-
-
Save jabberdquestions/78d39fc368c1284b455327d5db215658 to your computer and use it in GitHub Desktop.
Content of ejabberd.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### | |
### ejabberd configuration file | |
### | |
### The parameters used in this configuration file are explained at | |
### | |
### https://docs.ejabberd.im/admin/configuration | |
### | |
### The configuration file is written in YAML. | |
### ******************************************************* | |
### ******* !!! WARNING !!! ******* | |
### ******* YAML IS INDENTATION SENSITIVE ******* | |
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* | |
### ******************************************************* | |
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. | |
### | |
sql_type: mysql | |
sql_server: "localhost" | |
sql_database: "databasename" | |
sql_username: "username" | |
sql_password: "password" | |
## If you want to specify the port: | |
sql_port: 3306 | |
auth_method: sql | |
# loglevel: Verbosity of log files generated by ejabberd | |
loglevel: info | |
# rotation: Disable ejabberd's internal log rotation, as the Debian package | |
# uses logrotate(8). | |
log_rotate_count: 0 | |
# hosts: Domains served by ejabberd. | |
# You can define one or several, for example: | |
# hosts: | |
# - "example.net" | |
# - "example.com" | |
# - "example.org" | |
hosts: | |
# - localhost | |
- mydomain | |
certfiles: | |
- "/etc/ejabberd/mydomain.pem" | |
# TLS configuration | |
define_macro: | |
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" | |
'TLS_OPTIONS': | |
- "no_sslv3" | |
- "no_tlsv1" | |
- "no_tlsv1_1" | |
- "cipher_server_preference" | |
- "no_compression" | |
# 'DH_FILE': "/path/to/dhparams.pem" | |
# generated with: openssl dhparam -out dhparams.pem 2048 | |
c2s_ciphers: 'TLS_CIPHERS' | |
s2s_ciphers: 'TLS_CIPHERS' | |
c2s_protocol_options: 'TLS_OPTIONS' | |
s2s_protocol_options: 'TLS_OPTIONS' | |
# c2s_dhfile: 'DH_FILE' | |
# s2s_dhfile: 'DH_FILE' | |
listen: | |
- | |
port: 5222 | |
ip: "::" | |
module: ejabberd_c2s | |
max_stanza_size: 262144 | |
shaper: c2s_shaper | |
access: c2s | |
starttls_required: true | |
protocol_options: 'TLS_OPTIONS' | |
- | |
port: 5223 | |
ip: "::" | |
module: ejabberd_c2s | |
max_stanza_size: 262144 | |
shaper: c2s_shaper | |
access: c2s | |
tls: true | |
protocol_options: 'TLS_OPTIONS' | |
- | |
port: 5269 | |
ip: "::" | |
module: ejabberd_s2s_in | |
max_stanza_size: 524288 | |
- | |
port: 5443 | |
ip: "::" | |
module: ejabberd_http | |
tls: true | |
protocol_options: 'TLS_OPTIONS' | |
request_handlers: | |
/api: mod_http_api | |
/bosh: mod_bosh | |
/captcha: ejabberd_captcha | |
/upload: mod_http_upload | |
/ws: ejabberd_http_ws | |
- | |
port: 5280 | |
ip: "::" | |
module: ejabberd_http | |
tls: true | |
protocol_options: 'TLS_OPTIONS' | |
request_handlers: | |
/admin: ejabberd_web_admin | |
/.well-known/acme-challenge: ejabberd_acme | |
- | |
port: 3478 | |
ip: "::" | |
transport: udp | |
module: ejabberd_stun | |
use_turn: true | |
## The server's public IPv4 address: | |
# turn_ipv4_address: "203.0.113.3" | |
## The server's public IPv6 address: | |
# turn_ipv6_address: "2001:db8::3" | |
- | |
port: 1883 | |
ip: "::" | |
module: mod_mqtt | |
backlog: 1000 | |
## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text | |
## password storage (see auth_password_format option). | |
disable_sasl_mechanisms: | |
- "digest-md5" | |
- "X-OAUTH2" | |
s2s_use_starttls: false | |
#required | |
## Store the plain passwords or hashed for SCRAM: | |
auth_password_format: scram | |
## Full path to a script that generates the image. | |
captcha_cmd: "/usr/share/ejabberd/captcha.sh" | |
captcha_url: https://my_domain:5443/captcha | |
acl: | |
admin: | |
user: | |
- "admin@my_domain" | |
local: | |
user_regexp: "" | |
loopback: | |
ip: | |
- 127.0.0.0/8 | |
- ::1/128 | |
access_rules: | |
local: | |
allow: local | |
c2s: | |
deny: blocked | |
allow: all | |
announce: | |
allow: admin | |
configure: | |
allow: admin | |
muc_create: | |
allow: local | |
pubsub_createnode: | |
allow: local | |
trusted_network: | |
allow: all | |
api_permissions: | |
"console commands": | |
from: | |
- ejabberd_ctl | |
who: all | |
what: "*" | |
"admin access": | |
who: | |
access: | |
allow: | |
- acl: loopback | |
- acl: admin | |
oauth: | |
scope: "ejabberd:admin" | |
access: | |
allow: | |
- acl: loopback | |
- acl: admin | |
what: | |
- "*" | |
- "!stop" | |
- "!start" | |
"public commands": | |
who: | |
ip: 127.0.0.1/8 | |
what: | |
- status | |
- connected_users_number | |
shaper: | |
normal: | |
rate: 3000 | |
burst_size: 20000 | |
fast: 200000 | |
shaper_rules: | |
max_user_sessions: 10 | |
max_user_offline_messages: | |
5000: admin | |
100: all | |
c2s_shaper: | |
none: admin | |
normal: all | |
s2s_shaper: fast | |
modules: | |
mod_adhoc: {} | |
mod_admin_extra: {} | |
mod_announce: | |
access: announce | |
mod_avatar: {} | |
mod_blocking: {} | |
mod_bosh: {} | |
mod_caps: {} | |
mod_carboncopy: {} | |
mod_client_state: {} | |
mod_configure: {} | |
## mod_delegation: {} # for xep0356 | |
mod_disco: | |
server_info: | |
- | |
modules: all | |
name: abuse-addresses | |
urls: ["mailto:abuse@mail.com"] | |
mod_fail2ban: {} | |
mod_http_api: {} | |
mod_http_upload: | |
put_url: https://my_domain:5443/upload | |
custom_headers: | |
"Access-Control-Allow-Origin": "https://my_domain" | |
"Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" | |
"Access-Control-Allow-Headers": "Content-Type" | |
mod_last: {} | |
mod_mam: | |
## ## Mnesia is limited to 2GB, better to use an SQL backend | |
## ## For small servers SQLite is a good fit and is very easy | |
## ## to configure. Uncomment this when you have SQL configured: | |
db_type: sql | |
assume_mam_usage: true | |
default: always | |
mod_mqtt: {} | |
mod_muc: | |
access: | |
- allow | |
access_admin: | |
- allow: admin | |
access_create: muc_create | |
access_persistent: muc_create | |
access_mam: | |
- allow | |
default_room_options: | |
mam: true | |
mod_muc_admin: {} | |
mod_offline: | |
access_max_user_messages: max_user_offline_messages | |
mod_ping: {} | |
mod_pres_counter: | |
count: 5 | |
interval: 60 | |
mod_privacy: {} | |
mod_private: {} | |
mod_proxy65: | |
access: local | |
max_connections: 5 | |
mod_pubsub: | |
access_createnode: pubsub_createnode | |
plugins: | |
- flat | |
- pep | |
force_node_config: | |
"eu.siacs.conversations.axolotl.*": | |
access_model: open | |
## Avoid buggy clients to make their bookmarks public | |
storage:bookmarks: | |
access_model: whitelist | |
mod_push: {} | |
mod_push_keepalive: {} | |
mod_register: | |
## ## Only accept registration requests from the "trusted" | |
## ## network (see access_rules section above). | |
## ## Think twice before enabling registration from any | |
## ## address. See the Jabber SPAM Manifesto for details: | |
## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto | |
ip_access: trusted_network | |
captcha_protected: true | |
mod_roster: | |
versioning: true | |
mod_s2s_dialback: {} | |
mod_shared_roster: {} | |
mod_sic: {} | |
mod_stream_mgmt: | |
resend_on_timeout: if_offline | |
mod_stun_disco: {} | |
mod_vcard: | |
search: false | |
mod_vcard_xupdate: {} | |
mod_version: {} | |
### Local Variables: | |
### mode: yaml | |
### End: | |
### vim: set filetype=yaml tabstop=8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment