diff --git a/ejabberd.yml.example b/ejabberd.yml.example index 782c00e4f..5c081e70b 100644 --- a/ejabberd.yml.example +++ b/ejabberd.yml.example @@ -106,6 +106,17 @@ hosts: ###. =============== ###' LISTENING PORTS +## Define common macros used by listeners +## define_macro: +## 'CERTFILE': "/path/to/xmpp.pem" +## 'CIPHERS': "ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM@STRENGTH" +## 'TLSOPTS': +## - "no_sslv3" +## - "no_tlsv1" +## - "cipher_server_preference" +## - "no_compression" +## 'DHFILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 + ## ## listen: The ports ejabberd will listen on, which service each is handled ## by and what options to start it with. @@ -113,36 +124,53 @@ hosts: listen: - port: 5222 + ip: "::" module: ejabberd_c2s ## ## If TLS is compiled in and you installed a SSL ## certificate, specify the full path to the ## file and uncomment these lines: ## - ## certfile: "/path/to/ssl.pem" ## starttls: true + ## certfile: 'CERTFILE' + ## protocol_options: 'TLSOPTS' + ## dhfile: 'DHFILE' + ## ciphers: 'CIPHERS' ## ## To enforce TLS encryption for client connections, ## use this instead of the "starttls" option: ## ## starttls_required: true ## - ## Custom OpenSSL options + ## Stream compression + ## + ## zlib: true ## - ## protocol_options: - ## - "no_sslv3" - ## - "no_tlsv1" max_stanza_size: 65536 shaper: c2s_shaper access: c2s - port: 5269 + ip: "::" module: ejabberd_s2s_in + - + port: 5280 + ip: "::" + module: ejabberd_http + request_handlers: + "/websocket": ejabberd_http_ws + "/api": mod_http_api + ## "/pub/archive": mod_http_fileserver + web_admin: true + http_bind: true + ## register: true + captcha: true ## ## ejabberd_service: Interact with external components (transports, ...) ## ## - ## port: 8888 + ## ip: "::" ## module: ejabberd_service ## access: all ## shaper_rule: fast @@ -175,19 +203,28 @@ listen: ## ## - ## port: 4560 + ## ip: "::" ## module: ejabberd_xmlrpc ## access_commands: {} - - - port: 5280 - module: ejabberd_http - request_handlers: - "/websocket": ejabberd_http_ws - "/api": mod_http_api - ## "/pub/archive": mod_http_fileserver - web_admin: true - http_bind: true - ## register: true - captcha: true + + ## + ## To enable secure http upload + ## + ## - + ## port: 5444 + ## ip: "::" + ## module: ejabberd_http + ## request_handlers: + ## "": mod_http_upload + ## tls: true + ## certfile: 'CERTFILE' + ## protocol_options: 'TLSOPTS' + ## dhfile: 'DHFILE' + ## ciphers: 'CIPHERS' + +## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text +## password storage (see auth_password_format option). +## disable_sasl_mechanisms: "digest-md5" ###. ================== ###' S2S GLOBAL OPTIONS @@ -630,7 +667,7 @@ language: "en" ## modules: mod_adhoc: {} - ## mod_admin_extra: {} + mod_admin_extra: {} mod_announce: # recommends mod_adhoc access: announce mod_blocking: {} # requires mod_privacy @@ -638,15 +675,25 @@ modules: mod_carboncopy: {} mod_client_state: {} mod_configure: {} # requires mod_adhoc - ##mod_delegation: {} # for xep0356 + ## mod_delegation: {} # for xep0356 mod_disco: {} - ## mod_echo: {} + mod_echo: {} mod_irc: {} mod_bosh: {} ## mod_http_fileserver: ## docroot: "/var/www" ## accesslog: "/var/log/ejabberd/access.log" + ## mod_http_upload: + ## # docroot: "@HOME@/upload" + ## put_url: "https://@HOST@:5444" + ## thumbnail: false # otherwise needs the identify command from ImageMagick installed + ## mod_http_upload_quota: + ## max_days: 30 mod_last: {} + ## XEP-0313: Message Archive Management + ## You might want to setup a SQL backend for MAM because the mnesia database is + ## limited to 2GB which might be exceeded on large servers + ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend mod_muc: ## host: "conference.@HOST@" access: @@ -655,6 +702,7 @@ modules: - allow: admin access_create: muc_create access_persistent: muc_create + mod_muc_admin: {} ## mod_muc_log: {} ## mod_multicast: {} mod_offline: