diff options
Diffstat (limited to 'ejabberd.yml.example')
-rw-r--r-- | ejabberd.yml.example | 89 |
1 files changed, 45 insertions, 44 deletions
diff --git a/ejabberd.yml.example b/ejabberd.yml.example index aa80ef8d2..05501400b 100644 --- a/ejabberd.yml.example +++ b/ejabberd.yml.example @@ -88,7 +88,7 @@ log_rate_limit: 100 ## ## hosts: Domains served by ejabberd. ## You can define one or several, for example: -## hosts: +## hosts: ## - "example.net" ## - "example.com" ## - "example.org" @@ -108,11 +108,12 @@ hosts: ## Define common macros used by listeners ## define_macro: -## 'CERTFILE': "/path/to/xmpp.pem" ## 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH" ## 'TLSOPTS': +## - "no_sslv2" ## - "no_sslv3" ## - "no_tlsv1" +## - "no_tlsv1_1" ## - "cipher_server_preference" ## - "no_compression" ## 'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 @@ -121,18 +122,16 @@ hosts: ## listen: The ports ejabberd will listen on, which service each is handled ## by and what options to start it with. ## -listen: - - +listen: + - port: 5222 ip: "::" module: ejabberd_c2s ## ## If TLS is compiled in and you installed a SSL - ## certificate, specify the full path to the - ## file and uncomment these lines: + ## certificate, uncomment these lines: ## ## starttls: true - ## certfile: 'CERTFILE' ## protocol_options: 'TLSOPTS' ## dhfile: 'DHFILE' ## ciphers: 'CIPHERS' @@ -149,11 +148,11 @@ listen: max_stanza_size: 65536 shaper: c2s_shaper access: c2s - - + - port: 5269 ip: "::" module: ejabberd_s2s_in - - + - port: 5280 ip: "::" module: ejabberd_http @@ -168,14 +167,14 @@ listen: ## ## ejabberd_service: Interact with external components (transports, ...) ## - ## - + ## - ## port: 8888 ## ip: "::" ## module: ejabberd_service ## access: all ## shaper_rule: fast ## ip: "127.0.0.1" - ## privilege_access: + ## privilege_access: ## roster: "both" ## message: "outgoing" ## presence: "roster" @@ -193,7 +192,7 @@ listen: ## ## ejabberd_stun: Handles STUN Binding requests ## - ## - + ## - ## port: 3478 ## transport: udp ## module: ejabberd_stun @@ -201,7 +200,7 @@ listen: ## ## To handle XML-RPC requests that provide admin credentials: ## - ## - + ## - ## port: 4560 ## ip: "::" ## module: ejabberd_xmlrpc @@ -210,14 +209,14 @@ listen: ## ## To enable secure http upload ## - ## - + ## - ## port: 5444 ## ip: "::" ## module: ejabberd_http ## request_handlers: ## "": mod_http_upload ## tls: true - ## certfile: 'CERTFILE' + ## certfile: "/path/to/xmpp.pem" ## protocol_options: 'TLSOPTS' ## dhfile: 'DHFILE' ## ciphers: 'CIPHERS' @@ -226,35 +225,32 @@ listen: ## password storage (see auth_password_format option). ## disable_sasl_mechanisms: "digest-md5" +###. ============ +###' Certificates + +## List all available PEM files containing certificates for your domains, +## chains of certificates or certificate keys. Full chains will be built +## automatically by ejabberd. +## +## certfiles: +## - "/etc/letsencrypt/live/example.org/*.pem" +## - "/etc/letsencrypt/live/example.com/*.pem" + ###. ================== ###' S2S GLOBAL OPTIONS ## ## s2s_use_starttls: Enable STARTTLS for S2S connections. -## Allowed values are: false optional required required_trusted -## You must specify a certificate file. +## Allowed values are: false, optional or required +## You must specify 'certfiles' option ## ## s2s_use_starttls: required -## -## s2s_certfile: Specify a certificate file. -## -## s2s_certfile: 'CERTFILE' - ## Custom OpenSSL options ## ## s2s_protocol_options: 'TLSOPTS' ## -## domain_certfile: Specify a different certificate for each served hostname. -## -## host_config: -## "example.org": -## domain_certfile: "/path/to/example_org.pem" -## "example.com": -## domain_certfile: "/path/to/example_com.pem" - -## ## S2S whitelist or blacklist ## ## Default s2s policy for undefined hosts. @@ -442,7 +438,7 @@ shaper: ## This option specifies the maximum number of elements in the queue ## of the FSM. Refer to the documentation for details. ## -max_fsm_queue: 1000 +max_fsm_queue: 10000 ###. ==================== ###' ACCESS CONTROL LISTS @@ -465,7 +461,7 @@ acl: ## Local users: don't modify this. ## - local: + local: user_regexp: "" ## @@ -539,24 +535,24 @@ access_rules: announce: - allow: admin ## Only admins can use the configuration interface: - configure: + configure: - allow: admin ## Only accounts of the local ejabberd server can create rooms: - muc_create: + muc_create: - allow: local ## Only accounts on the local ejabberd server can create Pubsub nodes: - pubsub_createnode: + pubsub_createnode: - allow: local ## In-band registration allows registration of any possible username. ## To disable in-band registration, replace 'allow' with 'deny'. - register: + register: - allow ## Only allow to register from localhost - trusted_network: + trusted_network: - allow: loopback ## Do not establish S2S connections with bad servers ## If you enable this you also have to uncomment "s2s_access: s2s" - ## s2s: + ## s2s: ## - deny: ## - ip: "XXX.XXX.XXX.XXX/32" ## - deny: @@ -697,7 +693,7 @@ cert_dir: "/usr/local/var/lib/ejabberd/" ## ## Modules enabled in all ejabberd virtual hosts. ## -modules: +modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: # recommends mod_adhoc @@ -726,7 +722,7 @@ modules: ## You might want to setup a SQL backend for MAM because the mnesia database is ## limited to 2GB which might be exceeded on large servers ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend - mod_muc: + mod_muc: ## host: "conference.@HOST@" access: - allow @@ -737,7 +733,7 @@ modules: mod_muc_admin: {} ## mod_muc_log: {} ## mod_multicast: {} - mod_offline: + mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} ## mod_pres_counter: @@ -746,14 +742,14 @@ modules: mod_privacy: {} mod_private: {} ## mod_proxy65: {} - mod_pubsub: + mod_pubsub: access_createnode: pubsub_createnode ## reduces resource comsumption, but XEP incompliant ignore_pep_from_offline: true ## XEP compliant, but increases resource comsumption ## ignore_pep_from_offline: false last_item_cache: false - plugins: + plugins: - "flat" - "hometree" - "pep" # pep requires mod_caps @@ -798,6 +794,11 @@ modules: mod_time: {} mod_vcard: search: false + mod_vcard_xupdate: {} + ## Convert all avatars posted by Android clients from WebP to JPEG + mod_avatar: + convert: + webp: jpeg mod_version: {} mod_stream_mgmt: {} ## Non-SASL Authentication (XEP-0078) is now disabled by default |