mirror of
https://github.com/processone/ejabberd.git
synced 2024-10-31 15:21:38 +01:00
983da9c887
This patch introduces a new config option - fqdn - to set the fully qualified domain name of the host: {fqdn, "foo.example.com"}. This fixes a problem with Pidgin not being able to log in on a server that used SRV records.
611 lines
14 KiB
Erlang
611 lines
14 KiB
Erlang
%%%
|
|
%%% ejabberd configuration file
|
|
%%%
|
|
%%%'
|
|
|
|
%%% The parameters used in this configuration file are explained in more detail
|
|
%%% in the ejabberd Installation and Operation Guide.
|
|
%%% Please consult the Guide in case of doubts, it is included with
|
|
%%% your copy of ejabberd, and is also available online at
|
|
%%% http://www.process-one.net/en/ejabberd/docs/
|
|
|
|
%%% This configuration file contains Erlang terms.
|
|
%%% In case you want to understand the syntax, here are the concepts:
|
|
%%%
|
|
%%% - The character to comment a line is %
|
|
%%%
|
|
%%% - Each term ends in a dot, for example:
|
|
%%% override_global.
|
|
%%%
|
|
%%% - A tuple has a fixed definition, its elements are
|
|
%%% enclosed in {}, and separated with commas:
|
|
%%% {loglevel, 4}.
|
|
%%%
|
|
%%% - A list can have as many elements as you want,
|
|
%%% and is enclosed in [], for example:
|
|
%%% [http_poll, web_admin, tls]
|
|
%%%
|
|
%%% - A keyword of ejabberd is a word in lowercase.
|
|
%%% Strings are enclosed in "" and can contain spaces, dots, ...
|
|
%%% {language, "en"}.
|
|
%%% {ldap_rootdn, "dc=example,dc=com"}.
|
|
%%%
|
|
%%% - This term includes a tuple, a keyword, a list, and two strings:
|
|
%%% {hosts, ["jabber.example.net", "im.example.com"]}.
|
|
%%%
|
|
|
|
|
|
%%%. =======================
|
|
%%%' OVERRIDE STORED OPTIONS
|
|
|
|
%%
|
|
%% Override the old values stored in the database.
|
|
%%
|
|
|
|
%%
|
|
%% Override global options (shared by all ejabberd nodes in a cluster).
|
|
%%
|
|
%%override_global.
|
|
|
|
%%
|
|
%% Override local options (specific for this particular ejabberd node).
|
|
%%
|
|
%%override_local.
|
|
|
|
%%
|
|
%% Remove the Access Control Lists before new ones are added.
|
|
%%
|
|
%%override_acls.
|
|
|
|
|
|
%%%. =========
|
|
%%%' DEBUGGING
|
|
|
|
%%
|
|
%% loglevel: Verbosity of log files generated by ejabberd.
|
|
%% 0: No ejabberd log at all (not recommended)
|
|
%% 1: Critical
|
|
%% 2: Error
|
|
%% 3: Warning
|
|
%% 4: Info
|
|
%% 5: Debug
|
|
%%
|
|
{loglevel, 4}.
|
|
|
|
%%
|
|
%% watchdog_admins: Only useful for developers: if an ejabberd process
|
|
%% consumes a lot of memory, send live notifications to these XMPP
|
|
%% accounts.
|
|
%%
|
|
%%{watchdog_admins, ["bob@example.com"]}.
|
|
|
|
|
|
%%%. ================
|
|
%%%' SERVED HOSTNAMES
|
|
|
|
%%
|
|
%% hosts: Domains served by ejabberd.
|
|
%% You can define one or several, for example:
|
|
%% {hosts, ["example.net", "example.com", "example.org"]}.
|
|
%%
|
|
{hosts, ["localhost"]}.
|
|
|
|
%%
|
|
%% route_subdomains: Delegate subdomains to other XMPP servers.
|
|
%% For example, if this ejabberd serves example.org and you want
|
|
%% to allow communication with an XMPP server called im.example.org.
|
|
%%
|
|
%%{route_subdomains, s2s}.
|
|
|
|
|
|
%%%. ===============
|
|
%%%' LISTENING PORTS
|
|
|
|
%%
|
|
%% listen: The ports ejabberd will listen on, which service each is handled
|
|
%% by and what options to start it with.
|
|
%%
|
|
{listen,
|
|
[
|
|
|
|
{5222, ejabberd_c2s, [
|
|
|
|
%%
|
|
%% If TLS is compiled in and you installed a SSL
|
|
%% certificate, specify the full path to the
|
|
%% file and uncomment this line:
|
|
%%
|
|
%%{certfile, "/path/to/ssl.pem"}, starttls,
|
|
|
|
{access, c2s},
|
|
{shaper, c2s_shaper},
|
|
{max_stanza_size, 65536}
|
|
]},
|
|
|
|
%%
|
|
%% To enable the old SSL connection method on port 5223:
|
|
%%
|
|
%%{5223, ejabberd_c2s, [
|
|
%% {access, c2s},
|
|
%% {shaper, c2s_shaper},
|
|
%% {certfile, "/path/to/ssl.pem"}, tls,
|
|
%% {max_stanza_size, 65536}
|
|
%% ]},
|
|
|
|
{5269, ejabberd_s2s_in, [
|
|
{shaper, s2s_shaper},
|
|
{max_stanza_size, 131072}
|
|
]},
|
|
|
|
%%
|
|
%% ejabberd_service: Interact with external components (transports, ...)
|
|
%%
|
|
%%{8888, ejabberd_service, [
|
|
%% {access, all},
|
|
%% {shaper_rule, fast},
|
|
%% {ip, {127, 0, 0, 1}},
|
|
%% {hosts, ["icq.example.org", "sms.example.org"],
|
|
%% [{password, "secret"}]
|
|
%% }
|
|
%% ]},
|
|
|
|
%%
|
|
%% ejabberd_stun: Handles STUN Binding requests
|
|
%%
|
|
%%{{3478, udp}, ejabberd_stun, []},
|
|
|
|
{5280, ejabberd_http, [
|
|
%%{request_handlers,
|
|
%% [
|
|
%% {["pub", "archive"], mod_http_fileserver}
|
|
%% ]},
|
|
captcha,
|
|
http_bind,
|
|
http_poll,
|
|
%%register,
|
|
web_admin
|
|
]}
|
|
|
|
]}.
|
|
|
|
%%
|
|
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
|
|
%% Allowed values are: false optional required required_trusted
|
|
%% You must specify a certificate file.
|
|
%%
|
|
%%{s2s_use_starttls, optional}.
|
|
|
|
%%
|
|
%% s2s_certfile: Specify a certificate file.
|
|
%%
|
|
%%{s2s_certfile, "/path/to/ssl.pem"}.
|
|
|
|
%%
|
|
%% domain_certfile: Specify a different certificate for each served hostname.
|
|
%%
|
|
%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
|
|
%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
|
|
|
|
%%
|
|
%% S2S whitelist or blacklist
|
|
%%
|
|
%% Default s2s policy for undefined hosts.
|
|
%%
|
|
%%{s2s_default_policy, allow}.
|
|
|
|
%%
|
|
%% Allow or deny communication with specific servers.
|
|
%%
|
|
%%{{s2s_host, "goodhost.org"}, allow}.
|
|
%%{{s2s_host, "badhost.org"}, deny}.
|
|
|
|
%%
|
|
%% Outgoing S2S options
|
|
%%
|
|
%% Preferred address families (which to try first) and connect timeout
|
|
%% in milliseconds.
|
|
%%
|
|
%%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
|
|
|
|
|
|
%%%. ==============
|
|
%%%' AUTHENTICATION
|
|
|
|
%%
|
|
%% auth_method: Method used to authenticate the users.
|
|
%% The default method is the internal.
|
|
%% If you want to use a different method,
|
|
%% comment this line and enable the correct ones.
|
|
%%
|
|
{auth_method, internal}.
|
|
%%
|
|
%% Store the plain passwords or hashed for SCRAM:
|
|
%%{auth_password_format, plain}.
|
|
%%{auth_password_format, scram}.
|
|
%%
|
|
%% Define the FQDN if ejabberd doesn't detect it:
|
|
%%{fqdn, "server3.example.com"}.
|
|
|
|
%%
|
|
%% Authentication using external script
|
|
%% Make sure the script is executable by ejabberd.
|
|
%%
|
|
%%{auth_method, external}.
|
|
%%{extauth_program, "/path/to/authentication/script"}.
|
|
|
|
%%
|
|
%% Authentication using ODBC
|
|
%% Remember to setup a database in the next section.
|
|
%%
|
|
%%{auth_method, odbc}.
|
|
|
|
%%
|
|
%% Authentication using PAM
|
|
%%
|
|
%%{auth_method, pam}.
|
|
%%{pam_service, "pamservicename"}.
|
|
|
|
%%
|
|
%% Authentication using LDAP
|
|
%%
|
|
%%{auth_method, ldap}.
|
|
%%
|
|
%% List of LDAP servers:
|
|
%%{ldap_servers, ["localhost"]}.
|
|
%%
|
|
%% Encryption of connection to LDAP servers:
|
|
%%{ldap_encrypt, none}.
|
|
%%{ldap_encrypt, tls}.
|
|
%%
|
|
%% Port to connect to on LDAP servers:
|
|
%%{ldap_port, 389}.
|
|
%%{ldap_port, 636}.
|
|
%%
|
|
%% LDAP manager:
|
|
%%{ldap_rootdn, "dc=example,dc=com"}.
|
|
%%
|
|
%% Password of LDAP manager:
|
|
%%{ldap_password, "******"}.
|
|
%%
|
|
%% Search base of LDAP directory:
|
|
%%{ldap_base, "dc=example,dc=com"}.
|
|
%%
|
|
%% LDAP attribute that holds user ID:
|
|
%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
|
|
%%
|
|
%% LDAP filter:
|
|
%%{ldap_filter, "(objectClass=shadowAccount)"}.
|
|
|
|
%%
|
|
%% Anonymous login support:
|
|
%% auth_method: anonymous
|
|
%% anonymous_protocol: sasl_anon | login_anon | both
|
|
%% allow_multiple_connections: true | false
|
|
%%
|
|
%%{host_config, "public.example.org", [{auth_method, anonymous},
|
|
%% {allow_multiple_connections, false},
|
|
%% {anonymous_protocol, sasl_anon}]}.
|
|
%%
|
|
%% To use both anonymous and internal authentication:
|
|
%%
|
|
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
|
|
|
|
|
|
%%%. ==============
|
|
%%%' DATABASE SETUP
|
|
|
|
%% ejabberd by default uses the internal Mnesia database,
|
|
%% so you do not necessarily need this section.
|
|
%% This section provides configuration examples in case
|
|
%% you want to use other database backends.
|
|
%% Please consult the ejabberd Guide for details on database creation.
|
|
|
|
%%
|
|
%% MySQL server:
|
|
%%
|
|
%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
|
|
%%
|
|
%% If you want to specify the port:
|
|
%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
|
|
|
|
%%
|
|
%% PostgreSQL server:
|
|
%%
|
|
%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
|
|
%%
|
|
%% If you want to specify the port:
|
|
%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
|
|
%%
|
|
%% If you use PostgreSQL, have a large database, and need a
|
|
%% faster but inexact replacement for "select count(*) from users"
|
|
%%
|
|
%%{pgsql_users_number_estimate, true}.
|
|
|
|
%%
|
|
%% ODBC compatible or MSSQL server:
|
|
%%
|
|
%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
|
|
|
|
%%
|
|
%% Number of connections to open to the database for each virtual host
|
|
%%
|
|
%%{odbc_pool_size, 10}.
|
|
|
|
%%
|
|
%% Interval to make a dummy SQL request to keep the connections to the
|
|
%% database alive. Specify in seconds: for example 28800 means 8 hours
|
|
%%
|
|
%%{odbc_keepalive_interval, undefined}.
|
|
|
|
|
|
%%%. ===============
|
|
%%%' TRAFFIC SHAPERS
|
|
|
|
%%
|
|
%% The "normal" shaper limits traffic speed to 1000 B/s
|
|
%%
|
|
{shaper, normal, {maxrate, 1000}}.
|
|
|
|
%%
|
|
%% The "fast" shaper limits traffic speed to 50000 B/s
|
|
%%
|
|
{shaper, fast, {maxrate, 50000}}.
|
|
|
|
%%
|
|
%% This option specifies the maximum number of elements in the queue
|
|
%% of the FSM. Refer to the documentation for details.
|
|
%%
|
|
{max_fsm_queue, 1000}.
|
|
|
|
|
|
%%%. ====================
|
|
%%%' ACCESS CONTROL LISTS
|
|
|
|
%%
|
|
%% The 'admin' ACL grants administrative privileges to XMPP accounts.
|
|
%% You can put here as many accounts as you want.
|
|
%%
|
|
%%{acl, admin, {user, "aleksey", "localhost"}}.
|
|
%%{acl, admin, {user, "ermine", "example.org"}}.
|
|
|
|
%%
|
|
%% Blocked users
|
|
%%
|
|
%%{acl, blocked, {user, "baduser", "example.org"}}.
|
|
%%{acl, blocked, {user, "test"}}.
|
|
|
|
%%
|
|
%% Local users: don't modify this line.
|
|
%%
|
|
{acl, local, {user_regexp, ""}}.
|
|
|
|
%%
|
|
%% More examples of ACLs
|
|
%%
|
|
%%{acl, jabberorg, {server, "jabber.org"}}.
|
|
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
|
|
%%{acl, test, {user_regexp, "^test"}}.
|
|
%%{acl, test, {user_glob, "test*"}}.
|
|
|
|
%%
|
|
%% Define specific ACLs in a virtual host.
|
|
%%
|
|
%%{host_config, "localhost",
|
|
%% [
|
|
%% {acl, admin, {user, "bob-local", "localhost"}}
|
|
%% ]
|
|
%%}.
|
|
|
|
|
|
%%%. ============
|
|
%%%' ACCESS RULES
|
|
|
|
%% Maximum number of simultaneous sessions allowed for a single user:
|
|
{access, max_user_sessions, [{10, all}]}.
|
|
|
|
%% Maximum number of offline messages that users can have:
|
|
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
|
|
|
|
%% This rule allows access only for local users:
|
|
{access, local, [{allow, local}]}.
|
|
|
|
%% Only non-blocked users can use c2s connections:
|
|
{access, c2s, [{deny, blocked},
|
|
{allow, all}]}.
|
|
|
|
%% For C2S connections, all users except admins use the "normal" shaper
|
|
{access, c2s_shaper, [{none, admin},
|
|
{normal, all}]}.
|
|
|
|
%% All S2S connections use the "fast" shaper
|
|
{access, s2s_shaper, [{fast, all}]}.
|
|
|
|
%% Only admins can send announcement messages:
|
|
{access, announce, [{allow, admin}]}.
|
|
|
|
%% Only admins can use the configuration interface:
|
|
{access, configure, [{allow, admin}]}.
|
|
|
|
%% Admins of this server are also admins of the MUC service:
|
|
{access, muc_admin, [{allow, admin}]}.
|
|
|
|
%% Only accounts of the local ejabberd server can create rooms:
|
|
{access, muc_create, [{allow, local}]}.
|
|
|
|
%% All users are allowed to use the MUC service:
|
|
{access, muc, [{allow, all}]}.
|
|
|
|
%% Only accounts on the local ejabberd server can create Pubsub nodes:
|
|
{access, pubsub_createnode, [{allow, local}]}.
|
|
|
|
%% In-band registration allows registration of any possible username.
|
|
%% To disable in-band registration, replace 'allow' with 'deny'.
|
|
{access, register, [{allow, all}]}.
|
|
|
|
%% By default the frequency of account registrations from the same IP
|
|
%% is limited to 1 account every 10 minutes. To disable, specify: infinity
|
|
%%{registration_timeout, 600}.
|
|
|
|
%%
|
|
%% Define specific Access Rules in a virtual host.
|
|
%%
|
|
%%{host_config, "localhost",
|
|
%% [
|
|
%% {access, c2s, [{allow, admin}, {deny, all}]},
|
|
%% {access, register, [{deny, all}]}
|
|
%% ]
|
|
%%}.
|
|
|
|
|
|
%%%. ================
|
|
%%%' DEFAULT LANGUAGE
|
|
|
|
%%
|
|
%% language: Default language used for server messages.
|
|
%%
|
|
{language, "en"}.
|
|
|
|
%%
|
|
%% Set a different default language in a virtual host.
|
|
%%
|
|
%%{host_config, "localhost",
|
|
%% [{language, "ru"}]
|
|
%%}.
|
|
|
|
|
|
%%%. =======
|
|
%%%' CAPTCHA
|
|
|
|
%%
|
|
%% Full path to a script that generates the image.
|
|
%%
|
|
%%{captcha_cmd, "/lib/ejabberd/priv/bin/captcha.sh"}.
|
|
|
|
%%
|
|
%% Host for the URL and port where ejabberd listens for CAPTCHA requests.
|
|
%%
|
|
%%{captcha_host, "example.org:5280"}.
|
|
|
|
%%
|
|
%% Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
|
|
%%
|
|
%%{captcha_limit, 5}.
|
|
|
|
%%%. =======
|
|
%%%' MODULES
|
|
|
|
%%
|
|
%% Modules enabled in all ejabberd virtual hosts.
|
|
%%
|
|
{modules,
|
|
[
|
|
{mod_adhoc, []},
|
|
{mod_announce, [{access, announce}]}, % recommends mod_adhoc
|
|
{mod_blocking,[]}, % requires mod_privacy
|
|
{mod_caps, []},
|
|
{mod_configure,[]}, % requires mod_adhoc
|
|
{mod_disco, []},
|
|
%%{mod_echo, [{host, "echo.localhost"}]},
|
|
{mod_irc, []},
|
|
{mod_http_bind, []},
|
|
%%{mod_http_fileserver, [
|
|
%% {docroot, "/var/www"},
|
|
%% {accesslog, "/var/log/ejabberd/access.log"}
|
|
%% ]},
|
|
{mod_last, []},
|
|
{mod_muc, [
|
|
%%{host, "conference.@HOST@"},
|
|
{access, muc},
|
|
{access_create, muc_create},
|
|
{access_persistent, muc_create},
|
|
{access_admin, muc_admin}
|
|
]},
|
|
%%{mod_muc_log,[]},
|
|
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
|
|
{mod_ping, []},
|
|
%%{mod_pres_counter,[{count, 5}, {interval, 60}]},
|
|
{mod_privacy, []},
|
|
{mod_private, []},
|
|
%%{mod_proxy65,[]},
|
|
{mod_pubsub, [
|
|
{access_createnode, pubsub_createnode},
|
|
{ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
|
|
%%{ignore_pep_from_offline, false}, % XEP compliant, but increases resource comsumption
|
|
{last_item_cache, false},
|
|
{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
|
|
]},
|
|
{mod_register, [
|
|
%%
|
|
%% Protect In-Band account registrations with CAPTCHA.
|
|
%%
|
|
%%{captcha_protected, true},
|
|
|
|
%%
|
|
%% Set the minimum informational entropy for passwords.
|
|
%%
|
|
%%{password_strength, 32},
|
|
|
|
%%
|
|
%% After successful registration, the user receives
|
|
%% a message with this subject and body.
|
|
%%
|
|
{welcome_message, {"Welcome!",
|
|
"Hi.\nWelcome to this XMPP server."}},
|
|
|
|
%%
|
|
%% When a user registers, send a notification to
|
|
%% these XMPP accounts.
|
|
%%
|
|
%%{registration_watchers, ["admin1@example.org"]},
|
|
|
|
%%
|
|
%% Only clients in the server machine can register accounts
|
|
%%
|
|
{ip_access, [{allow, "127.0.0.0/8"},
|
|
{deny, "0.0.0.0/0"}]},
|
|
|
|
%%
|
|
%% Local c2s or remote s2s users cannot register accounts
|
|
%%
|
|
%%{access_from, deny},
|
|
|
|
{access, register}
|
|
]},
|
|
%%{mod_register_web, [
|
|
%%
|
|
%% When a user registers, send a notification to
|
|
%% these XMPP accounts.
|
|
%%
|
|
%%{registration_watchers, ["admin1@example.org"]}
|
|
%% ]},
|
|
{mod_roster, []},
|
|
%%{mod_service_log,[]},
|
|
{mod_shared_roster,[]},
|
|
{mod_stats, []},
|
|
{mod_time, []},
|
|
{mod_vcard, []},
|
|
{mod_version, []}
|
|
]}.
|
|
|
|
%%
|
|
%% Enable modules with custom options in a specific virtual host
|
|
%%
|
|
%%{host_config, "localhost",
|
|
%% [{{add, modules},
|
|
%% [
|
|
%% {mod_echo, [{host, "mirror.localhost"}]}
|
|
%% ]
|
|
%% }
|
|
%% ]}.
|
|
|
|
|
|
%%%.
|
|
%%%'
|
|
|
|
%%% $Id$
|
|
|
|
%%% Local Variables:
|
|
%%% mode: erlang
|
|
%%% End:
|
|
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
|