Add mod_muc_occupantid to the list of modules enabled in the sample
configuration. It's not necessarily obvious that it's required for
using certain modern features in group chat, and there's no downside in
activating this module.
STUN via UDP can easily be abused for reflection/amplification DDoS
attacks. Suggest a non-standard port to make it harder for attackers to
discover the service.
Modern XMPP clients discover the port via XEP-0215, so there's no
advantage in sticking to the standard port.
The ejabberd_c2s listener for port 5223 is meant to support direct TLS
access rather than STARTTLS. Therefore, remove the 'starttls_required'
option, which had no effect.
Add the 'mod_stun_disco' module, which allows XMPP clients to discover
STUN/TURN services and to obtain temporary credentials for using them as
per XEP-0215: External Service Discovery. The temporary credentials
handed out to clients have the format described in:
https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
Also add the new module to the example configuration file.
Closes#2947.
This change requires Erlang/OTP-21.0 or higher.
The commit also deprecates the following options:
- log_rotate_date
- log_rate_limit
Furthermore, these options have no effect. The logger now fully
relies on log_rotate_size, that cannot be 0 anymore.
The loglevel option now accepts levels in literal formats.
Those are: none, emergency, alert, critical, error, warning, notice, info, debug.
Old integer values (0-5) are still supported and automatically converted
into literal format.
The purpose is two-fold:
- To simplify the example config.
- To avoid old TLS configuration to be persistent across
server updates: this might bring security problems, because
what's considered "modern" now might be insecure in the future.
Specify a larger 'max_stanza_size' limit for c2s connections in the
default configuration in order to reduce the risk of this limit being
hit by legitimate traffic (such as avatar uploads).
Specify a 'max_stanza_size' limit for incoming s2s connections in the
example configuration, but use a relatively large value in order to
minimize the risk of this limit being hit by legitimate traffic.
After some discussion with the community it was decided to
clean the configuration file from excessive comments and
explicitly configured default values. Also, mod_mam and
mod_http_upload have been added.
The rationale for this is to have a clean and not bloated
configuration file which doesn't scare away newcomers and
which has all features from the Compliance Suite 2018 (XEP-0387)
enabled by default.
For further configuration an admin is encouraged to read the
documentation at https://docs.ejabberd.im/admin/configuration