This kicks off the basic tree structure, where the docs all mirror the reality, like an ascii penumbra.
		
			
				
	
	
		
			340 lines
		
	
	
		
			7.4 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			340 lines
		
	
	
		
			7.4 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ###
 | |
| ###              ejabberd configuration file
 | |
| ###
 | |
| ### The parameters used in this configuration file are explained at
 | |
| ###
 | |
| ###       https://docs.ejabberd.im/admin/configuration
 | |
| ###
 | |
| ### The configuration file is written in YAML.
 | |
| ### *******************************************************
 | |
| ### *******           !!! WARNING !!!               *******
 | |
| ### *******     YAML IS INDENTATION SENSITIVE       *******
 | |
| ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
 | |
| ### *******************************************************
 | |
| ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
 | |
| ###
 | |
| 
 | |
| 
 | |
| # loglevel: Verbosity of log files generated by ejabberd
 | |
| loglevel: info
 | |
| 
 | |
| # rotation: Disable ejabberd's internal log rotation, as the Debian package
 | |
| # uses logrotate(8).
 | |
| log_rotate_count: 0
 | |
| 
 | |
| # hosts: Domains served by ejabberd.
 | |
| # You can define one or several, for example:
 | |
| # hosts:
 | |
| #   - "example.net"
 | |
| #   - "example.com"
 | |
| #   - "example.org"
 | |
| 
 | |
| hosts:
 | |
|   - "dmz.rs"
 | |
| 
 | |
| certfiles:
 | |
| #  - "/etc/ejabberd/ejabberd.pem"
 | |
| #  - /etc/letsencrypt/live/localhost/fullchain.pem
 | |
| #  - /etc/letsencrypt/live/localhost/privkey.pem
 | |
|   - /etc/ssl/certs/xmpp.krov.dmz.rs/fullchain.pem
 | |
|   - /etc/ssl/certs/xmpp.krov.dmz.rs/privkey.pem
 | |
| 
 | |
| # TLS configuration
 | |
| define_macro:
 | |
|   'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
 | |
|   'TLS_OPTIONS':
 | |
|     - "no_sslv3"
 | |
|     - "no_tlsv1"
 | |
|     - "no_tlsv1_1"
 | |
|     - "cipher_server_preference"
 | |
|     - "no_compression"
 | |
|   'DH_FILE': "/etc/ejabberd/dhparams.pem"
 | |
|     # generated with: openssl dhparam -out dhparams.pem 2048
 | |
| 
 | |
| c2s_ciphers: 'TLS_CIPHERS'
 | |
| s2s_ciphers: 'TLS_CIPHERS'
 | |
| c2s_protocol_options: 'TLS_OPTIONS'
 | |
| s2s_protocol_options: 'TLS_OPTIONS'
 | |
| c2s_dhfile: 'DH_FILE'
 | |
| s2s_dhfile: 'DH_FILE'
 | |
| 
 | |
| listen:
 | |
|   -
 | |
|     port: 5222
 | |
|     ip: "::"
 | |
|     module: ejabberd_c2s
 | |
|     max_stanza_size: 262144
 | |
|     shaper: c2s_shaper
 | |
|     access: c2s
 | |
|     starttls_required: true
 | |
|     protocol_options: 'TLS_OPTIONS'
 | |
|   -
 | |
|     port: 5223
 | |
|     ip: "::"
 | |
|     module: ejabberd_c2s
 | |
|     max_stanza_size: 262144
 | |
|     shaper: c2s_shaper
 | |
|     access: c2s
 | |
|     tls: true
 | |
|     protocol_options: 'TLS_OPTIONS'
 | |
|   -
 | |
|     port: 5269
 | |
|     ip: "::"
 | |
|     module: ejabberd_s2s_in
 | |
|     max_stanza_size: 524288
 | |
|   -
 | |
|     port: 5443
 | |
|     ip: "::"
 | |
|     module: ejabberd_http
 | |
|     tls: true
 | |
|     protocol_options: 'TLS_OPTIONS'
 | |
|     request_handlers:
 | |
|       /api: mod_http_api
 | |
|       /bosh: mod_bosh
 | |
|       /captcha: ejabberd_captcha
 | |
|       /upload: mod_http_upload
 | |
|       /register: mod_register_web
 | |
|       /ws: ejabberd_http_ws
 | |
|   -
 | |
|     port: 5280
 | |
|     ip: "::"
 | |
|     module: ejabberd_http
 | |
|     tls: true
 | |
|     protocol_options: 'TLS_OPTIONS'
 | |
|     request_handlers:
 | |
|       /admin: ejabberd_web_admin
 | |
|       /.well-known/acme-challenge: ejabberd_acme
 | |
|   -
 | |
|     port: 3478
 | |
|     ip: "::"
 | |
|     transport: udp
 | |
|     module: ejabberd_stun
 | |
|     use_turn: true
 | |
|     ## The server's public IPv4 address:
 | |
|     # turn_ipv4_address: "203.0.113.3"
 | |
|     ## The server's public IPv6 address:
 | |
|     # turn_ipv6_address: "2001:db8::3"
 | |
|   -
 | |
|     port: 1883
 | |
|     ip: "::"
 | |
|     module: mod_mqtt
 | |
|     backlog: 1000
 | |
| 
 | |
| 
 | |
| ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
 | |
| ## password storage (see auth_password_format option).
 | |
| disable_sasl_mechanisms:
 | |
|   - "digest-md5"
 | |
|   - "X-OAUTH2"
 | |
| 
 | |
| s2s_use_starttls: required
 | |
| 
 | |
| ## Store the plain passwords or hashed for SCRAM:
 | |
| #auth_password_format: scram
 | |
| 
 | |
| ## Full path to a script that generates the image.
 | |
| captcha_cmd: "/usr/share/ejabberd/captcha.sh"
 | |
|  
 | |
| default_db: sql
 | |
| 
 | |
| sql_type: pgsql
 | |
| sql_server: sql.krov.dmz.rs
 | |
| sql_port: 5432
 | |
| sql_database: ejabberddb
 | |
| sql_username: ejabberd12
 | |
| sql_password: "sqlpassword"
 | |
| sql_pool_size: 5
 | |
| 
 | |
| auth_method: ldap
 | |
| 
 | |
| # LDAP
 | |
| ldap_servers:
 | |
|   - ldap.krov.dmz.rs
 | |
| ldap_port: 636
 | |
| ldap_encrypt: tls
 | |
| ldap_tls_verify: true
 | |
| ldap_rootdn: "uid=xmppldapkrov,ou=Users,dc=dmz,dc=rs"
 | |
| ldap_password: "ldappassword"
 | |
| ldap_base: "ou=Users,dc=dmz,dc=rs"
 | |
| 
 | |
| acl:
 | |
|   admin:
 | |
|      user:
 | |
|        - ""
 | |
| 
 | |
|   local:
 | |
|     user_regexp: ""
 | |
|   loopback:
 | |
|     ip:
 | |
|       - 127.0.0.0/8
 | |
|       - ::1/128
 | |
| 
 | |
| access_rules:
 | |
|   local:
 | |
|     allow: local
 | |
|   c2s:
 | |
|     deny: blocked
 | |
|     allow: all
 | |
|   announce:
 | |
|     allow: admin
 | |
|   configure:
 | |
|     allow: admin
 | |
|   muc_create:
 | |
|     allow: local
 | |
|   pubsub_createnode:
 | |
|     allow: local
 | |
|   trusted_network:
 | |
|     allow: local
 | |
|     allow: all
 | |
| 
 | |
| api_permissions:
 | |
|   "console commands":
 | |
|     from:
 | |
|       - ejabberd_ctl
 | |
|     who: all
 | |
|     what: "*"
 | |
|   "admin access":
 | |
|     who:
 | |
|       access:
 | |
|         allow:
 | |
|           - acl: loopback
 | |
|           - acl: admin
 | |
|       oauth:
 | |
|         scope: "ejabberd:admin"
 | |
|         access:
 | |
|           allow:
 | |
|             - acl: loopback
 | |
|             - acl: admin
 | |
|     what:
 | |
|       - "*"
 | |
|       - "!stop"
 | |
|       - "!start"
 | |
|   "public commands":
 | |
|     who:
 | |
|       ip: 127.0.0.1/8
 | |
|     what:
 | |
|       - status
 | |
|       - connected_users_number
 | |
| 
 | |
| shaper:
 | |
|   normal:
 | |
|     rate: 3000
 | |
|     burst_size: 20000
 | |
|   fast: 200000
 | |
| 
 | |
| shaper_rules:
 | |
|   max_user_sessions: 10
 | |
|   max_user_offline_messages:
 | |
|     5000: admin
 | |
|     100: all
 | |
|   c2s_shaper:
 | |
|     none: admin
 | |
|     normal: all
 | |
|   s2s_shaper: fast
 | |
| 
 | |
| modules:
 | |
|   mod_adhoc: {}
 | |
|   mod_admin_extra: {}
 | |
|   mod_announce:
 | |
|     access: announce
 | |
|   mod_avatar: {}
 | |
|   mod_blocking: {}
 | |
|   mod_bosh: {}
 | |
|   mod_caps: {}
 | |
|   mod_carboncopy: {}
 | |
|   mod_client_state: {}
 | |
|   mod_configure: {}
 | |
|   ## mod_delegation: {}   # for xep0356
 | |
|   mod_disco:
 | |
|     server_info:
 | |
|     -
 | |
|       modules: all
 | |
|       name: "abuse-addresses"
 | |
|       urls: ["mailto:abusecontact@yourserver.com"]
 | |
|   mod_fail2ban: {}
 | |
|   mod_http_api: {}
 | |
|   mod_http_upload:
 | |
|     put_url: https://@HOST@:5443/upload
 | |
|     custom_headers:
 | |
|       "Access-Control-Allow-Origin": "https://@HOST@"
 | |
|       "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
 | |
|       "Access-Control-Allow-Headers": "Content-Type"
 | |
|   mod_last: {}
 | |
|   mod_mam:
 | |
|     ## Mnesia is limited to 2GB, better to use an SQL backend
 | |
|     ## For small servers SQLite is a good fit and is very easy
 | |
|     ## to configure. Uncomment this when you have SQL configured:
 | |
|     db_type: sql
 | |
|     assume_mam_usage: true
 | |
|     default: always
 | |
|   mod_mqtt: {}
 | |
|   mod_muc:
 | |
|     access:
 | |
|       - allow
 | |
|     access_admin:
 | |
|       - allow: admin
 | |
|     #access_create: muc_create
 | |
|     access_create: all
 | |
|     #access_persistent: muc_create
 | |
|     access_persistent: all
 | |
|     access_mam:
 | |
|       - allow
 | |
|     default_room_options:
 | |
|       mam: true
 | |
|   mod_muc_admin: {}
 | |
|   mod_offline:
 | |
|     access_max_user_messages: max_user_offline_messages
 | |
|   mod_ping:
 | |
|     send_pings: true
 | |
|     ping_interval: 4 min
 | |
|     timeout_action: kill
 | |
|   mod_pres_counter:
 | |
|     count: 5
 | |
|     interval: 60
 | |
|   mod_privacy: {}
 | |
|   mod_private: {}
 | |
|   mod_proxy65:
 | |
|     access: local
 | |
|     max_connections: 5
 | |
|   mod_pubsub:
 | |
|     access_createnode: pubsub_createnode
 | |
|     plugins:
 | |
|       - flat
 | |
|       - pep
 | |
|     force_node_config:
 | |
|       "eu.siacs.conversations.axolotl.*":
 | |
|         access_model: open
 | |
|       ## Avoid buggy clients to make their bookmarks public
 | |
|       storage:bookmarks:
 | |
|         access_model: whitelist
 | |
|   mod_push: {}
 | |
|   mod_push_keepalive: {}
 | |
|   mod_register:
 | |
|     ## Only accept registration requests from the "trusted"
 | |
|     ## network (see access_rules section above).
 | |
|     ## Think twice before enabling registration from any
 | |
|     ## address. See the Jabber SPAM Manifesto for details:
 | |
|     ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
 | |
|     redirect_url: "https://dmz.rs/account/register/"
 | |
|     #captcha_protected: true
 | |
|     #ip_access: trusted_network
 | |
|   mod_roster:
 | |
|     versioning: true
 | |
|   mod_s2s_dialback: {}
 | |
|   mod_shared_roster: {}
 | |
|   mod_sic: {}
 | |
|   mod_stream_mgmt:
 | |
|     #resend_on_timeout: if_offline
 | |
|     resend_on_timeout: true
 | |
|     #resume_timeout: 5 min
 | |
|   mod_stun_disco: {}
 | |
|   mod_vcard:
 | |
|     search: false
 | |
|   mod_vcard_xupdate: {}
 | |
|   mod_version: {}
 | |
| 
 | |
| ### Local Variables:
 | |
| ### mode: yaml
 | |
| ### End:
 | |
| ### vim: set filetype=yaml tabstop=8
 |