERVED HOSTNAMES
  74.  
  75. ##
  76. ## hosts: Domains served by ejabberd.
  77. ## You can define one or several, for example:
  78. ## hosts:
  79. ##   - "example.net"
  80. ##   - "example.com"
  81. ##   - "example.org"
  82. ##
  83. hosts:
  84.   - "localhost"
  85.   - "lnxdev1.intern"
  86.  
  87. ##
  88. ## route_subdomains: Delegate subdomains to other XMPP servers.
  89. ## For example, if this ejabberd serves example.org and you want
  90. ## to allow communication with an XMPP server called im.example.org.
  91. ##
  92. ## route_subdomains: s2s
  93.  
  94. ###.  ===============
  95. ###'  LISTENING PORTS
  96.  
  97. ##
  98. ## listen: The ports ejabberd will listen on, which service each is handled
  99. ## by and what options to start it with.
  100. ##
  101. listen:
  102.   -
  103.     port: 5222
  104.     ip: "::"
  105.     module: ejabberd_c2s
  106.     ##
  107.     ## If TLS is compiled in and you installed a SSL
  108.     ## certificate, specify the full path to the
  109.     ## file and uncomment these lines:
  110.     ##
  111.     certfile: "/etc/ejabberd/ejabberd.pem"
  112.     starttls: true
  113.     ##
  114.     ## To enforce TLS encryption for client connections,
  115.     ## use this instead of the "starttls" option:
  116.     ##
  117.     ## starttls_required: true
  118.     ##
  119.     ## Custom OpenSSL options
  120.     ##
  121.     protocol_options:
  122.       - "no_sslv3"
  123.     ##   - "no_tlsv1"
  124.     max_stanza_size: 65536
  125.     shaper: c2s_shaper
  126.     access: c2s
  127.     zlib: true
  128.     resend_on_timeout: if_offline
  129.     ## -
  130.     ## port: 5269
  131.     ## ip: "::"
  132.     ## module: ejabberd_s2s_in
  133.   ##
  134.   ## ejabberd_service: Interact with external components (transports, ...)
  135.   ##
  136.   ## -
  137.   ##   port: 8888
  138.   ##   module: ejabberd_service
  139.   ##   access: all
  140.   ##   shaper_rule: fast
  141.   ##   ip: "127.0.0.1"
  142.   ##   privilege_access:
  143.   ##      roster: "both"
  144.   ##      message: "outgoing"
  145.   ##      presence: "roster"
  146.   ##   delegations:
  147.   ##      "urn:xmpp:mam:1":
  148.   ##        filtering: ["node"]
  149.   ##      "http://jabber.org/protocol/pubsub":
  150.   ##        filtering: []
  151.   ##   hosts:
  152.   ##     "icq.example.org":
  153.   ##       password: "secret"
  154.   ##     "sms.example.org":
  155.   ##       password: "secret"
  156.  
  157.   ##
  158.   ## ejabberd_stun: Handles STUN Binding requests
  159.   ##
  160.   ## -
  161.   ##   port: 3478
  162.   ##   transport: udp
  163.   ##   module: ejabberd_stun
  164.  
  165.   ##
  166.   ## To handle XML-RPC requests that provide admin credentials:
  167.   ##
  168.   ## -
  169.   ##   port: 4560
  170.   ##   module: ejabberd_xmlrpc
  171.   ##   access_commands: {}
  172.   -
  173.     port: 5280
  174.     ip: "::"
  175.     module: ejabberd_http
  176.     request_handlers:
  177.       "/websocket": ejabberd_http_ws
  178.     ##  "/pub/archive": mod_http_fileserver
  179.     web_admin: true
  180.     http_bind: true
  181.     ## register: true
  182.     ## captcha: true
  183.     tls: true
  184.     certfile: "/etc/ejabberd/ejabberd.pem"
  185.   -
  186.       port: 5281
  187.       module: ejabberd_http
  188.       register: true
  189.       certfile: "/etc/ejabberd/ejabberd.pem"
  190.       tls: true
  191.   -
  192.       port: 5443
  193.       module: ejabberd_http
  194.       certfile: "/etc/ejabberd/ejabberd.pem"
  195.       tls: true
  196.       request_handlers:
  197.               "upload": mod_http_upload
  198. ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
  199. ## password storage (see auth_password_format option).
  200. disable_sasl_mechanisms: "digest-md5"
  201.  
  202. ###.  ==================
  203. ###'  S2S GLOBAL OPTIONS
  204.  
  205. ##
  206. ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
  207. ## Allowed values are: false optional required required_trusted
  208. ## You must specify a certificate file.
  209. ##
  210. s2s_use_starttls: optional
  211.  
  212. ##
  213. ## s2s_certfile: Specify a certificate file.
  214. ##
  215. s2s_certfile: "/etc/ejabberd/ejabberd.pem"
  216.  
  217. ## Custom OpenSSL options
  218. ##
  219. s2s_protocol_options:
  220.   - "no_sslv3"
  221. ##   - "no_tlsv1"
  222.  
  223. ##
  224. ## domain_certfile: Specify a different certificate for each served hostname.
  225. ##
  226. ## host_config:
  227. ##   "example.org":
  228. ##     domain_certfile: "/path/to/example_org.pem"
  229. ##   "example.com":
  230. ##     domain_certfile: "/path/to/example_com.pem"
  231.  
  232. ##
  233. ## S2S whitelist or blacklist
  234. ##
  235. ## Default s2s policy for undefined hosts.
  236. ##
  237. ## s2s_access: s2s
  238.  
  239. ##
  240. ## Outgoing S2S options
  241. ##
  242. ## Preferred address families (which to try first) and connect timeout
  243. ## in milliseconds.
  244. ##
  245. ## outgoing_s2s_families:
  246. ##   - ipv4
  247. ##   - ipv6
  248. ## outgoing_s2s_timeout: 10000
  249.  
  250. ###.  ==============
  251. ###'  AUTHENTICATION
  252.  
  253. ##
  254. ## auth_method: Method used to authenticate the users.
  255. ## The default method is the internal.
  256. ## If you want to use a different method,
  257. ## comment this line and enable the correct ones.
  258. ##
  259. auth_method: internal
  260.  
  261. ##
  262. ## Store the plain passwords or hashed for SCRAM:
  263. ## auth_password_format: plain
  264. auth_password_format: scram
  265. ##
  266. ## Define the FQDN if ejabberd doesn't detect it:
  267. ## fqdn: "server3.example.com"
  268.  
  269. ##
  270. ## Authentication using external script
  271. ## Make sure the script is executable by ejabberd.
  272. ##
  273. ## auth_method: external
  274. ## extauth_program: "/path/to/authentication/script"
  275.  
  276. ##
  277. ## Authentication using SQL
  278. ## Remember to setup a database in the next section.
  279. ##
  280. ## auth_method: sql
  281.  
  282. ##
  283. ## Authentication using PAM
  284. ##
  285. ## auth_method: pam
  286. ## pam_service: "pamservicename"
  287.  
  288. ##
  289. ## Authentication using LDAP
  290. ##
  291. ## auth_method: ldap
  292. ##
  293. ## List of LDAP servers:
  294. ## ldap_servers:
  295. ##   - "localhost"
  296. ##
  297. ## Encryption of connection to LDAP servers:
  298. ## ldap_encrypt: none
  299. ## ldap_encrypt: tls
  300. ##
  301. ## Port to connect to on LDAP servers:
  302. ## ldap_port: 389
  303. ## ldap_port: 636
  304. ##
  305. ## LDAP manager:
  306. ## ldap_rootdn: "dc=example,dc=com"
  307. ##
  308. ## Password of LDAP manager:
  309. ## ldap_password: "******"
  310. ##
  311. ## Search base of LDAP directory:
  312. ## ldap_base: "dc=example,dc=com"
  313. ##
  314. ## LDAP attribute that holds user ID:
  315. ## ldap_uids:
  316. ##   - "mail": "%u@mail.example.org"
  317. ##
  318. ## LDAP filter:
  319. ## ldap_filter: "(objectClass=shadowAccount)"
  320.  
  321. ##
  322. ## Anonymous login support:
  323. ##   auth_method: anonymous
  324. ##   anonymous_protocol: sasl_anon | login_anon | both
  325. ##   allow_multiple_connections: true | false
  326. ##
  327. ## host_config:
  328. ##   "public.example.org":
  329. ##     auth_method: anonymous
  330. ##     allow_multiple_connections: false
  331. ##     anonymous_protocol: sasl_anon
  332. ##
  333. ## To use both anonymous and internal authentication:
  334. ##
  335. ## host_config:
  336. ##   "public.example.org":
  337. ##     auth_method:
  338. ##       - internal
  339. ##       - anonymous
  340.  
  341. ###.  ==============
  342. ###'  DATABASE SETUP
  343.  
  344. ## ejabberd by default uses the internal Mnesia database,
  345. ## so you do not necessarily need this section.
  346. ## This section provides configuration examples in case
  347. ## you want to use other database backends.
  348. ## Please consult the ejabberd Guide for details on database creation.
  349.  
  350. ##
  351. ## MySQL server:
  352. ##
  353. ## sql_type: mysql
  354. ## sql_server: "server"
  355. ## sql_database: "database"
  356. ## sql_username: "username"
  357. ## sql_password: "password"
  358. ##
  359. ## If you want to specify the port:
  360. ## sql_port: 1234
  361.  
  362. ##
  363. ## PostgreSQL server:
  364. ##
  365. ## sql_type: pgsql
  366. ## sql_server: "server"
  367. ## sql_database: "database"
  368. ## sql_username: "username"
  369. ## sql_password: "password"
  370. ##
  371. ## If you want to specify the port:
  372. ## sql_port: 1234
  373. ##
  374. ## If you use PostgreSQL, have a large database, and need a
  375. ## faster but inexact replacement for "select count(*) from users"
  376. ##
  377. ## pgsql_users_number_estimate: true
  378.  
  379. ##
  380. ## SQLite:
  381. ##
  382. ## sql_type: sqlite
  383. ## sql_database: "/path/to/database.db"
  384.  
  385. ##
  386. ## ODBC compatible or MSSQL server:
  387. ##
  388. ## sql_type: odbc
  389. ## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
  390.  
  391. ##
  392. ## Number of connections to open to the database for each virtual host
  393. ##
  394. ## sql_pool_size: 10
  395.  
  396. ##
  397. ## Interval to make a dummy SQL request to keep the connections to the
  398. ## database alive. Specify in seconds: for example 28800 means 8 hours
  399. ##
  400. ## sql_keepalive_interval: undefined
  401.  
  402. ###.  ===============
  403. ###'  TRAFFIC SHAPERS
  404.  
  405. shaper:
  406.   ##
  407.   ## The "normal" shaper limits traffic speed to 1000 B/s
  408.   ##
  409.   normal: 1000
  410.  
  411.   ##
  412.   ## The "fast" shaper limits traffic speed to 50000 B/s
  413.   ##
  414.   fast: 50000
  415.  
  416. ##
  417. ## This option specifies the maximum number of elements in the queue
  418. ## of the FSM. Refer to the documentation for details.
  419. ##
  420. max_fsm_queue: 1000
  421.  
  422. ###.   ====================
  423. ###'   ACCESS CONTROL LISTS
  424. acl:
  425.   ##
  426.   ## The 'admin' ACL grants administrative privileges to XMPP accounts.
  427.   ## You can put here as many accounts as you want.
  428.   ##
  429.   admin:
  430.      user:
  431.        - "@localhost"
  432.        - "admin@lnxdev1.intern"
  433.  
  434.   ##
  435.   ## Blocked users
  436.   ##
  437.   ## blocked:
  438.   ##   user:
  439.   ##     - "baduser@example.org"
  440.   ##     - "test"
  441.  
  442.   ## Local users: don't modify this.
  443.   ##
  444.   local:
  445.     user_regexp: ""
  446.  
  447.   ##
  448.   ## More examples of ACLs
  449.   ##
  450.   ## jabberorg:
  451.   ##   server:
  452.   ##     - "jabber.org"
  453.   ## aleksey:
  454.   ##   user:
  455.   ##     - "aleksey@jabber.ru"
  456.   ## test:
  457.   ##   user_regexp: "^test"
  458.   ##   user_glob: "test*"
  459.  
  460.   ##
  461.   ## Loopback network
  462.   ##
  463.   loopback:
  464.     ip:
  465.       - "127.0.0.0/8"
  466.  
  467.   ##
  468.   ## Bad XMPP servers
  469.   ##
  470.   ## bad_servers:
  471.   ##   server:
  472.   ##     - "xmpp.zombie.org"
  473.   ##     - "xmpp.spam.com"
  474.  
  475. ##
  476. ## Define specific ACLs in a virtual host.
  477. ##
  478. ## host_config:
  479. ##   "localhost":
  480. ##     acl:
  481. ##       admin:
  482. ##         user:
  483. ##           - "bob-local@localhost"
  484.  
  485. ###.  ============
  486. ###'  SHAPER RULES
  487.  
  488. shaper_rules:
  489.   ## Maximum number of simultaneous sessions allowed for a single user:
  490.   max_user_sessions: 10
  491.   ## Maximum number of offline messages that users can have:
  492.   max_user_offline_messages:
  493.     - 5000: admin
  494.     - 100
  495.   ## For C2S connections, all users except admins use the "normal" shaper
  496.   c2s_shaper:
  497.     - none: admin
  498.     - normal
  499.   ## All S2S connections use the "fast" shaper
  500.   s2s_shaper: fast
  501.  
  502. ###.  ============
  503. ###'  ACCESS RULES
  504. access_rules:
  505.   ## This rule allows access only for local users:
  506.   local:
  507.     - allow: local
  508.   ## Only non-blocked users can use c2s connections:
  509.   c2s:
  510.     - deny: blocked
  511.     - allow
  512.   ## Only admins can send announcement messages:
  513.   announce:
  514.     - allow: admin
  515.   ## Only admins can use the configuration interface:
  516.   configure:
  517.     - allow: admin
  518.   ## Only accounts of the local ejabberd server can create rooms:
  519.   muc_create:
  520.     - allow: local
  521.   ## Only accounts on the local ejabberd server can create Pubsub nodes:
  522.   pubsub_createnode:
  523.     - allow: local
  524.   ## In-band registration allows registration of any possible username.
  525.   ## To disable in-band registration, replace 'allow' with 'deny'.
  526.   register:
  527.     - allow
  528.   ## Only allow to register from localhost
  529.   trusted_network:
  530.     - allow: loopback
  531.   ## Do not establish S2S connections with bad servers
  532.   ## s2s:
  533.   ##   - deny:
  534.   ##     - ip: "XXX.XXX.XXX.XXX/32"
  535.   ##   - deny:
  536.   ##     - ip: "XXX.XXX.XXX.XXX/32"
  537.   ##   - allow
  538.  
  539. ## By default the frequency of account registrations from the same IP
  540. ## is limited to 1 account every 10 minutes. To disable, specify: infinity
  541. ## registration_timeout: 600
  542.  
  543. ##
  544. ## Define specific Access Rules in a virtual host.
  545. ##
  546. ## host_config:
  547. ##   "localhost":
  548. ##     access:
  549. ##       c2s:
  550. ##         - allow: admin
  551. ##         - deny
  552. ##       register:
  553. ##         - deny
  554.  
  555. ###.  ================
  556. ###'  DEFAULT LANGUAGE
  557.  
  558. ##
  559. ## language: Default language used for server messages.
  560. ##
  561. language: "en"
  562.  
  563. ##
  564. ## Set a different default language in a virtual host.
  565. ##
  566. ## host_config:
  567. ##   "localhost":
  568. ##     language: "ru"
  569.  
  570. ###.  =======
  571. ###'  CAPTCHA
  572.  
  573. ##
  574. ## Full path to a script that generates the image.
  575. ##
  576. ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
  577.  
  578. ##
  579. ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
  580. ##
  581. ## captcha_host: "example.org:5280"
  582.  
  583. ##
  584. ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
  585. ##
  586. ## captcha_limit: 5
  587.  
  588. ###.  =======
  589. ###'  MODULES
  590.  
  591. ##
  592. ## Modules enabled in all ejabberd virtual hosts.
  593. ##
  594. modules:
  595.   mod_adhoc: {}
  596.   mod_admin_extra: {}
  597.   mod_announce: # recommends mod_adhoc
  598.     access: announce
  599.   mod_blocking: {} # requires mod_privacy
  600.   mod_caps: {}
  601.   mod_carboncopy: {}
  602.   mod_client_state: {}
  603.   mod_configure: {} # requires mod_adhoc
  604.   ##mod_delegation: {} # for xep0356
  605.   mod_disco: {}
  606.   mod_echo: {}
  607.   mod_irc: {}
  608.   mod_http_bind: {}
  609.   ## mod_http_fileserver:
  610.   ##   docroot: "/var/www"
  611.   ##   accesslog: "/var/log/ejabberd/access.log"
  612.   mod_http_upload:
  613.               docroot: "/ejabberd/upload"
  614.               thumbnail: false
  615.               access: local
  616.               put_url: "https://@HOST@:5443/upload"
  617.               custom_headers:
  618.                             "Access-Control-Allow-Origin": "*"
  619.                             "Access-Control-Allow-Methods": "GET, POST, PUT, OPTIONS"
  620.   mod_last: {}
  621.   mod_muc:
  622.     ## host: "conference.@HOST@"
  623.     access:
  624.       - allow
  625.     access_admin:
  626.       - allow: admin
  627.     access_create: muc_create
  628.     access_persistent: muc_create
  629.   ## mod_muc_log: {}
  630.   mod_muc_admin: {}
  631.   ## mod_multicast: {}
  632.   mod_offline:
  633.     access_max_user_messages: max_user_offline_messages
  634.   mod_ping: {}
  635.   ## mod_pres_counter:
  636.   ##   count: 5
  637.   ##   interval: 60
  638.   mod_privacy: {}
  639.   mod_private: {}
  640.   ## mod_proxy65: {}
  641.   mod_pubsub:
  642.     access_createnode: pubsub_createnode
  643.     ## reduces resource comsumption, but XEP incompliant
  644.     ignore_pep_from_offline: true
  645.     ## XEP compliant, but increases resource comsumption
  646.     ## ignore_pep_from_offline: false
  647.     last_item_cache: false
  648.     plugins:
  649.       - "flat"
  650.       - "hometree"
  651.       - "pep" # pep requires mod_caps
  652.   mod_register:
  653.     ##
  654.     ## Protect In-Band account registrations with CAPTCHA.
  655.     ##
  656.     ##   captcha_protected: true
  657.     ##
  658.     ## Set the minimum informational entropy for passwords.
  659.     ##
  660.     ##   password_strength: 32
  661.     ##
  662.     ## After successful registration, the user receives
  663.     ## a message with this subject and body.
  664.     ##
  665.        welcome_message:
  666.          subject: "Welcome!"
  667.          body: |-
  668.            Hi.
  669.            Welcome to this XMPP server.
  670.     ##
  671.     ## When a user registers, send a notification to
  672.     ## these XMPP accounts.
  673.     ##
  674.     ##   registration_watchers:
  675.     ##     - "admin1@example.org"
  676.     ##
  677.     ## Only clients in the server machine can register accounts
  678.     ##
  679.     ##   ip_access: trusted_network
  680.     ##
  681.     ## Local c2s or remote s2s users cannot register accounts
  682.     ##
  683.     ##   access_from: deny
  684.     ##   access: register
  685.   mod_register_web: {}
  686.   mod_roster:
  687.     versioning: true
  688.   mod_shared_roster: {}
  689.   mod_stats: {}
  690.   mod_time: {}
  691.   mod_vcard:
  692.     search: false
  693.   mod_version: {}
  694.  
  695. ##
  696. ## Enable modules with custom options in a specific virtual host
  697. ##
  698. ## host_config:
  699. ##   "localhost":
  700. ##     modules:
  701. ##       mod_echo:
  702. ##         host: "mirror.localhost"
  703.  
  704. ##
  705. ## Enable modules management via ejabberdctl for installation and
  706. ## uninstallation of public/private contributed modules
  707. ## (enabled by default)
  708. ##
  709.  
  710. allow_contrib_modules: true
  711.  
  712. ###.
  713. ###'
  714. ### Local Variables:
  715. ### mode: yaml
  716. ### End:
  717. ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
RAW Paste Data
Top