Configuration for ejabberd. ejabberd.yml example
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

ejabberd.yml 6.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300
  1. ###
  2. ### ejabberd configuration file
  3. ###
  4. ### The parameters used in this configuration file are explained at
  5. ###
  6. ### https://docs.ejabberd.im/admin/configuration
  7. ###
  8. ### The configuration file is written in YAML.
  9. ### *******************************************************
  10. ### ******* !!! WARNING !!! *******
  11. ### ******* YAML IS INDENTATION SENSITIVE *******
  12. ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
  13. ### *******************************************************
  14. ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
  15. ### However, ejabberd treats different literals as different types:
  16. ###
  17. ### - unquoted or single-quoted strings. They are called "atoms".
  18. ### Example: dog, 'Jupiter', '3.14159', YELLOW
  19. ###
  20. ### - numeric literals. Example: 3, -45.0, .0
  21. ###
  22. ### - quoted or folded strings.
  23. ### Examples of quoted string: "Lizzard", "orange".
  24. ### Example of folded string:
  25. ### > Art thou not Romeo,
  26. ### and a Montague?
  27. ###
  28. hosts:
  29. - "domain1.com"
  30. - "domain2.com"
  31. - "pub.domain1.com"
  32. ## rotation: Disable ejabberd's internal log rotation, as the Debian package
  33. ## uses logrotate(8).
  34. loglevel: 4
  35. log_rotate_count: 0
  36. certfiles:
  37. - "/etc/ejabberd/xmpp.pem"
  38. - "/etc/ejabberd/xmpp_domain2.pem"
  39. - "/etc/ejabberd/xmpp_pub.pem"
  40. ## TLS configuration
  41. define_macro:
  42. 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
  43. 'TLS_OPTIONS':
  44. - "no_sslv3"
  45. - "cipher_server_preference"
  46. - "no_compression"
  47. ## 'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
  48. c2s_ciphers: 'TLS_CIPHERS'
  49. s2s_ciphers: 'TLS_CIPHERS'
  50. c2s_protocol_options: 'TLS_OPTIONS'
  51. s2s_protocol_options: 'TLS_OPTIONS'
  52. ## c2s_dhfile: 'DH_FILE'
  53. ## s2s_dhfile: 'DH_FILE'
  54. listen:
  55. -
  56. port: 5222
  57. ip: "::"
  58. module: ejabberd_c2s
  59. max_stanza_size: 262144
  60. shaper: c2s_shaper
  61. access: c2s
  62. starttls_required: true
  63. protocol_options: 'TLS_OPTIONS'
  64. -
  65. port: 5269
  66. ip: "::"
  67. module: ejabberd_s2s_in
  68. max_stanza_size: 524288
  69. -
  70. port: 5443
  71. ip: "::"
  72. module: ejabberd_http
  73. request_handlers:
  74. "/api": mod_http_api
  75. "/bosh": mod_bosh
  76. "/upload": mod_http_upload
  77. "/ws": ejabberd_http_ws
  78. web_admin: true
  79. captcha: true
  80. tls: true
  81. protocol_options: 'TLS_OPTIONS'
  82. -
  83. port: 3478
  84. transport: udp
  85. module: ejabberd_stun
  86. -
  87. port: 3478
  88. module: ejabberd_stun
  89. -
  90. port: 5349
  91. module: ejabberd_stun
  92. certfile: "/etc/ejabberd/xmpp.pem"
  93. certfile: "/etc/ejabberd/xmpp_domain2.pem"
  94. ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
  95. ## password storage (see auth_password_format option).
  96. disable_sasl_mechanisms:
  97. - "digest-md5"
  98. - "X-OAUTH2"
  99. s2s_use_starttls: required
  100. ## Store the plain passwords or hashed for SCRAM:
  101. auth_password_format: scram
  102. ## Full path to a script that generates the image.
  103. ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
  104. acl:
  105. admin:
  106. user:
  107. - "admin@domain1.com"
  108. local:
  109. user_regexp: ""
  110. loopback:
  111. ip:
  112. - "127.0.0.0/8"
  113. - "::1/128"
  114. - "::FFFF:127.0.0.1/128"
  115. access_rules:
  116. local:
  117. - allow: local
  118. c2s:
  119. - deny: blocked
  120. - allow
  121. announce:
  122. - allow: admin
  123. configure:
  124. - allow: admin
  125. muc_create:
  126. - allow: local
  127. pubsub_createnode:
  128. - allow: local
  129. register:
  130. - deny
  131. trusted_network:
  132. - allow: loopback
  133. api_permissions:
  134. "console commands":
  135. from:
  136. - ejabberd_ctl
  137. who: all
  138. what: "*"
  139. "admin access":
  140. who:
  141. - access:
  142. - allow:
  143. - acl: loopback
  144. - acl: admin
  145. - oauth:
  146. - scope: "ejabberd:admin"
  147. - access:
  148. - allow:
  149. - acl: loopback
  150. - acl: admin
  151. what:
  152. - "*"
  153. - "!stop"
  154. - "!start"
  155. "public commands":
  156. who:
  157. - ip: "127.0.0.1/8"
  158. what:
  159. - "status"
  160. - "connected_users_number"
  161. shaper:
  162. normal: 1000
  163. fast: 50000
  164. shaper_rules:
  165. max_user_sessions: 10
  166. max_user_offline_messages:
  167. - 5000: admin
  168. - 100
  169. c2s_shaper:
  170. - none: admin
  171. - normal
  172. s2s_shaper: fast
  173. modules:
  174. mod_adhoc: {}
  175. mod_admin_extra: {}
  176. mod_announce:
  177. access: announce
  178. mod_avatar: {}
  179. mod_block_strangers: {}
  180. mod_blocking: {}
  181. mod_bosh: {}
  182. mod_caps: {}
  183. mod_carboncopy: {}
  184. mod_client_state: {}
  185. mod_configure: {}
  186. mod_delegation: {} # for xep0356
  187. mod_disco: {}
  188. mod_fail2ban: {}
  189. mod_http_api: {}
  190. mod_http_fileserver:
  191. docroot: "/files/"
  192. accesslog: "/var/log/ejabberd/access.log"
  193. mod_http_upload:
  194. docroot: "/files/"
  195. put_url: "https://@HOST@:5443/upload"
  196. thumbnail: false # otherwise needs the identify command from ImageMagick installed
  197. custom_headers:
  198. "Access-Control-Allow-Origin": "*"
  199. "Access-Control-Allow-Methods": "PUT"
  200. "Access-Control-Allow-Headers": "content-type"
  201. mod_http_upload_quota:
  202. max_days: 30
  203. mod_last: {}
  204. mod_pres_counter:
  205. count: 5
  206. interval: 60
  207. mod_mam:
  208. ## Mnesia is limited to 2GB, better to use an SQL backend
  209. ## For small servers SQLite is a good fit and is very easy
  210. ## to configure. Uncomment this when you have SQL configured:
  211. ## db_type: sql
  212. assume_mam_usage: true
  213. default: always
  214. mod_muc:
  215. access:
  216. - allow
  217. access_admin:
  218. - allow: admin
  219. access_create: muc_create
  220. access_persistent: muc_create
  221. default_room_options:
  222. mam: true
  223. mod_muc_admin: {}
  224. mod_muc_log:
  225. access_log: muc
  226. dirtype: plain
  227. dirname: room_jid
  228. file_format: html
  229. outdir: "/var/log/ejabberd/muclog"
  230. timezone: local
  231. mod_multicast: {}
  232. mod_offline:
  233. access_max_user_messages: max_user_offline_messages
  234. mod_ping: {}
  235. mod_privacy: {}
  236. mod_private: {}
  237. mod_pubsub:
  238. access_createnode: pubsub_createnode
  239. plugins:
  240. - "flat"
  241. - "pep"
  242. force_node_config:
  243. ## Comment out the following lines to enable OMEMO support
  244. ## See https://github.com/processone/ejabberd/issues/2425
  245. "eu.siacs.conversations.axolotl.*":
  246. access_model: open
  247. ## Avoid buggy clients to make their bookmarks public
  248. "storage:bookmarks":
  249. access_model: whitelist
  250. mod_push: {}
  251. mod_push_keepalive: {}
  252. mod_register:
  253. ## Only accept registration requests from the "trusted"
  254. ## network (see access_rules section above).
  255. ## Think twice before enabling registration from any
  256. ## address. See the Jabber SPAM Manifesto for details:
  257. ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
  258. access: deny
  259. mod_roster:
  260. versioning: true
  261. mod_s2s_dialback: {}
  262. mod_shared_roster: {}
  263. mod_sic: {}
  264. mod_stats: {}
  265. mod_stream_mgmt:
  266. resend_on_timeout: if_offline
  267. mod_time: {}
  268. mod_vcard: {}
  269. mod_vcard_xupdate: {}
  270. mod_version:
  271. show_os: false
  272. mod_stream_mgmt:
  273. resend_on_timeout: if_offline
  274. ### Local Variables:
  275. ### mode: yaml
  276. ### End:
  277. ### vim: set filetype=yaml tabstop=8
  278. allow_contrib_modules: true
  279. host_config:
  280. "pub.domain1.com":
  281. auth_method: [anonymous]
  282. anonymous_protocol: both