25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-16 17:15:55 +01:00
Commit Graph

136 Commits

Author SHA1 Message Date
Holger Weiss
18c54f4e9e ejabberd.yml.example: Use non-standard STUN port
STUN via UDP can easily be abused for reflection/amplification DDoS
attacks.  Suggest a non-standard port to make it harder for attackers to
discover the service.

Modern XMPP clients discover the port via XEP-0215, so there's no
advantage in sticking to the standard port.
2024-11-14 12:21:58 +01:00
Badlop
853da159de ejabberd.yml.example: Enable mod_s2s_bidi in default configuration 2024-10-28 12:06:56 +01:00
Badlop
a935302a19 ejabberd.yml.example: Add api_permissions group for webadmin (#4249) 2024-07-12 15:46:01 +02:00
Holger Weiss
cbfb8eb805 Example configuration: Specify s2s shaper
Specify a shaper for incoming s2s connections (got lost in commit
91a74e3e27).

Thanks to Paul Menzel for noting that it was missing.
2023-10-16 14:44:01 +02:00
Holger Weiss
df60818883 Example configuration: Clarify direct TLS listener
The ejabberd_c2s listener for port 5223 is meant to support direct TLS
access rather than STARTTLS.  Therefore, remove the 'starttls_required'
option, which had no effect.
2023-10-16 14:32:38 +02:00
Marek
5eab8450e7
New listener for encrypted ejabberd_c2s
Add a new listener on port 5223 for the TLS-enabled ejabberd_c2s, which combined with proper SRV records allows passing the XEP-0368 compliance test.
2021-02-02 15:25:19 +01:00
Badlop
0ff5b44d15 Fix YAML syntax in example configuration (#3301) 2020-06-25 12:39:44 +02:00
Badlop
38949bdeea Update example config to include mod_http_upload custom headers (#3288) 2020-06-09 13:08:05 +02:00
Licaon_Kter
b0c6caa60e
Update example config 2020-06-03 07:19:02 +00:00
Holger Weiss
83fa637569 ejabberd_stun: Support IPv6 for TURN
The stun application now supports RFC 6156: TURN Extension for IPv6, and
therefore needs separate IPv4 and IPv6 relay addresses.
2020-05-19 21:42:41 +02:00
Holger Weiss
858bfb4b80 Let ejabberd_stun listen on IPv6 sockets
The stun application now allows IPv6 clients to perform STUN requests
and to allocate TURN relays.
2020-05-19 20:22:58 +02:00
Paweł Chmielowski
4580feaa3c Increase default shaper limits, to help with jingle initiation delay
More discussion about this can be found in pull request 3255
2020-05-15 09:10:57 +02:00
Jérôme Sautret
0539637d30
Merge pull request #3232 from weiss/enable-stun
Enable STUN/TURN support by default
2020-04-29 10:29:05 +02:00
Holger Weiss
69d1d62add Support XEP-0215: External Service Discovery
Add the 'mod_stun_disco' module, which allows XMPP clients to discover
STUN/TURN services and to obtain temporary credentials for using them as
per XEP-0215: External Service Discovery.  The temporary credentials
handed out to clients have the format described in:

https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00

Also add the new module to the example configuration file.

Closes #2947.
2020-04-28 10:34:43 +02:00
Holger Weiss
b1b3c4cdcf Enable STUN/TURN by default
Build ejabberd with STUN/TURN support by default, and add a STUN/TURN
listener to the example configuration file.
2020-04-20 00:37:41 +02:00
Evgeny Khramtsov
e4a8afb15d Replace lager with built-in new logging API
This change requires Erlang/OTP-21.0 or higher.
The commit also deprecates the following options:
  - log_rotate_date
  - log_rate_limit

Furthermore, these options have no effect. The logger now fully
relies on log_rotate_size, that cannot be 0 anymore.

The loglevel option now accepts levels in literal formats.
Those are: none, emergency, alert, critical, error, warning, notice, info, debug.
Old integer values (0-5) are still supported and automatically converted
into literal format.
2019-10-18 19:12:32 +03:00
Evgeny Khramtsov
6d9be82e1b Avoid excessive quoting in request_handlers of example config 2019-09-21 22:20:20 +03:00
Evgeny Khramtsov
bacaae7873 Comment certfiles section in example config
Rely on ACME configuration instead
2019-09-20 16:12:15 +03:00
Evgeny Khramtsov
1162137d5d Add listener for ACME challenge in example config 2019-09-20 12:52:28 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Paweł Chmielowski
cd10d87a9c Change indentation in ejabberd.yml.example to more consistant 2019-06-04 14:51:39 +02:00
Holger Weiss
729c8b0d24 Remove 'register' access rule from example config
The 'register' access rule isn't referenced from the 'mod_register'
options, so modifying it would have no effect.
2019-05-20 20:05:20 +02:00
Evgeny Khramtsov
c7d04a82a2 Deprecate some listening options
Those are: captcha, register, web_admin, http_bind and xmlrpc
The option `request_handlers` should be used instead, e.g.:

listen:
  ...
  -
    module: ejabberd_http
    request_handlers:
      "/admin": ejabberd_web_admin
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/register": mod_register_web
      "/": ejabberd_xmlrpc
2019-04-30 11:14:14 +03:00
Evgeny Khramtsov
830a2f209a Remove TLS options from the example config
The purpose is two-fold:

- To simplify the example config.
- To avoid old TLS configuration to be persistent across
  server updates: this might bring security problems, because
  what's considered "modern" now might be insecure in the future.
2019-04-28 17:50:52 +03:00
Evgeny Khramtsov
05d088b104 Remove OMEMO related configuration from force_node_config section
This doesn't work reliably and takes a lot of effort to change it back
2019-04-28 17:45:41 +03:00
Christophe Romain
0c0862475f Add MQTT listener and module in example config 2019-02-26 14:53:05 +01:00
Christoph Scholz
7e4287ff83 add acl for mam in mod_muc 2019-01-04 15:56:41 +01:00
Evgeny Khramtsov
34ac21e66b Add HTTP listener on port 5280 for admin web interface 2018-12-13 12:06:29 +03:00
Badlop
b43b8edb67 Fix a pair of small typos 2018-12-12 16:23:07 +01:00
Paweł Chmielowski
f02f44ad3f Change default ciphers to intermediate 2018-12-07 14:38:54 +01:00
Paweł Chmielowski
7713edc6bb Define default ciphers/protocol_option in example config 2018-12-07 12:54:18 +01:00
Licaon_Kter
ae88be2011
Config template recommend "open" access_model
...instead of "comment out", as many seem to misunderstand what and why should be or not be commented out
2018-10-15 23:15:51 +00:00
Holger Weiss
7f97f3ae75 Enable mod_proxy65 by default 2018-10-15 23:09:52 +02:00
Evgeny Khramtsov
510925c9a1 Avoid using * in 'certfiles' option of default config 2018-10-04 15:00:43 +03:00
Holger Weiss
dafea66c0f Increase 'max_stanza_size' limit for c2s listener
Specify a larger 'max_stanza_size' limit for c2s connections in the
default configuration in order to reduce the risk of this limit being
hit by legitimate traffic (such as avatar uploads).
2018-09-17 00:18:38 +02:00
Holger Weiss
c851f9608a Set a 'max_stanza_size' for incoming s2s listener
Specify a 'max_stanza_size' limit for incoming s2s connections in the
example configuration, but use a relatively large value in order to
minimize the risk of this limit being hit by legitimate traffic.
2018-09-16 23:57:44 +02:00
Holger Weiss
26b9d25f32 Enable TLS by default (and require it for c2s) 2018-07-18 18:22:24 +02:00
Licaon_Kter
4c06f13d18
Remove vcard search default value 2018-07-08 23:48:08 +00:00
Licaon_Kter
b7f62a4fa7
Remove stats and time from template
Are these important for a new admin?
2018-07-06 01:33:41 +00:00
Evgeniy Khramtsov
fbf6ba2738 Merge branch 'master' of github.com:processone/ejabberd 2018-07-02 01:08:09 +03:00
Evgeniy Khramtsov
38ec3f66c7 Enable Roster Versioning in the default config file 2018-07-02 01:08:02 +03:00
Licaon_Kter
7c5ee93c88
Default config example fix reversed text
...in enable OMEMO
2018-07-01 21:18:18 +00:00
Evgeniy Khramtsov
77163c43d2 Simplify the default configuration file
After some discussion with the community it was decided to
clean the configuration file from excessive comments and
explicitly configured default values. Also, mod_mam and
mod_http_upload have been added.

The rationale for this is to have a clean and not bloated
configuration file which doesn't scare away newcomers and
which has all features from the Compliance Suite 2018 (XEP-0387)
enabled by default.

For further configuration an admin is encouraged to read the
documentation at https://docs.ejabberd.im/admin/configuration
2018-07-01 23:57:27 +03:00
Evgeniy Khramtsov
3a5d2dbed8 Move mod_irc to ejabberd-contrib 2018-06-20 12:27:44 +03:00
imShara
815b95c623
OMEMO enable HOWTO added
Depend on #2425
2018-06-06 20:03:42 +03:00
Licaon_Kter
2c18f89d5b
Add default_db in the example config
I only found it in the docs after setting up per module db_
2018-05-28 13:19:59 +00:00
Evgeniy Khramtsov
3ac1675919 Option watchdog_admins has no effect anymore 2018-05-08 23:47:37 +03:00
Romain DEP.
2bb6782bee config: move section about direct-tls for c2s just under regular c2s config (to ease parameters comparison) 2018-03-28 23:17:43 +02:00
Evgeniy Khramtsov
75450a62b3 Clarify the statement about mod_http_upload thumbnails 2018-03-23 16:19:13 +03:00
Evgeniy Khramtsov
a15039638b Force node config for bookmarks 2018-03-23 16:16:27 +03:00