Skip to content

Instantly share code, notes, and snippets.

@logicwonder

logicwonder/ejabberd.yml Secret

Created July 3, 2023 09:50
Show Gist options
  • Save logicwonder/bb7923007e16783ebf2ac22ab914be9f to your computer and use it in GitHub Desktop.
Save logicwonder/bb7923007e16783ebf2ac22ab914be9f to your computer and use it in GitHub Desktop.
Download ZIP
ejabberd.yml
Raw
ejabberd.yml
loglevel: 4
log_rotate_size: 1073741824
log_rotate_date: "$W0D23"
log_rotate_count: 7
log_rate_limit: 100
hosts:
- "xxxxxx.xxx.xx"
- "yyyyyy.yyy.yy"
certfiles:
- "/etc/ssl/ejabberd/cert.pem"
define_macro:
CIPHERS_INTERMEDIATE: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
PROTOCOL_OPTIONS_INTERMEDIATE:
- "no_sslv2"
- "no_sslv3"
CIPHERS_MODERN: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
PROTOCOL_OPTIONS_MODERN:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
c2s_ciphers: CIPHERS_INTERMEDIATE
c2s_protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
starttls_required: true
use_proxy_protocol: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/api": mod_http_api
"/admin": ejabberd_web_admin
"/captcha": ejabberd_captcha
s2s_use_starttls: false
negotiation_timeout: 40
outgoing_s2s_timeout: 3600
auth_method: sql
auth_password_format: scram
sql_type: pgsql
sql_server: "xx.xx.xx.xx"
sql_database: "xxxx"
sql_username: "xxxx"
sql_password: "xxxxxxxxxx"
new_sql_schema: true
sql_port: 5432
oom_killer: true
oom_watermark: 80
oom_queue: 10000
sql_pool_size: 5
host_config:
xxxxxx.xxx.xx:
sql_pool_size: 200
yyyyyy.yyy.yy:
sql_pool_size: 50
default_db: sql
shaper:
normal:
rate: 32000
burst_size: 32000
fast: 100000000
max_fsm_queue: 10000
acl:
admin:
user:
- "admin@xxxxxx.xxx.xx"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 1
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: admin
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- ip: "10.0.0.0/8"
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "10.0.0.0/8"
what:
- "status"
- "connected_users_number"
"API used from localhost allows all calls":
who:
- ip: "127.0.0.1/8"
what:
- "*"
- "!stop"
- "!start"
language: "en"
cache_size : 500000
acme:
contact: "mailto:example-admin@example.com"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_caps: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco: {}
mod_http_upload:
docroot: "/xxxx/xxxx"
put_url: "https://xxxx.xxxx.xxxx/yyy/zzzz"
service_url: "https://xxxx.xxxx.xxxx/yyy/dddddd"
thumbnail: false # otherwise needs ejabberd to be compiled with libgd support
mod_last: {}
mod_mam:
default: always
assume_mam_usage: false
db_type: sql
mod_muc:
max_user_conferences: 100
history_size: 100
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
allow_subscription: true
mam: true
persistent: true
public: false
public_list: false
members_only: true
mod_muc_admin: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
plugins:
- "flat"
- "pep" # pep requires mod_caps
force_node_config:
"eu.siacs.conversations.axolotl.*":
access_model: whitelist
"storage:bookmarks":
access_model: whitelist
mod_push:
use_cache: true
cache_size: infinity
mod_roster:
use_cache: true
cache_size: 800000
cache_life_time: 3600
mod_stats: {}
mod_time: {}
mod_version:
show_os: false
mod_stream_mgmt:
resume_timeout: 15
max_resume_timeout: 15
resend_on_timeout: true
mod_s2s_dialback: {}
mod_http_api: {}
mod_fail2ban: {}
allow_contrib_modules: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment