diff options
| author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-11-20 13:34:16 +0300 |
|---|---|---|
| committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-11-20 13:34:16 +0300 |
| commit | c26b56679e06ef8b88734030de11c6b885f9bb78 (patch) | |
| tree | cd53be0234ab6b4ff65a875a360f6f95c91cd1ea /ejabberd.yml.example | |
| parent | 98b411523d6db79ad199ab7bebc1d1e5db8e4cbe (diff) | |
Modernize the example config a bit
Diffstat (limited to 'ejabberd.yml.example')
| -rw-r--r-- | ejabberd.yml.example | 62 |
1 files changed, 29 insertions, 33 deletions
diff --git a/ejabberd.yml.example b/ejabberd.yml.example index bb390b4b2..507ac1585 100644 --- a/ejabberd.yml.example +++ b/ejabberd.yml.example @@ -103,20 +103,37 @@ hosts: ## ## route_subdomains: s2s -###. =============== -###' LISTENING PORTS +###. ============ +###' Certificates + +## List all available PEM files containing certificates for your domains, +## chains of certificates or certificate keys. Full chains will be built +## automatically by ejabberd. +## +## certfiles: +## - "/etc/letsencrypt/live/example.org/*.pem" +## - "/etc/letsencrypt/live/example.com/*.pem" + +###. ================= +###' TLS configuration -## Define common macros used by listeners ## define_macro: -## 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH" -## 'TLSOPTS': -## - "no_sslv2" -## - "no_sslv3" -## - "no_tlsv1" -## - "no_tlsv1_1" -## - "cipher_server_preference" -## - "no_compression" +## 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" +## 'TLS_OPTIONS': +## - "no_sslv3" +## - "cipher_server_preference" +## - "no_compression" ## 'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 +## +## c2s_dhfile: 'DH_FILE' +## s2s_dhfile: 'DH_FILE' +## c2s_ciphers: 'TLS_CIPHERS' +## s2s_ciphers: 'TLS_CIPHERS' +## c2s_protocol_options: 'TLS_OPTIONS' +## s2s_protocol_options: 'TLS_OPTIONS' + +###. =============== +###' LISTENING PORTS ## ## listen: The ports ejabberd will listen on, which service each is handled @@ -129,12 +146,9 @@ listen: module: ejabberd_c2s ## ## If TLS is compiled in and you installed a SSL - ## certificate, uncomment these lines: + ## certificate, uncomment this line: ## ## starttls: true - ## protocol_options: 'TLSOPTS' - ## dhfile: 'DHFILE' - ## ciphers: 'CIPHERS' ## ## To enforce TLS encryption for client connections, ## use this instead of the "starttls" option: @@ -225,17 +239,6 @@ listen: ## password storage (see auth_password_format option). ## disable_sasl_mechanisms: "digest-md5" -###. ============ -###' Certificates - -## List all available PEM files containing certificates for your domains, -## chains of certificates or certificate keys. Full chains will be built -## automatically by ejabberd. -## -## certfiles: -## - "/etc/letsencrypt/live/example.org/*.pem" -## - "/etc/letsencrypt/live/example.com/*.pem" - ###. ================== ###' S2S GLOBAL OPTIONS @@ -246,10 +249,6 @@ listen: ## ## s2s_use_starttls: required -## Custom OpenSSL options -## -## s2s_protocol_options: 'TLSOPTS' - ## ## S2S whitelist or blacklist ## @@ -685,9 +684,6 @@ acme: ## - http://localhost:4000 - for a local version of the CA ca_url: "https://acme-v01.api.letsencrypt.org" -## The directory in which certificates will be saved -cert_dir: "/usr/local/var/lib/ejabberd/" - ###. ======= ###' MODULES |