Last active 1711393662

Revision 52053250107ef641dd375b2268f21142aeff5436

ejabberd.yml.movim.example Raw
1###
2### ejabberd configuration file
3###
4### The parameters used in this configuration file are explained at
5###
6### https://docs.ejabberd.im/admin/configuration
7###
8### The configuration file is written in YAML.
9### *******************************************************
10### ******* !!! WARNING !!! *******
11### ******* YAML IS INDENTATION SENSITIVE *******
12### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
13### *******************************************************
14### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
15###
16
17hosts:
18 - example.org
19 - anon.example.org
20
21host_config:
22 example.org:
23 auth_method: [ldap]
24 ldap_servers:
25 - 127.0.0.1
26 ldap_port: 389
27 ldap_uids:
28 - uid
29 ldap_rootdn: "uid=lldap_readonly,ou=people,dc=example,dc=org"
30 ldap_password: "thisisareadonlysupersecurepassword"
31 ldap_base: "ou=people,dc=example,dc=org"
32 anon.example.org: #Todo: disable http_upload
33 auth_method: [anonymous]
34 disable_sasl_mechanisms: [ "X-OAUTH2", "digest-md5" , "plain" ]
35 anonymous_protocol: sasl_anon
36
37append_host_config:
38 example.org:
39 modules:
40 mod_http_upload:
41 put_url: https://uploads.@HOST@/upload
42 docroot: /data/exampleorg/xmpp/ejabberd/user-uploads
43 #max_size: 104857600 # 100 MiB (default)
44 file_mode: "0640"
45 dir_mode: "2750"
46 mod_http_upload_quota:
47 max_days: 365
48
49loglevel: warning
50
51# rotation: Disable ejabberd's internal log rotation
52#log_rotate_count: 0
53
54ca_file: /opt/ejabberd/conf/cacert.pem
55
56#certfiles:
57# - /opt/ejabberd/conf/server.pem
58
59## If you already have certificates, list them here
60certfiles:
61 - /data/exampleorg/xmpp/ejabberd/certs/*/*.pem
62
63acme:
64 auto: false
65
66# TLS configuration
67define_macro:
68 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
69 'TLS_OPTIONS':
70 - "no_sslv3"
71 - "no_tlsv1"
72 - "no_tlsv1_1"
73 - "cipher_server_preference"
74 - "no_compression"
75 'DH_FILE': "/data/exampleorg/xmpp/ejabberd/certs/dhparams.pem"
76 # generated with: openssl dhparam -out dhparams.pem 2048
77
78c2s_ciphers: 'TLS_CIPHERS'
79s2s_ciphers: 'TLS_CIPHERS'
80c2s_protocol_options: 'TLS_OPTIONS'
81s2s_protocol_options: 'TLS_OPTIONS'
82c2s_dhfile: 'DH_FILE'
83s2s_dhfile: 'DH_FILE'
84
85listen:
86 -
87 port: 5222
88 ip: "::"
89 module: ejabberd_c2s
90 max_stanza_size: 262144
91 shaper: c2s_shaper
92 access: c2s
93 starttls_required: true
94 protocol_options: 'TLS_OPTIONS'
95 -
96 port: 5223
97 ip: "::"
98 tls: true
99 module: ejabberd_c2s
100 max_stanza_size: 262144
101 shaper: c2s_shaper
102 access: c2s
103 starttls_required: true
104 -
105 port: 5269
106 ip: "::"
107 module: ejabberd_s2s_in
108 max_stanza_size: 524288
109 -
110 port: 5280
111 ip: "::"
112# ip: "127.0.0.1"
113 protocol_options: 'TLS_OPTIONS'
114 module: ejabberd_http
115 request_handlers:
116 /admin: ejabberd_web_admin
117 /api: mod_http_api
118 /bosh: mod_bosh
119# /captcha: ejabberd_captcha
120 /upload: mod_http_upload
121 /ws: ejabberd_http_ws
122# /.well-known/acme-challenge: ejabberd_acme
123 custom_headers:
124 "Access-Control-Allow-Origin": "*"
125 "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
126 "Access-Control-Allow-Headers": "Authorization"
127 "Access-Control-Allow-Credentials": "true"
128## STUN/TURN ToDo
129# -
130# port: 3478
131# ip: "::"
132# transport: udp
133# module: ejabberd_stun
134# use_turn: true
135 ## The server's public IPv4 address:
136 # turn_ipv4_address: "203.0.113.3"
137 ## The server's public IPv6 address:
138 # turn_ipv6_address: "2001:db8::3"
139# -
140# port: 5349
141# transport: tcp
142# module: ejabberd_stun
143# use_turn: true
144# tls: true
145# turn_min_port: 49152
146# turn_max_port: 65535
147# turn_ipv4_address: !!!!IP INTERFACE ADDRESS
148# -
149# port: 1883
150# ip: "::"
151# module: mod_mqtt
152# backlog: 1000
153## Matrix gateway
154## ToDo: change port to avoid conflict with nginx/synapse and reverse-proxy it
155# -
156# port: 8448
157# module: ejabberd_http
158# tls: false
159# request_handlers:
160# "/_matrix": mod_matrix_gw
161## XMPP Components
162 -
163 port: 5347
164 ip: "127.0.0.1"
165 module: ejabberd_service
166 global_routes: false
167 hosts:
168 # biboumi IRC gateways
169 irc.example.org:
170 password: "supersecretpasswordhere"
171
172## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
173## password storage (see auth_password_format option).
174disable_sasl_mechanisms:
175 - "digest-md5"
176
177## Disable SASL SCRAM Downgrade Protection (XEP-0474)
178## Todo: remove once Movim supports XEP-0474
179disable_sasl_scram_downgrade_protection: true
180
181s2s_use_starttls: required
182
183trusted_proxies:
184 - "127.0.0.1"
185 - "192.168.1.1"
186
187## Postgresql database config
188sql_type: pgsql
189sql_database: 'ejabberd'
190sql_username: 'ejabberd'
191#sql_server: localhost
192# Postgres container systemd-ejabberd-psql
193sql_port: 5432
194sql_password: 'anothersupersecretpasswordhere'
195sql_prepared_statements: false
196#sql_pool_size: 2 #default 10
197new_sql_schema: true
198update_sql_schema: true
199
200# Use SQL as the default persistent database
201default_db: sql
202
203acl:
204 admin:
205 user:
206 - "admin@example.org"
207 local:
208 user_regexp: ""
209 loopback:
210 ip:
211 - 127.0.0.0/8
212 - ::1/128
213
214access_rules:
215 local:
216 allow: local
217 c2s:
218 deny: blocked
219 allow: all
220 announce:
221 allow: admin
222 configure:
223 allow: admin
224 muc_create:
225 allow: local
226 pubsub_createnode:
227 allow: local
228 trusted_network:
229 allow: loopback
230
231api_permissions:
232 "console commands":
233 from:
234 - ejabberd_ctl
235 who: all
236 what: "*"
237 "admin access":
238 who:
239 access:
240 allow:
241 - acl: loopback
242 - acl: admin
243 oauth:
244 scope: "ejabberd:admin"
245 access:
246 allow:
247 - acl: loopback
248 - acl: admin
249 what:
250 - "*"
251 - "!stop"
252 - "!start"
253 "public commands":
254 who:
255 ip: 127.0.0.1/8
256 what:
257 - status
258 - connected_users_number
259
260shaper:
261 normal:
262 rate: 3000
263 burst_size: 20000
264 fast: 100000
265
266shaper_rules:
267 max_user_sessions: 10
268 max_user_offline_messages:
269 5000: admin
270 100: all
271 c2s_shaper:
272 none: admin
273 normal: all
274 s2s_shaper: fast
275 soft_upload_quota:
276 250: all # MiB
277 hard_upload_quota:
278 300: all # MiB
279
280modules:
281 mod_adhoc: {}
282 mod_admin_extra: {}
283 mod_announce:
284 access: announce
285 mod_avatar: {}
286 mod_blocking: {}
287 mod_bosh: {}
288 mod_caps: {}
289 mod_carboncopy: {}
290 mod_client_state: {}
291 mod_configure: {}
292 mod_disco:
293 server_info:
294 -
295 modules: all
296 name: "admin-addresses"
297 urls:
298 - "xmpp:admin@example.org"
299 -
300 modules: all
301 name: "security-addresses"
302 urls:
303 - "xmpp:support@chat.example.org?join"
304 -
305 modules: all
306 name: "abuse-addresses"
307 urls:
308 - "xmpp:support@chat.example.org?join"
309 -
310 modules: all
311 name: "feedback-addresses"
312 urls:
313 - "xmpp:support@chat.example.org?join"
314 -
315 modules: all
316 name: "support-addresses"
317 urls:
318 - "mailto:info@example.org"
319# mod_fail2ban: {}
320 mod_host_meta:
321 bosh_service_url: "https://chat.@HOST@/bosh"
322 websocket_url: "wss://chat.@HOST@/ws"
323 mod_http_api: {}
324# mod_http_upload:
325# put_url: https://uploads.@HOST@/upload
326# docroot: /data/exampleorg/xmpp/user-uploads
327# #max_size: 104857600 # 100 MiB (default)
328# file_mode: "0640"
329# dir_mode: "2750"
330# #custom_headers:
331# # "Access-Control-Allow-Origin": "https://@HOST@"
332# # "Access-Control-Allow-Origin": "*"
333# # "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
334# # "Access-Control-Allow-Headers": "Content-Type"
335# # "Access-Control-Allow-Headers": "Authorization"
336# # "Access-Control-Allow-Credentials": "true"
337# #thumbnail: false # otherwise needs the identify command from ImageMagick installed
338# mod_http_upload_quota:
339# max_days: 365
340 mod_last: {}
341 mod_mam:
342 db_type: sql
343 assume_mam_usage: true
344 default: always
345 user_mucsub_from_muc_archive: true
346 compress_xml: true
347# mod_matrix_gw:
348# host: "matrix.@HOST@"
349# matrix_domain: "@HOST@"
350# key_name: "somename"
351# key: "yourkeyinbase64"
352# matrix_id_as_jid: false
353# mod_mqtt: {}
354 mod_muc:
355 host: "chat.@HOST@"
356 access:
357 - allow
358 access_admin:
359 - allow: admin
360 access_create: muc_create
361 access_persistent: muc_create
362 access_mam:
363 - allow
364 max_users: 400 #default 200
365 max_users_presence: 2000 #default 1000
366 min_message_interval: 0.4 #spam rate limit
367 history_size: 50 #default 20
368 default_room_options:
369 allow_subscription: true
370 allow_change_subj: false
371 mam: true
372 persistent: true
373 anonymous: false
374 members_only: true
375 allow_user_invites: true
376 public: false
377 public_list: false
378 lang: "en"
379 mod_muc_admin: {}
380 mod_muc_occupantid: {}
381 mod_muc_rtbl: {}
382 mod_offline:
383 access_max_user_messages: max_user_offline_messages
384 mod_ping: {}
385 mod_pres_counter:
386 count: 5
387 interval: 60
388 mod_privacy: {}
389 mod_private: {}
390 mod_proxy65:
391 access: local
392 max_connections: 5
393 mod_pubsub:
394 #access_createnode: pubsub_createnode
395 access_createnode: local
396 ignore_pep_from_offline: false
397 last_item_cache: false
398 max_items_node: 1000
399 default_node_config:
400 max_items: 1000
401 plugins:
402 - flat
403 - pep
404 force_node_config:
405 ## Avoid buggy clients to make their bookmarks public
406 "storage:bookmarks":
407 access_model: whitelist
408 persist_items: true
409 ## Enforce pubsub config for Movim
410 "eu.siacs.conversations.axolotl.*":
411 access_model: open
412 "urn:xmpp:bookmarks:0":
413 access_model: whitelist
414 send_last_published_item: never
415 persist_items: true
416 max_items: infinity
417 "urn:xmpp:bookmarks:1":
418 access_model: whitelist
419 send_last_published_item: never
420 persist_items: true
421 max_items: infinity
422 "urn:xmpp:pubsub:movim-public-subscription":
423 access_model: whitelist
424 persist_items: true
425 max_items: infinity
426 "urn:xmpp:microblog:0":
427 max_items: infinity
428 access_model: presence
429 notify_retract: true
430 persist_items: true
431 "urn:xmpp:microblog:0:comments*":
432 max_items: infinity
433 access_model: open
434 notify_retract: true
435 persist_items: true
436 mod_push: {}
437 mod_push_keepalive: {}
438 mod_register:
439 ## No registration via XMPP supported, redirect to
440 ## Todo: make vhost specific
441 redirect_url: "https://example.org/"
442 ## Only accept registration requests from the "trusted"
443 ## network (see access_rules section above).
444 ## Think twice before enabling registration from any
445 ## address. See the Jabber SPAM Manifesto for details:
446 ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
447 #ip_access: trusted_network
448 mod_roster:
449 versioning: true
450 mod_s2s_dialback: {}
451 mod_shared_roster: {}
452 mod_stream_mgmt:
453 resend_on_timeout: if_offline
454 mod_stun_disco:
455 credentials_lifetime: 6h
456 mod_vcard:
457 search: false
458 mod_vcard_xupdate: {}
459 mod_version:
460 show_os: false
461
462allow_contrib_modules: true
463### Local Variables:
464### mode: yaml
465### End:
466### vim: set filetype=yaml tabstop=8
467