1 files changed, 45 insertions, 44 deletions

diff --git a/ejabberd.yml.example b/ejabberd.yml.example
index aa80ef8d2..05501400b 100644
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@@ -88,7 +88,7 @@ log_rate_limit: 100
 ##
 ## hosts: Domains served by ejabberd.
 ## You can define one or several, for example:
-## hosts: 
+## hosts:
 ##   - "example.net"
 ##   - "example.com"
 ##   - "example.org"
@@ -108,11 +108,12 @@ hosts:
 
 ## Define common macros used by listeners
 ## define_macro:
-##   'CERTFILE': "/path/to/xmpp.pem"
 ##   'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH"
 ##   'TLSOPTS':
+##     - "no_sslv2"
 ##     - "no_sslv3"
 ##     - "no_tlsv1"
+##     - "no_tlsv1_1"
 ##     - "cipher_server_preference"
 ##     - "no_compression"
 ##   'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
@@ -121,18 +122,16 @@ hosts:
 ## listen: The ports ejabberd will listen on, which service each is handled
 ## by and what options to start it with.
 ##
-listen: 
-  - 
+listen:
+  -
     port: 5222
     ip: "::"
     module: ejabberd_c2s
     ##
     ## If TLS is compiled in and you installed a SSL
-    ## certificate, specify the full path to the
-    ## file and uncomment these lines:
+    ## certificate, uncomment these lines:
     ##
     ## starttls: true
-    ## certfile: 'CERTFILE'
     ## protocol_options: 'TLSOPTS'
     ## dhfile: 'DHFILE'
     ## ciphers: 'CIPHERS'
@@ -149,11 +148,11 @@ listen:
     max_stanza_size: 65536
     shaper: c2s_shaper
     access: c2s
-  - 
+  -
     port: 5269
     ip: "::"
     module: ejabberd_s2s_in
-  - 
+  -
     port: 5280
     ip: "::"
     module: ejabberd_http
@@ -168,14 +167,14 @@ listen:
   ##
   ## ejabberd_service: Interact with external components (transports, ...)
   ##
-  ## - 
+  ## -
   ##   port: 8888
   ##   ip: "::"
   ##   module: ejabberd_service
   ##   access: all
   ##   shaper_rule: fast
   ##   ip: "127.0.0.1"
-  ##   privilege_access: 
+  ##   privilege_access:
   ##      roster: "both"
   ##      message: "outgoing"
   ##      presence: "roster"
@@ -193,7 +192,7 @@ listen:
   ##
   ## ejabberd_stun: Handles STUN Binding requests
   ##
-  ## - 
+  ## -
   ##   port: 3478
   ##   transport: udp
   ##   module: ejabberd_stun
@@ -201,7 +200,7 @@ listen:
   ##
   ## To handle XML-RPC requests that provide admin credentials:
   ##
-  ## - 
+  ## -
   ##   port: 4560
   ##   ip: "::"
   ##   module: ejabberd_xmlrpc
@@ -210,14 +209,14 @@ listen:
   ##
   ## To enable secure http upload
   ##
-  ## - 
+  ## -
   ##   port: 5444
   ##   ip: "::"
   ##   module: ejabberd_http
   ##   request_handlers:
   ##     "": mod_http_upload
   ##   tls: true
-  ##   certfile: 'CERTFILE'
+  ##   certfile: "/path/to/xmpp.pem"
   ##   protocol_options: 'TLSOPTS'
   ##   dhfile: 'DHFILE'
   ##   ciphers: 'CIPHERS'
@@ -226,35 +225,32 @@ listen:
 ## password storage (see auth_password_format option).
 ## disable_sasl_mechanisms: "digest-md5"
 
+###.  ============
+###'  Certificates
+
+## List all available PEM files containing certificates for your domains,
+## chains of certificates or certificate keys. Full chains will be built
+## automatically by ejabberd.
+##
+## certfiles:
+##   - "/etc/letsencrypt/live/example.org/*.pem"
+##   - "/etc/letsencrypt/live/example.com/*.pem"
+
 ###.  ==================
 ###'  S2S GLOBAL OPTIONS
 
 ##
 ## s2s_use_starttls: Enable STARTTLS for S2S connections.
-## Allowed values are: false optional required required_trusted
-## You must specify a certificate file.
+## Allowed values are: false, optional or required
+## You must specify 'certfiles' option
 ##
 ## s2s_use_starttls: required
 
-##
-## s2s_certfile: Specify a certificate file.
-##
-## s2s_certfile: 'CERTFILE'
-
 ## Custom OpenSSL options
 ##
 ## s2s_protocol_options: 'TLSOPTS'
 
 ##
-## domain_certfile: Specify a different certificate for each served hostname.
-##
-## host_config:
-##   "example.org":
-##     domain_certfile: "/path/to/example_org.pem"
-##   "example.com":
-##     domain_certfile: "/path/to/example_com.pem"
-
-##
 ## S2S whitelist or blacklist
 ##
 ## Default s2s policy for undefined hosts.
@@ -442,7 +438,7 @@ shaper:
 ## This option specifies the maximum number of elements in the queue
 ## of the FSM. Refer to the documentation for details.
 ##
-max_fsm_queue: 1000
+max_fsm_queue: 10000
 
 ###.   ====================
 ###'   ACCESS CONTROL LISTS
@@ -465,7 +461,7 @@ acl:
 
   ## Local users: don't modify this.
   ##
-  local: 
+  local:
     user_regexp: ""
 
   ##
@@ -539,24 +535,24 @@ access_rules:
   announce:
     - allow: admin
   ## Only admins can use the configuration interface:
-  configure: 
+  configure:
     - allow: admin
   ## Only accounts of the local ejabberd server can create rooms:
-  muc_create: 
+  muc_create:
     - allow: local
   ## Only accounts on the local ejabberd server can create Pubsub nodes:
-  pubsub_createnode: 
+  pubsub_createnode:
     - allow: local
   ## In-band registration allows registration of any possible username.
   ## To disable in-band registration, replace 'allow' with 'deny'.
-  register: 
+  register:
     - allow
   ## Only allow to register from localhost
-  trusted_network: 
+  trusted_network:
     - allow: loopback
   ## Do not establish S2S connections with bad servers
   ## If you enable this you also have to uncomment "s2s_access: s2s"
-  ## s2s: 
+  ## s2s:
   ##   - deny:
   ##     - ip: "XXX.XXX.XXX.XXX/32"
   ##   - deny:
@@ -697,7 +693,7 @@ cert_dir: "/usr/local/var/lib/ejabberd/"
 ##
 ## Modules enabled in all ejabberd virtual hosts.
 ##
-modules: 
+modules:
   mod_adhoc: {}
   mod_admin_extra: {}
   mod_announce: # recommends mod_adhoc
@@ -726,7 +722,7 @@ modules:
   ## You might want to setup a SQL backend for MAM because the mnesia database is
   ## limited to 2GB which might be exceeded on large servers
   ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
-  mod_muc: 
+  mod_muc:
     ## host: "conference.@HOST@"
     access:
       - allow
@@ -737,7 +733,7 @@ modules:
   mod_muc_admin: {}
   ## mod_muc_log: {}
   ## mod_multicast: {}
-  mod_offline: 
+  mod_offline:
     access_max_user_messages: max_user_offline_messages
   mod_ping: {}
   ## mod_pres_counter:
@@ -746,14 +742,14 @@ modules:
   mod_privacy: {}
   mod_private: {}
   ## mod_proxy65: {}
-  mod_pubsub: 
+  mod_pubsub:
     access_createnode: pubsub_createnode
     ## reduces resource comsumption, but XEP incompliant
     ignore_pep_from_offline: true
     ## XEP compliant, but increases resource comsumption
     ## ignore_pep_from_offline: false
     last_item_cache: false
-    plugins: 
+    plugins:
       - "flat"
       - "hometree"
       - "pep" # pep requires mod_caps
@@ -798,6 +794,11 @@ modules:
   mod_time: {}
   mod_vcard:
     search: false
+  mod_vcard_xupdate: {}
+  ## Convert all avatars posted by Android clients from WebP to JPEG
+  mod_avatar:
+    convert:
+      webp: jpeg
   mod_version: {}
   mod_stream_mgmt: {}
   ##   Non-SASL Authentication (XEP-0078) is now disabled by default