###. ===============
###' LISTENING PORTS
+## Define common macros used by listeners
+## define_macro:
+## 'CERTFILE': "/path/to/xmpp.pem"
+## 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH"
+## 'TLSOPTS':
+## - "no_sslv3"
+## - "no_tlsv1"
+## - "cipher_server_preference"
+## - "no_compression"
+## 'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
+
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
listen:
-
port: 5222
+ ip: "::"
module: ejabberd_c2s
##
## If TLS is compiled in and you installed a SSL
## certificate, specify the full path to the
## file and uncomment these lines:
##
- ## certfile: "/path/to/ssl.pem"
## starttls: true
+ ## certfile: 'CERTFILE'
+ ## protocol_options: 'TLSOPTS'
+ ## dhfile: 'DHFILE'
+ ## ciphers: 'CIPHERS'
##
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
##
## starttls_required: true
##
- ## Custom OpenSSL options
+ ## Stream compression
+ ##
+ ## zlib: true
##
- ## protocol_options:
- ## - "no_sslv3"
- ## - "no_tlsv1"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
+ ip: "::"
module: ejabberd_s2s_in
+ -
+ port: 5280
+ ip: "::"
+ module: ejabberd_http
+ request_handlers:
+ "/websocket": ejabberd_http_ws
+ "/api": mod_http_api
+ ## "/pub/archive": mod_http_fileserver
+ web_admin: true
+ http_bind: true
+ ## register: true
+ captcha: true
##
## ejabberd_service: Interact with external components (transports, ...)
##
## -
## port: 8888
+ ## ip: "::"
## module: ejabberd_service
## access: all
## shaper_rule: fast
##
## -
## port: 4560
+ ## ip: "::"
## module: ejabberd_xmlrpc
## access_commands: {}
- -
- port: 5280
- module: ejabberd_http
- request_handlers:
- "/websocket": ejabberd_http_ws
- "/api": mod_http_api
- ## "/pub/archive": mod_http_fileserver
- web_admin: true
- http_bind: true
- ## register: true
- captcha: true
+
+ ##
+ ## To enable secure http upload
+ ##
+ ## -
+ ## port: 5444
+ ## ip: "::"
+ ## module: ejabberd_http
+ ## request_handlers:
+ ## "": mod_http_upload
+ ## tls: true
+ ## certfile: 'CERTFILE'
+ ## protocol_options: 'TLSOPTS'
+ ## dhfile: 'DHFILE'
+ ## ciphers: 'CIPHERS'
+
+## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
+## password storage (see auth_password_format option).
+## disable_sasl_mechanisms: "digest-md5"
###. ==================
###' S2S GLOBAL OPTIONS
##
modules:
mod_adhoc: {}
- ## mod_admin_extra: {}
+ mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
- ##mod_delegation: {} # for xep0356
+ ## mod_delegation: {} # for xep0356
mod_disco: {}
- ## mod_echo: {}
+ mod_echo: {}
mod_irc: {}
mod_bosh: {}
## mod_http_fileserver:
## docroot: "/var/www"
## accesslog: "/var/log/ejabberd/access.log"
+ ## mod_http_upload:
+ ## # docroot: "@HOME@/upload"
+ ## put_url: "https://@HOST@:5444"
+ ## thumbnail: false # otherwise needs the identify command from ImageMagick installed
+ ## mod_http_upload_quota:
+ ## max_days: 30
mod_last: {}
+ ## XEP-0313: Message Archive Management
+ ## You might want to setup a SQL backend for MAM because the mnesia database is
+ ## limited to 2GB which might be exceeded on large servers
+ ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
mod_muc:
## host: "conference.@HOST@"
access:
- allow: admin
access_create: muc_create
access_persistent: muc_create
+ mod_muc_admin: {}
## mod_muc_log: {}
## mod_multicast: {}
mod_offline:
projects / ejabberd / commitdiff