mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
* doc/guide.tex: Document s2s_default_policy and
s2s_host (EJAB-575) * doc/guide.html: Likewise SVN Revision: 1246
This commit is contained in:
parent
1247a98cf2
commit
efec28ada7
@ -1,3 +1,9 @@
|
||||
2008-03-21 Badlop <badlop@process-one.net>
|
||||
|
||||
* doc/guide.tex: Document s2s_default_policy and
|
||||
s2s_host (EJAB-575)
|
||||
* doc/guide.html: Likewise
|
||||
|
||||
2008-03-21 Christophe Romain <christophe.romain@process-one.net>
|
||||
|
||||
* src/pam/epam.erl: Seek epam binary into priv/bin (EJAB-573)
|
||||
|
@ -709,6 +709,13 @@ use STARTTLS for s2s connections.
|
||||
file containing a SSL certificate.
|
||||
</DD><DT CLASS="dt-description"><B><TT>{domain_certfile, Domain, Path}</TT></B></DT><DD CLASS="dd-description">
|
||||
Full path to the file containing the SSL certificate for a specific domain.
|
||||
</DD><DT CLASS="dt-description"><B><TT>{s2s_default_policy, allow|deny}</TT></B></DT><DD CLASS="dd-description">
|
||||
The default policy for incoming and outgoing s2s connections to other Jabber servers.
|
||||
The default value is <TT>allow</TT>.
|
||||
</DD><DT CLASS="dt-description"><B><TT>{{s2s_host, Host}, allow|deny}</TT></B></DT><DD CLASS="dd-description">
|
||||
Defines if incoming and outgoing s2s connections with a specific remote host are allowed or denied.
|
||||
This allows to restrict ejabberd to only stablish s2s connections
|
||||
with a small list of trusted servers, or to block some specific servers.
|
||||
</DD></DL><P>For example, the following simple configuration defines:
|
||||
</P><UL CLASS="itemize"><LI CLASS="li-itemize">
|
||||
There are three domains. The default certificate file is <TT>server.pem</TT>.
|
||||
@ -757,6 +764,8 @@ c2s connections are listened for on port 5222 and 5223 (SSL) and denied
|
||||
for the user called ‘<TT>bad</TT>’.
|
||||
</LI><LI CLASS="li-itemize">s2s connections are listened for on port 5269 with STARTTLS for secured
|
||||
traffic enabled.
|
||||
Incoming and outgoing connections of remote Jabber servers are denied,
|
||||
only two servers can connect: "jabber.example.org" and "example.com".
|
||||
</LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service. Note
|
||||
that it is also possible to serve them on different ports. The second
|
||||
example in section <A HREF="#webinterface">??</A> shows how exactly this can be done.
|
||||
@ -815,6 +824,9 @@ connected to port 5237 with password ‘<TT>ggsecret</TT>’.
|
||||
}.
|
||||
{s2s_use_starttls, true}.
|
||||
{s2s_certfile, "/path/to/ssl.pem"}.
|
||||
{s2s_default_policy, deny}.
|
||||
{{s2s_host,"jabber.example.org"}, allow}.
|
||||
{{s2s_host,"example.com"}, allow}.
|
||||
</PRE><P>Note, that for jabberd 1.4- or WPJabber-based
|
||||
services you have to make the transports log and do XDB by themselves:
|
||||
</P><PRE CLASS="verbatim"> <!--
|
||||
|
@ -774,6 +774,13 @@ There are some additional global options:
|
||||
file containing a SSL certificate.
|
||||
\titem{\{domain\_certfile, Domain, Path\}} \ind{options!domain\_certfile}
|
||||
Full path to the file containing the SSL certificate for a specific domain.
|
||||
\titem{\{s2s\_default\_policy, allow|deny\}}
|
||||
The default policy for incoming and outgoing s2s connections to other Jabber servers.
|
||||
The default value is \term{allow}.
|
||||
\titem{\{\{s2s\_host, Host\}, allow|deny\}}
|
||||
Defines if incoming and outgoing s2s connections with a specific remote host are allowed or denied.
|
||||
This allows to restrict ejabberd to only stablish s2s connections
|
||||
with a small list of trusted servers, or to block some specific servers.
|
||||
\end{description}
|
||||
|
||||
For example, the following simple configuration defines:
|
||||
@ -828,6 +835,8 @@ In this example, the following configuration defines that:
|
||||
for the user called `\term{bad}'.
|
||||
\item s2s connections are listened for on port 5269 with STARTTLS for secured
|
||||
traffic enabled.
|
||||
Incoming and outgoing connections of remote Jabber servers are denied,
|
||||
only two servers can connect: "jabber.example.org" and "example.com".
|
||||
\item Port 5280 is serving the Web Admin and the HTTP Polling service. Note
|
||||
that it is also possible to serve them on different ports. The second
|
||||
example in section~\ref{webinterface} shows how exactly this can be done.
|
||||
@ -888,6 +897,9 @@ In this example, the following configuration defines that:
|
||||
}.
|
||||
{s2s_use_starttls, true}.
|
||||
{s2s_certfile, "/path/to/ssl.pem"}.
|
||||
{s2s_default_policy, deny}.
|
||||
{{s2s_host,"jabber.example.org"}, allow}.
|
||||
{{s2s_host,"example.com"}, allow}.
|
||||
\end{verbatim}
|
||||
Note, that for \ind{jabberd 1.4}jabberd 1.4- or \ind{WPJabber}WPJabber-based
|
||||
services you have to make the transports log and do \ind{XDB}XDB by themselves:
|
||||
|
Loading…
Reference in New Issue
Block a user