mirror of
https://github.com/processone/ejabberd.git
synced 2025-01-01 17:53:00 +01:00
dafea66c0f
Specify a larger 'max_stanza_size' limit for c2s connections in the default configuration in order to reduce the risk of this limit being hit by legitimate traffic (such as avatar uploads).
218 lines
4.8 KiB
YAML
218 lines
4.8 KiB
YAML
###
|
|
### ejabberd configuration file
|
|
###
|
|
### The parameters used in this configuration file are explained at
|
|
###
|
|
### https://docs.ejabberd.im/admin/configuration
|
|
###
|
|
### The configuration file is written in YAML.
|
|
### *******************************************************
|
|
### ******* !!! WARNING !!! *******
|
|
### ******* YAML IS INDENTATION SENSITIVE *******
|
|
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
|
|
### *******************************************************
|
|
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
|
|
### However, ejabberd treats different literals as different types:
|
|
###
|
|
### - unquoted or single-quoted strings. They are called "atoms".
|
|
### Example: dog, 'Jupiter', '3.14159', YELLOW
|
|
###
|
|
### - numeric literals. Example: 3, -45.0, .0
|
|
###
|
|
### - quoted or folded strings.
|
|
### Examples of quoted string: "Lizzard", "orange".
|
|
### Example of folded string:
|
|
### > Art thou not Romeo,
|
|
### and a Montague?
|
|
###
|
|
|
|
hosts:
|
|
- "localhost"
|
|
|
|
loglevel: 4
|
|
log_rotate_size: 10485760
|
|
log_rotate_date: ""
|
|
log_rotate_count: 1
|
|
log_rate_limit: 100
|
|
|
|
certfiles:
|
|
- "/etc/letsencrypt/live/*/*.pem"
|
|
|
|
listen:
|
|
-
|
|
port: 5222
|
|
ip: "::"
|
|
module: ejabberd_c2s
|
|
max_stanza_size: 262144
|
|
shaper: c2s_shaper
|
|
access: c2s
|
|
starttls_required: true
|
|
-
|
|
port: 5269
|
|
ip: "::"
|
|
module: ejabberd_s2s_in
|
|
max_stanza_size: 524288
|
|
-
|
|
port: 5443
|
|
ip: "::"
|
|
module: ejabberd_http
|
|
request_handlers:
|
|
"/api": mod_http_api
|
|
"/bosh": mod_bosh
|
|
"/upload": mod_http_upload
|
|
"/ws": ejabberd_http_ws
|
|
web_admin: true
|
|
captcha: true
|
|
tls: true
|
|
|
|
s2s_use_starttls: optional
|
|
|
|
acl:
|
|
local:
|
|
user_regexp: ""
|
|
loopback:
|
|
ip:
|
|
- "127.0.0.0/8"
|
|
- "::1/128"
|
|
- "::FFFF:127.0.0.1/128"
|
|
|
|
access_rules:
|
|
local:
|
|
- allow: local
|
|
c2s:
|
|
- deny: blocked
|
|
- allow
|
|
announce:
|
|
- allow: admin
|
|
configure:
|
|
- allow: admin
|
|
muc_create:
|
|
- allow: local
|
|
pubsub_createnode:
|
|
- allow: local
|
|
register:
|
|
- allow
|
|
trusted_network:
|
|
- allow: loopback
|
|
|
|
api_permissions:
|
|
"console commands":
|
|
from:
|
|
- ejabberd_ctl
|
|
who: all
|
|
what: "*"
|
|
"admin access":
|
|
who:
|
|
- access:
|
|
- allow:
|
|
- acl: loopback
|
|
- acl: admin
|
|
- oauth:
|
|
- scope: "ejabberd:admin"
|
|
- access:
|
|
- allow:
|
|
- acl: loopback
|
|
- acl: admin
|
|
what:
|
|
- "*"
|
|
- "!stop"
|
|
- "!start"
|
|
"public commands":
|
|
who:
|
|
- ip: "127.0.0.1/8"
|
|
what:
|
|
- "status"
|
|
- "connected_users_number"
|
|
|
|
shaper:
|
|
normal: 1000
|
|
fast: 50000
|
|
|
|
shaper_rules:
|
|
max_user_sessions: 10
|
|
max_user_offline_messages:
|
|
- 5000: admin
|
|
- 100
|
|
c2s_shaper:
|
|
- none: admin
|
|
- normal
|
|
s2s_shaper: fast
|
|
|
|
modules:
|
|
mod_adhoc: {}
|
|
mod_admin_extra: {}
|
|
mod_announce:
|
|
access: announce
|
|
mod_avatar: {}
|
|
mod_blocking: {}
|
|
mod_bosh: {}
|
|
mod_caps: {}
|
|
mod_carboncopy: {}
|
|
mod_client_state: {}
|
|
mod_configure: {}
|
|
mod_disco: {}
|
|
mod_fail2ban: {}
|
|
mod_http_api: {}
|
|
mod_http_upload:
|
|
put_url: "https://@HOST@:5443/upload"
|
|
mod_last: {}
|
|
mod_mam:
|
|
## Mnesia is limited to 2GB, better to use an SQL backend
|
|
## For small servers SQLite is a good fit and is very easy
|
|
## to configure. Uncomment this when you have SQL configured:
|
|
## db_type: sql
|
|
assume_mam_usage: true
|
|
default: always
|
|
mod_muc:
|
|
access:
|
|
- allow
|
|
access_admin:
|
|
- allow: admin
|
|
access_create: muc_create
|
|
access_persistent: muc_create
|
|
default_room_options:
|
|
mam: true
|
|
mod_muc_admin: {}
|
|
mod_offline:
|
|
access_max_user_messages: max_user_offline_messages
|
|
mod_ping: {}
|
|
mod_privacy: {}
|
|
mod_private: {}
|
|
mod_pubsub:
|
|
access_createnode: pubsub_createnode
|
|
plugins:
|
|
- "flat"
|
|
- "pep"
|
|
force_node_config:
|
|
## Comment out the following lines to enable OMEMO support
|
|
## See https://github.com/processone/ejabberd/issues/2425
|
|
"eu.siacs.conversations.axolotl.*":
|
|
access_model: whitelist
|
|
## Avoid buggy clients to make their bookmarks public
|
|
"storage:bookmarks":
|
|
access_model: whitelist
|
|
mod_push: {}
|
|
mod_push_keepalive: {}
|
|
mod_register:
|
|
## Only accept registration requests from the "trusted"
|
|
## network (see access_rules section above).
|
|
## Think twice before enabling registration from any
|
|
## address. See the Jabber SPAM Manifesto for details:
|
|
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
|
|
ip_access: trusted_network
|
|
mod_roster:
|
|
versioning: true
|
|
mod_s2s_dialback: {}
|
|
mod_shared_roster: {}
|
|
mod_stream_mgmt:
|
|
resend_on_timeout: if_offline
|
|
mod_vcard: {}
|
|
mod_vcard_xupdate: {}
|
|
mod_version:
|
|
show_os: false
|
|
|
|
### Local Variables:
|
|
### mode: yaml
|
|
### End:
|
|
### vim: set filetype=yaml tabstop=8
|