From 26b9d25f3211546c4880c5cf64498d05974c5739 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Wed, 18 Jul 2018 18:22:24 +0200
Subject: [PATCH] Enable TLS by default (and require it for c2s)

---
 ejabberd.yml.example | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ejabberd.yml.example b/ejabberd.yml.example
index a94a186f6..fd5c3e25e 100644
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@@ -46,12 +46,13 @@ listen:
     max_stanza_size: 65536
     shaper: c2s_shaper
     access: c2s
+    starttls_required: true
   -
     port: 5269
     ip: "::"
     module: ejabberd_s2s_in
   -
-    port: 5280
+    port: 5443
     ip: "::"
     module: ejabberd_http
     request_handlers:
@@ -61,6 +62,9 @@ listen:
       "/ws": ejabberd_http_ws
     web_admin: true
     captcha: true
+    tls: true
+
+s2s_use_starttls: optional
 
 acl:
   local:
@@ -149,7 +153,7 @@ modules:
   mod_fail2ban: {}
   mod_http_api: {}
   mod_http_upload:
-    put_url: "http://@HOST@:5280/upload"
+    put_url: "https://@HOST@:5443/upload"
   mod_last: {}
   mod_mam:
     ## Mnesia is limited to 2GB, better to use an SQL backend