mirror of
https://github.com/processone/ejabberd.git
synced 2024-06-14 22:00:16 +02:00
* doc/guide.tex: Document s2s_default_policy and
s2s_host (EJAB-575) * doc/guide.html: Likewise SVN Revision: 1246
This commit is contained in:
parent
9e60b2b0a6
commit
20ebe81384
|
@ -1,3 +1,9 @@
|
||||||
|
2008-03-21 Badlop <badlop@process-one.net>
|
||||||
|
|
||||||
|
* doc/guide.tex: Document s2s_default_policy and
|
||||||
|
s2s_host (EJAB-575)
|
||||||
|
* doc/guide.html: Likewise
|
||||||
|
|
||||||
2008-03-21 Christophe Romain <christophe.romain@process-one.net>
|
2008-03-21 Christophe Romain <christophe.romain@process-one.net>
|
||||||
|
|
||||||
* src/pam/epam.erl: Seek epam binary into priv/bin (EJAB-573)
|
* src/pam/epam.erl: Seek epam binary into priv/bin (EJAB-573)
|
||||||
|
|
|
@ -711,6 +711,13 @@ use STARTTLS for s2s connections.
|
||||||
file containing a SSL certificate.
|
file containing a SSL certificate.
|
||||||
</DD><DT CLASS="dt-description"><B><TT>{domain_certfile, Domain, Path}</TT></B></DT><DD CLASS="dd-description">
|
</DD><DT CLASS="dt-description"><B><TT>{domain_certfile, Domain, Path}</TT></B></DT><DD CLASS="dd-description">
|
||||||
Full path to the file containing the SSL certificate for a specific domain.
|
Full path to the file containing the SSL certificate for a specific domain.
|
||||||
|
</DD><DT CLASS="dt-description"><B><TT>{s2s_default_policy, allow|deny}</TT></B></DT><DD CLASS="dd-description">
|
||||||
|
The default policy for incoming and outgoing s2s connections to other Jabber servers.
|
||||||
|
The default value is <TT>allow</TT>.
|
||||||
|
</DD><DT CLASS="dt-description"><B><TT>{{s2s_host, Host}, allow|deny}</TT></B></DT><DD CLASS="dd-description">
|
||||||
|
Defines if incoming and outgoing s2s connections with a specific remote host are allowed or denied.
|
||||||
|
This allows to restrict ejabberd to only stablish s2s connections
|
||||||
|
with a small list of trusted servers, or to block some specific servers.
|
||||||
</DD></DL><P>For example, the following simple configuration defines:
|
</DD></DL><P>For example, the following simple configuration defines:
|
||||||
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
|
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
|
||||||
There are three domains. The default certificate file is <TT>server.pem</TT>.
|
There are three domains. The default certificate file is <TT>server.pem</TT>.
|
||||||
|
@ -759,6 +766,8 @@ c2s connections are listened for on port 5222 and 5223 (SSL) and denied
|
||||||
for the user called ‘<TT>bad</TT>’.
|
for the user called ‘<TT>bad</TT>’.
|
||||||
</LI><LI CLASS="li-itemize">s2s connections are listened for on port 5269 with STARTTLS for secured
|
</LI><LI CLASS="li-itemize">s2s connections are listened for on port 5269 with STARTTLS for secured
|
||||||
traffic enabled.
|
traffic enabled.
|
||||||
|
Incoming and outgoing connections of remote Jabber servers are denied,
|
||||||
|
only two servers can connect: "jabber.example.org" and "example.com".
|
||||||
</LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service. Note
|
</LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service. Note
|
||||||
that it is also possible to serve them on different ports. The second
|
that it is also possible to serve them on different ports. The second
|
||||||
example in section <A HREF="#webinterface">??</A> shows how exactly this can be done.
|
example in section <A HREF="#webinterface">??</A> shows how exactly this can be done.
|
||||||
|
@ -817,6 +826,9 @@ connected to port 5237 with password ‘<TT>ggsecret</TT>’.
|
||||||
}.
|
}.
|
||||||
{s2s_use_starttls, true}.
|
{s2s_use_starttls, true}.
|
||||||
{s2s_certfile, "/path/to/ssl.pem"}.
|
{s2s_certfile, "/path/to/ssl.pem"}.
|
||||||
|
{s2s_default_policy, deny}.
|
||||||
|
{{s2s_host,"jabber.example.org"}, allow}.
|
||||||
|
{{s2s_host,"example.com"}, allow}.
|
||||||
</PRE><P>Note, that for jabberd 1.4- or WPJabber-based
|
</PRE><P>Note, that for jabberd 1.4- or WPJabber-based
|
||||||
services you have to make the transports log and do XDB by themselves:
|
services you have to make the transports log and do XDB by themselves:
|
||||||
</P><PRE CLASS="verbatim"> <!--
|
</P><PRE CLASS="verbatim"> <!--
|
||||||
|
|
|
@ -774,6 +774,13 @@ There are some additional global options:
|
||||||
file containing a SSL certificate.
|
file containing a SSL certificate.
|
||||||
\titem{\{domain\_certfile, Domain, Path\}} \ind{options!domain\_certfile}
|
\titem{\{domain\_certfile, Domain, Path\}} \ind{options!domain\_certfile}
|
||||||
Full path to the file containing the SSL certificate for a specific domain.
|
Full path to the file containing the SSL certificate for a specific domain.
|
||||||
|
\titem{\{s2s\_default\_policy, allow|deny\}}
|
||||||
|
The default policy for incoming and outgoing s2s connections to other Jabber servers.
|
||||||
|
The default value is \term{allow}.
|
||||||
|
\titem{\{\{s2s\_host, Host\}, allow|deny\}}
|
||||||
|
Defines if incoming and outgoing s2s connections with a specific remote host are allowed or denied.
|
||||||
|
This allows to restrict ejabberd to only stablish s2s connections
|
||||||
|
with a small list of trusted servers, or to block some specific servers.
|
||||||
\end{description}
|
\end{description}
|
||||||
|
|
||||||
For example, the following simple configuration defines:
|
For example, the following simple configuration defines:
|
||||||
|
@ -828,6 +835,8 @@ In this example, the following configuration defines that:
|
||||||
for the user called `\term{bad}'.
|
for the user called `\term{bad}'.
|
||||||
\item s2s connections are listened for on port 5269 with STARTTLS for secured
|
\item s2s connections are listened for on port 5269 with STARTTLS for secured
|
||||||
traffic enabled.
|
traffic enabled.
|
||||||
|
Incoming and outgoing connections of remote Jabber servers are denied,
|
||||||
|
only two servers can connect: "jabber.example.org" and "example.com".
|
||||||
\item Port 5280 is serving the Web Admin and the HTTP Polling service. Note
|
\item Port 5280 is serving the Web Admin and the HTTP Polling service. Note
|
||||||
that it is also possible to serve them on different ports. The second
|
that it is also possible to serve them on different ports. The second
|
||||||
example in section~\ref{webinterface} shows how exactly this can be done.
|
example in section~\ref{webinterface} shows how exactly this can be done.
|
||||||
|
@ -888,6 +897,9 @@ In this example, the following configuration defines that:
|
||||||
}.
|
}.
|
||||||
{s2s_use_starttls, true}.
|
{s2s_use_starttls, true}.
|
||||||
{s2s_certfile, "/path/to/ssl.pem"}.
|
{s2s_certfile, "/path/to/ssl.pem"}.
|
||||||
|
{s2s_default_policy, deny}.
|
||||||
|
{{s2s_host,"jabber.example.org"}, allow}.
|
||||||
|
{{s2s_host,"example.com"}, allow}.
|
||||||
\end{verbatim}
|
\end{verbatim}
|
||||||
Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based
|
Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based
|
||||||
services you have to make the transports log and do \ind{XDB}XDB by themselves:
|
services you have to make the transports log and do \ind{XDB}XDB by themselves:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user