kris revised this gist . Go to revision
1 file changed, 1 insertion, 1 deletion
ejabberd.yml.movim.example
@@ -27,7 +27,7 @@ host_config: | |||
27 | 27 | ldap_uids: | |
28 | 28 | - uid | |
29 | 29 | ldap_rootdn: "uid=lldap_readonly,ou=people,dc=example,dc=org" | |
30 | - | ldap_password: "thisisreadonly" | |
30 | + | ldap_password: "thisisareadonlysupersecurepassword" | |
31 | 31 | ldap_base: "ou=people,dc=example,dc=org" | |
32 | 32 | anon.example.org: #Todo: disable http_upload | |
33 | 33 | auth_method: [anonymous] |
kris revised this gist . Go to revision
1 file changed, 2 insertions, 2 deletions
ejabberd.yml.movim.example
@@ -26,9 +26,9 @@ host_config: | |||
26 | 26 | ldap_port: 389 | |
27 | 27 | ldap_uids: | |
28 | 28 | - uid | |
29 | - | ldap_rootdn: "uid=lldap_readonly,ou=people,dc=f-hub,dc=org" | |
29 | + | ldap_rootdn: "uid=lldap_readonly,ou=people,dc=example,dc=org" | |
30 | 30 | ldap_password: "thisisreadonly" | |
31 | - | ldap_base: "ou=people,dc=f-hub,dc=org" | |
31 | + | ldap_base: "ou=people,dc=example,dc=org" | |
32 | 32 | anon.example.org: #Todo: disable http_upload | |
33 | 33 | auth_method: [anonymous] | |
34 | 34 | disable_sasl_mechanisms: [ "X-OAUTH2", "digest-md5" , "plain" ] |
kris revised this gist . Go to revision
1 file changed, 466 insertions
ejabberd.yml.movim.example(file created)
@@ -0,0 +1,466 @@ | |||
1 | + | ### | |
2 | + | ### ejabberd configuration file | |
3 | + | ### | |
4 | + | ### The parameters used in this configuration file are explained at | |
5 | + | ### | |
6 | + | ### https://docs.ejabberd.im/admin/configuration | |
7 | + | ### | |
8 | + | ### The configuration file is written in YAML. | |
9 | + | ### ******************************************************* | |
10 | + | ### ******* !!! WARNING !!! ******* | |
11 | + | ### ******* YAML IS INDENTATION SENSITIVE ******* | |
12 | + | ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* | |
13 | + | ### ******************************************************* | |
14 | + | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. | |
15 | + | ### | |
16 | + | ||
17 | + | hosts: | |
18 | + | - example.org | |
19 | + | - anon.example.org | |
20 | + | ||
21 | + | host_config: | |
22 | + | example.org: | |
23 | + | auth_method: [ldap] | |
24 | + | ldap_servers: | |
25 | + | - 127.0.0.1 | |
26 | + | ldap_port: 389 | |
27 | + | ldap_uids: | |
28 | + | - uid | |
29 | + | ldap_rootdn: "uid=lldap_readonly,ou=people,dc=f-hub,dc=org" | |
30 | + | ldap_password: "thisisreadonly" | |
31 | + | ldap_base: "ou=people,dc=f-hub,dc=org" | |
32 | + | anon.example.org: #Todo: disable http_upload | |
33 | + | auth_method: [anonymous] | |
34 | + | disable_sasl_mechanisms: [ "X-OAUTH2", "digest-md5" , "plain" ] | |
35 | + | anonymous_protocol: sasl_anon | |
36 | + | ||
37 | + | append_host_config: | |
38 | + | example.org: | |
39 | + | modules: | |
40 | + | mod_http_upload: | |
41 | + | put_url: https://uploads.@HOST@/upload | |
42 | + | docroot: /data/exampleorg/xmpp/ejabberd/user-uploads | |
43 | + | #max_size: 104857600 # 100 MiB (default) | |
44 | + | file_mode: "0640" | |
45 | + | dir_mode: "2750" | |
46 | + | mod_http_upload_quota: | |
47 | + | max_days: 365 | |
48 | + | ||
49 | + | loglevel: warning | |
50 | + | ||
51 | + | # rotation: Disable ejabberd's internal log rotation | |
52 | + | #log_rotate_count: 0 | |
53 | + | ||
54 | + | ca_file: /opt/ejabberd/conf/cacert.pem | |
55 | + | ||
56 | + | #certfiles: | |
57 | + | # - /opt/ejabberd/conf/server.pem | |
58 | + | ||
59 | + | ## If you already have certificates, list them here | |
60 | + | certfiles: | |
61 | + | - /data/exampleorg/xmpp/ejabberd/certs/*/*.pem | |
62 | + | ||
63 | + | acme: | |
64 | + | auto: false | |
65 | + | ||
66 | + | # TLS configuration | |
67 | + | define_macro: | |
68 | + | 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" | |
69 | + | 'TLS_OPTIONS': | |
70 | + | - "no_sslv3" | |
71 | + | - "no_tlsv1" | |
72 | + | - "no_tlsv1_1" | |
73 | + | - "cipher_server_preference" | |
74 | + | - "no_compression" | |
75 | + | 'DH_FILE': "/data/exampleorg/xmpp/ejabberd/certs/dhparams.pem" | |
76 | + | # generated with: openssl dhparam -out dhparams.pem 2048 | |
77 | + | ||
78 | + | c2s_ciphers: 'TLS_CIPHERS' | |
79 | + | s2s_ciphers: 'TLS_CIPHERS' | |
80 | + | c2s_protocol_options: 'TLS_OPTIONS' | |
81 | + | s2s_protocol_options: 'TLS_OPTIONS' | |
82 | + | c2s_dhfile: 'DH_FILE' | |
83 | + | s2s_dhfile: 'DH_FILE' | |
84 | + | ||
85 | + | listen: | |
86 | + | - | |
87 | + | port: 5222 | |
88 | + | ip: "::" | |
89 | + | module: ejabberd_c2s | |
90 | + | max_stanza_size: 262144 | |
91 | + | shaper: c2s_shaper | |
92 | + | access: c2s | |
93 | + | starttls_required: true | |
94 | + | protocol_options: 'TLS_OPTIONS' | |
95 | + | - | |
96 | + | port: 5223 | |
97 | + | ip: "::" | |
98 | + | tls: true | |
99 | + | module: ejabberd_c2s | |
100 | + | max_stanza_size: 262144 | |
101 | + | shaper: c2s_shaper | |
102 | + | access: c2s | |
103 | + | starttls_required: true | |
104 | + | - | |
105 | + | port: 5269 | |
106 | + | ip: "::" | |
107 | + | module: ejabberd_s2s_in | |
108 | + | max_stanza_size: 524288 | |
109 | + | - | |
110 | + | port: 5280 | |
111 | + | ip: "::" | |
112 | + | # ip: "127.0.0.1" | |
113 | + | protocol_options: 'TLS_OPTIONS' | |
114 | + | module: ejabberd_http | |
115 | + | request_handlers: | |
116 | + | /admin: ejabberd_web_admin | |
117 | + | /api: mod_http_api | |
118 | + | /bosh: mod_bosh | |
119 | + | # /captcha: ejabberd_captcha | |
120 | + | /upload: mod_http_upload | |
121 | + | /ws: ejabberd_http_ws | |
122 | + | # /.well-known/acme-challenge: ejabberd_acme | |
123 | + | custom_headers: | |
124 | + | "Access-Control-Allow-Origin": "*" | |
125 | + | "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT" | |
126 | + | "Access-Control-Allow-Headers": "Authorization" | |
127 | + | "Access-Control-Allow-Credentials": "true" | |
128 | + | ## STUN/TURN ToDo | |
129 | + | # - | |
130 | + | # port: 3478 | |
131 | + | # ip: "::" | |
132 | + | # transport: udp | |
133 | + | # module: ejabberd_stun | |
134 | + | # use_turn: true | |
135 | + | ## The server's public IPv4 address: | |
136 | + | # turn_ipv4_address: "203.0.113.3" | |
137 | + | ## The server's public IPv6 address: | |
138 | + | # turn_ipv6_address: "2001:db8::3" | |
139 | + | # - | |
140 | + | # port: 5349 | |
141 | + | # transport: tcp | |
142 | + | # module: ejabberd_stun | |
143 | + | # use_turn: true | |
144 | + | # tls: true | |
145 | + | # turn_min_port: 49152 | |
146 | + | # turn_max_port: 65535 | |
147 | + | # turn_ipv4_address: !!!!IP INTERFACE ADDRESS | |
148 | + | # - | |
149 | + | # port: 1883 | |
150 | + | # ip: "::" | |
151 | + | # module: mod_mqtt | |
152 | + | # backlog: 1000 | |
153 | + | ## Matrix gateway | |
154 | + | ## ToDo: change port to avoid conflict with nginx/synapse and reverse-proxy it | |
155 | + | # - | |
156 | + | # port: 8448 | |
157 | + | # module: ejabberd_http | |
158 | + | # tls: false | |
159 | + | # request_handlers: | |
160 | + | # "/_matrix": mod_matrix_gw | |
161 | + | ## XMPP Components | |
162 | + | - | |
163 | + | port: 5347 | |
164 | + | ip: "127.0.0.1" | |
165 | + | module: ejabberd_service | |
166 | + | global_routes: false | |
167 | + | hosts: | |
168 | + | # biboumi IRC gateways | |
169 | + | irc.example.org: | |
170 | + | password: "supersecretpasswordhere" | |
171 | + | ||
172 | + | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text | |
173 | + | ## password storage (see auth_password_format option). | |
174 | + | disable_sasl_mechanisms: | |
175 | + | - "digest-md5" | |
176 | + | ||
177 | + | ## Disable SASL SCRAM Downgrade Protection (XEP-0474) | |
178 | + | ## Todo: remove once Movim supports XEP-0474 | |
179 | + | disable_sasl_scram_downgrade_protection: true | |
180 | + | ||
181 | + | s2s_use_starttls: required | |
182 | + | ||
183 | + | trusted_proxies: | |
184 | + | - "127.0.0.1" | |
185 | + | - "192.168.1.1" | |
186 | + | ||
187 | + | ## Postgresql database config | |
188 | + | sql_type: pgsql | |
189 | + | sql_database: 'ejabberd' | |
190 | + | sql_username: 'ejabberd' | |
191 | + | #sql_server: localhost | |
192 | + | # Postgres container systemd-ejabberd-psql | |
193 | + | sql_port: 5432 | |
194 | + | sql_password: 'anothersupersecretpasswordhere' | |
195 | + | sql_prepared_statements: false | |
196 | + | #sql_pool_size: 2 #default 10 | |
197 | + | new_sql_schema: true | |
198 | + | update_sql_schema: true | |
199 | + | ||
200 | + | # Use SQL as the default persistent database | |
201 | + | default_db: sql | |
202 | + | ||
203 | + | acl: | |
204 | + | admin: | |
205 | + | user: | |
206 | + | - "admin@example.org" | |
207 | + | local: | |
208 | + | user_regexp: "" | |
209 | + | loopback: | |
210 | + | ip: | |
211 | + | - 127.0.0.0/8 | |
212 | + | - ::1/128 | |
213 | + | ||
214 | + | access_rules: | |
215 | + | local: | |
216 | + | allow: local | |
217 | + | c2s: | |
218 | + | deny: blocked | |
219 | + | allow: all | |
220 | + | announce: | |
221 | + | allow: admin | |
222 | + | configure: | |
223 | + | allow: admin | |
224 | + | muc_create: | |
225 | + | allow: local | |
226 | + | pubsub_createnode: | |
227 | + | allow: local | |
228 | + | trusted_network: | |
229 | + | allow: loopback | |
230 | + | ||
231 | + | api_permissions: | |
232 | + | "console commands": | |
233 | + | from: | |
234 | + | - ejabberd_ctl | |
235 | + | who: all | |
236 | + | what: "*" | |
237 | + | "admin access": | |
238 | + | who: | |
239 | + | access: | |
240 | + | allow: | |
241 | + | - acl: loopback | |
242 | + | - acl: admin | |
243 | + | oauth: | |
244 | + | scope: "ejabberd:admin" | |
245 | + | access: | |
246 | + | allow: | |
247 | + | - acl: loopback | |
248 | + | - acl: admin | |
249 | + | what: | |
250 | + | - "*" | |
251 | + | - "!stop" | |
252 | + | - "!start" | |
253 | + | "public commands": | |
254 | + | who: | |
255 | + | ip: 127.0.0.1/8 | |
256 | + | what: | |
257 | + | - status | |
258 | + | - connected_users_number | |
259 | + | ||
260 | + | shaper: | |
261 | + | normal: | |
262 | + | rate: 3000 | |
263 | + | burst_size: 20000 | |
264 | + | fast: 100000 | |
265 | + | ||
266 | + | shaper_rules: | |
267 | + | max_user_sessions: 10 | |
268 | + | max_user_offline_messages: | |
269 | + | 5000: admin | |
270 | + | 100: all | |
271 | + | c2s_shaper: | |
272 | + | none: admin | |
273 | + | normal: all | |
274 | + | s2s_shaper: fast | |
275 | + | soft_upload_quota: | |
276 | + | 250: all # MiB | |
277 | + | hard_upload_quota: | |
278 | + | 300: all # MiB | |
279 | + | ||
280 | + | modules: | |
281 | + | mod_adhoc: {} | |
282 | + | mod_admin_extra: {} | |
283 | + | mod_announce: | |
284 | + | access: announce | |
285 | + | mod_avatar: {} | |
286 | + | mod_blocking: {} | |
287 | + | mod_bosh: {} | |
288 | + | mod_caps: {} | |
289 | + | mod_carboncopy: {} | |
290 | + | mod_client_state: {} | |
291 | + | mod_configure: {} | |
292 | + | mod_disco: | |
293 | + | server_info: | |
294 | + | - | |
295 | + | modules: all | |
296 | + | name: "admin-addresses" | |
297 | + | urls: | |
298 | + | - "xmpp:admin@example.org" | |
299 | + | - | |
300 | + | modules: all | |
301 | + | name: "security-addresses" | |
302 | + | urls: | |
303 | + | - "xmpp:support@chat.example.org?join" | |
304 | + | - | |
305 | + | modules: all | |
306 | + | name: "abuse-addresses" | |
307 | + | urls: | |
308 | + | - "xmpp:support@chat.example.org?join" | |
309 | + | - | |
310 | + | modules: all | |
311 | + | name: "feedback-addresses" | |
312 | + | urls: | |
313 | + | - "xmpp:support@chat.example.org?join" | |
314 | + | - | |
315 | + | modules: all | |
316 | + | name: "support-addresses" | |
317 | + | urls: | |
318 | + | - "mailto:info@example.org" | |
319 | + | # mod_fail2ban: {} | |
320 | + | mod_host_meta: | |
321 | + | bosh_service_url: "https://chat.@HOST@/bosh" | |
322 | + | websocket_url: "wss://chat.@HOST@/ws" | |
323 | + | mod_http_api: {} | |
324 | + | # mod_http_upload: | |
325 | + | # put_url: https://uploads.@HOST@/upload | |
326 | + | # docroot: /data/exampleorg/xmpp/user-uploads | |
327 | + | # #max_size: 104857600 # 100 MiB (default) | |
328 | + | # file_mode: "0640" | |
329 | + | # dir_mode: "2750" | |
330 | + | # #custom_headers: | |
331 | + | # # "Access-Control-Allow-Origin": "https://@HOST@" | |
332 | + | # # "Access-Control-Allow-Origin": "*" | |
333 | + | # # "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" | |
334 | + | # # "Access-Control-Allow-Headers": "Content-Type" | |
335 | + | # # "Access-Control-Allow-Headers": "Authorization" | |
336 | + | # # "Access-Control-Allow-Credentials": "true" | |
337 | + | # #thumbnail: false # otherwise needs the identify command from ImageMagick installed | |
338 | + | # mod_http_upload_quota: | |
339 | + | # max_days: 365 | |
340 | + | mod_last: {} | |
341 | + | mod_mam: | |
342 | + | db_type: sql | |
343 | + | assume_mam_usage: true | |
344 | + | default: always | |
345 | + | user_mucsub_from_muc_archive: true | |
346 | + | compress_xml: true | |
347 | + | # mod_matrix_gw: | |
348 | + | # host: "matrix.@HOST@" | |
349 | + | # matrix_domain: "@HOST@" | |
350 | + | # key_name: "somename" | |
351 | + | # key: "yourkeyinbase64" | |
352 | + | # matrix_id_as_jid: false | |
353 | + | # mod_mqtt: {} | |
354 | + | mod_muc: | |
355 | + | host: "chat.@HOST@" | |
356 | + | access: | |
357 | + | - allow | |
358 | + | access_admin: | |
359 | + | - allow: admin | |
360 | + | access_create: muc_create | |
361 | + | access_persistent: muc_create | |
362 | + | access_mam: | |
363 | + | - allow | |
364 | + | max_users: 400 #default 200 | |
365 | + | max_users_presence: 2000 #default 1000 | |
366 | + | min_message_interval: 0.4 #spam rate limit | |
367 | + | history_size: 50 #default 20 | |
368 | + | default_room_options: | |
369 | + | allow_subscription: true | |
370 | + | allow_change_subj: false | |
371 | + | mam: true | |
372 | + | persistent: true | |
373 | + | anonymous: false | |
374 | + | members_only: true | |
375 | + | allow_user_invites: true | |
376 | + | public: false | |
377 | + | public_list: false | |
378 | + | lang: "en" | |
379 | + | mod_muc_admin: {} | |
380 | + | mod_muc_occupantid: {} | |
381 | + | mod_muc_rtbl: {} | |
382 | + | mod_offline: | |
383 | + | access_max_user_messages: max_user_offline_messages | |
384 | + | mod_ping: {} | |
385 | + | mod_pres_counter: | |
386 | + | count: 5 | |
387 | + | interval: 60 | |
388 | + | mod_privacy: {} | |
389 | + | mod_private: {} | |
390 | + | mod_proxy65: | |
391 | + | access: local | |
392 | + | max_connections: 5 | |
393 | + | mod_pubsub: | |
394 | + | #access_createnode: pubsub_createnode | |
395 | + | access_createnode: local | |
396 | + | ignore_pep_from_offline: false | |
397 | + | last_item_cache: false | |
398 | + | max_items_node: 1000 | |
399 | + | default_node_config: | |
400 | + | max_items: 1000 | |
401 | + | plugins: | |
402 | + | - flat | |
403 | + | - pep | |
404 | + | force_node_config: | |
405 | + | ## Avoid buggy clients to make their bookmarks public | |
406 | + | "storage:bookmarks": | |
407 | + | access_model: whitelist | |
408 | + | persist_items: true | |
409 | + | ## Enforce pubsub config for Movim | |
410 | + | "eu.siacs.conversations.axolotl.*": | |
411 | + | access_model: open | |
412 | + | "urn:xmpp:bookmarks:0": | |
413 | + | access_model: whitelist | |
414 | + | send_last_published_item: never | |
415 | + | persist_items: true | |
416 | + | max_items: infinity | |
417 | + | "urn:xmpp:bookmarks:1": | |
418 | + | access_model: whitelist | |
419 | + | send_last_published_item: never | |
420 | + | persist_items: true | |
421 | + | max_items: infinity | |
422 | + | "urn:xmpp:pubsub:movim-public-subscription": | |
423 | + | access_model: whitelist | |
424 | + | persist_items: true | |
425 | + | max_items: infinity | |
426 | + | "urn:xmpp:microblog:0": | |
427 | + | max_items: infinity | |
428 | + | access_model: presence | |
429 | + | notify_retract: true | |
430 | + | persist_items: true | |
431 | + | "urn:xmpp:microblog:0:comments*": | |
432 | + | max_items: infinity | |
433 | + | access_model: open | |
434 | + | notify_retract: true | |
435 | + | persist_items: true | |
436 | + | mod_push: {} | |
437 | + | mod_push_keepalive: {} | |
438 | + | mod_register: | |
439 | + | ## No registration via XMPP supported, redirect to | |
440 | + | ## Todo: make vhost specific | |
441 | + | redirect_url: "https://example.org/" | |
442 | + | ## Only accept registration requests from the "trusted" | |
443 | + | ## network (see access_rules section above). | |
444 | + | ## Think twice before enabling registration from any | |
445 | + | ## address. See the Jabber SPAM Manifesto for details: | |
446 | + | ## https://github.com/ge0rg/jabber-spam-fighting-manifesto | |
447 | + | #ip_access: trusted_network | |
448 | + | mod_roster: | |
449 | + | versioning: true | |
450 | + | mod_s2s_dialback: {} | |
451 | + | mod_shared_roster: {} | |
452 | + | mod_stream_mgmt: | |
453 | + | resend_on_timeout: if_offline | |
454 | + | mod_stun_disco: | |
455 | + | credentials_lifetime: 6h | |
456 | + | mod_vcard: | |
457 | + | search: false | |
458 | + | mod_vcard_xupdate: {} | |
459 | + | mod_version: | |
460 | + | show_os: false | |
461 | + | ||
462 | + | allow_contrib_modules: true | |
463 | + | ### Local Variables: | |
464 | + | ### mode: yaml | |
465 | + | ### End: | |
466 | + | ### vim: set filetype=yaml tabstop=8 |