575 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Erlang
		
	
	
	
	
	
			
		
		
	
	
			575 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Erlang
		
	
	
	
	
	
| %%%
 | |
| %%%               ejabberd configuration file
 | |
| %%%
 | |
| %%%'
 | |
| 
 | |
| %%% The parameters used in this configuration file are explained in more detail
 | |
| %%% in the ejabberd Installation and Operation Guide.
 | |
| %%% Please consult the Guide in case of doubts, it is included with
 | |
| %%% your copy of ejabberd, and is also available online at
 | |
| %%% http://www.process-one.net/en/ejabberd/docs/
 | |
| 
 | |
| %%% This configuration file contains Erlang terms.
 | |
| %%% In case you want to understand the syntax, here are the concepts:
 | |
| %%%
 | |
| %%%  - The character to comment a line is %
 | |
| %%%
 | |
| %%%  - Each term ends in a dot, for example:
 | |
| %%%      override_global.
 | |
| %%%
 | |
| %%%  - A tuple has a fixed definition, its elements are
 | |
| %%%    enclosed in {}, and separated with commas:
 | |
| %%%      {loglevel, 4}.
 | |
| %%%
 | |
| %%%  - A list can have as many elements as you want,
 | |
| %%%    and is enclosed in [], for example:
 | |
| %%%      [http_poll, web_admin, tls]
 | |
| %%%
 | |
| %%%  - A keyword of ejabberd is a word in lowercase.
 | |
| %%%    Strings are enclosed in "" and can contain spaces, dots, ...
 | |
| %%%      {language, "en"}.
 | |
| %%%      {ldap_rootdn, "dc=example,dc=com"}.
 | |
| %%%
 | |
| %%%  - This term includes a tuple, a keyword, a list, and two strings:
 | |
| %%%      {hosts, ["jabber.example.net", "im.example.com"]}.
 | |
| %%%
 | |
| 
 | |
| 
 | |
| %%%.   =======================
 | |
| %%%'   OVERRIDE STORED OPTIONS
 | |
| 
 | |
| %%
 | |
| %% Override the old values stored in the database.
 | |
| %%
 | |
| 
 | |
| %%
 | |
| %% Override global options (shared by all ejabberd nodes in a cluster).
 | |
| %%
 | |
| %%override_global.
 | |
| 
 | |
| %%
 | |
| %% Override local options (specific for this particular ejabberd node).
 | |
| %%
 | |
| %%override_local.
 | |
| 
 | |
| %%
 | |
| %% Remove the Access Control Lists before new ones are added.
 | |
| %%
 | |
| %%override_acls.
 | |
| 
 | |
| 
 | |
| %%%.   =========
 | |
| %%%'   DEBUGGING
 | |
| 
 | |
| %%
 | |
| %% loglevel: Verbosity of log files generated by ejabberd.
 | |
| %% 0: No ejabberd log at all (not recommended)
 | |
| %% 1: Critical
 | |
| %% 2: Error
 | |
| %% 3: Warning
 | |
| %% 4: Info
 | |
| %% 5: Debug
 | |
| %%
 | |
| {loglevel, 4}.
 | |
| 
 | |
| %%
 | |
| %% watchdog_admins: Only useful for developers: if an ejabberd process
 | |
| %% consumes a lot of memory, send live notifications to these XMPP
 | |
| %% accounts.
 | |
| %%
 | |
| %%{watchdog_admins, ["bob@example.com"]}.
 | |
| 
 | |
| 
 | |
| %%%.   ================
 | |
| %%%'   SERVED HOSTNAMES
 | |
| 
 | |
| %%
 | |
| %% hosts: Domains served by ejabberd.
 | |
| %% You can define one or several, for example:
 | |
| %% {hosts, ["example.net", "example.com", "example.org"]}.
 | |
| %%
 | |
| {hosts, ["localhost"]}.
 | |
| 
 | |
| %%
 | |
| %% route_subdomains: Delegate subdomains to other XMPP servers.
 | |
| %% For example, if this ejabberd serves example.org and you want
 | |
| %% to allow communication with an XMPP server called im.example.org.
 | |
| %%
 | |
| %%{route_subdomains, s2s}.
 | |
| 
 | |
| 
 | |
| %%%.   ===============
 | |
| %%%'   LISTENING PORTS
 | |
| 
 | |
| %%
 | |
| %% listen: The ports ejabberd will listen on, which service each is handled
 | |
| %% by and what options to start it with.
 | |
| %%
 | |
| {listen,
 | |
|  [
 | |
| 
 | |
|   {5222, ejabberd_c2s, [
 | |
| 
 | |
| 			%%
 | |
| 			%% If TLS is compiled in and you installed a SSL
 | |
| 			%% certificate, specify the full path to the
 | |
| 			%% file and uncomment this line:
 | |
| 			%%
 | |
| 			%%{certfile, "/etc/ssl/ejabberd/server.pem"}, starttls,
 | |
| 
 | |
| 			{access, c2s},
 | |
| 			{shaper, c2s_shaper},
 | |
| 			{max_stanza_size, 65536}
 | |
| 		       ]},
 | |
| 
 | |
|   %%
 | |
|   %% To enable the old SSL connection method on port 5223:
 | |
|   %%
 | |
|   %%{5223, ejabberd_c2s, [
 | |
|   %%			{access, c2s},
 | |
|   %%			{shaper, c2s_shaper},
 | |
|   %%			{certfile, "/etc/ssl/ejabberd/server.pem"}, tls,
 | |
|   %%			{max_stanza_size, 65536}
 | |
|   %%		       ]},
 | |
| 
 | |
|   {5269, ejabberd_s2s_in, [
 | |
| 			   {shaper, s2s_shaper},
 | |
| 			   {max_stanza_size, 131072}
 | |
| 			  ]},
 | |
| 
 | |
|   %%
 | |
|   %% ejabberd_service: Interact with external components (transports, ...)
 | |
|   %%
 | |
|   %%{8888, ejabberd_service, [
 | |
|   %%			    {access, all},
 | |
|   %%			    {shaper_rule, fast},
 | |
|   %%			    {ip, {127, 0, 0, 1}},
 | |
|   %%			    {hosts, ["icq.example.org", "sms.example.org"],
 | |
|   %%			     [{password, "secret"}]
 | |
|   %%			    }
 | |
|   %%			   ]},
 | |
| 
 | |
|   %%
 | |
|   %% ejabberd_stun: Handles STUN Binding requests
 | |
|   %%
 | |
|   %%{{3478, udp}, ejabberd_stun, []},
 | |
| 
 | |
|   {5280, ejabberd_http, [
 | |
| 			 %%{request_handlers,
 | |
| 			 %% [
 | |
| 			 %%  {["pub", "archive"], mod_http_fileserver}
 | |
| 			 %% ]},
 | |
| 			 captcha,
 | |
| 			 http_bind,
 | |
| 			 http_poll,
 | |
| 			 web_admin
 | |
| 			]}
 | |
| 
 | |
|  ]}.
 | |
| 
 | |
| %%
 | |
| %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
 | |
| %% Allowed values are: true or false.
 | |
| %% You must specify a certificate file.
 | |
| %%
 | |
| %%{s2s_use_starttls, true}.
 | |
| 
 | |
| %%
 | |
| %% s2s_certfile: Specify a certificate file.
 | |
| %%
 | |
| %%{s2s_certfile, "/etc/ssl/ejabberd/server.pem"}.
 | |
| 
 | |
| %%
 | |
| %% domain_certfile: Specify a different certificate for each served hostname.
 | |
| %%
 | |
| %%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
 | |
| %%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
 | |
| 
 | |
| %%
 | |
| %% S2S whitelist or blacklist
 | |
| %%
 | |
| %% Default s2s policy for undefined hosts.
 | |
| %%
 | |
| %%{s2s_default_policy, allow}.
 | |
| 
 | |
| %%
 | |
| %% Allow or deny communication with specific servers.
 | |
| %%
 | |
| %%{{s2s_host, "goodhost.org"}, allow}.
 | |
| %%{{s2s_host, "badhost.org"}, deny}.
 | |
| 
 | |
| %%
 | |
| %% Outgoing S2S options
 | |
| %%
 | |
| %% Preferred address families (which to try first) and connect timeout
 | |
| %% in milliseconds.
 | |
| %%
 | |
| %%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
 | |
| 
 | |
| 
 | |
| %%%.   ==============
 | |
| %%%'   AUTHENTICATION
 | |
| 
 | |
| %%
 | |
| %% auth_method: Method used to authenticate the users.
 | |
| %% The default method is the internal.
 | |
| %% If you want to use a different method,
 | |
| %% comment this line and enable the correct ones.
 | |
| %%
 | |
| %% {auth_method, internal}.
 | |
| 
 | |
| %%
 | |
| %% Authentication using external script
 | |
| %% Make sure the script is executable by ejabberd.
 | |
| %%
 | |
| %%{auth_method, external}.
 | |
| %%{extauth_program, "/path/to/authentication/script"}.
 | |
| 
 | |
| %%
 | |
| %% Authentication using ODBC
 | |
| %% Remember to setup a database in the next section.
 | |
| %%
 | |
| %%{auth_method, odbc}.
 | |
| 
 | |
| %%
 | |
| %% Authentication using PAM
 | |
| %%
 | |
| %%{auth_method, pam}.
 | |
| %%{pam_service, "pamservicename"}.
 | |
| 
 | |
| %%
 | |
| %% Authentication using LDAP
 | |
| %%
 | |
| {auth_method, ldap}.
 | |
| %%
 | |
| %% List of LDAP servers:
 | |
| {ldap_servers, ["localhost.localdomain"]}.
 | |
| %%
 | |
| %% Encryption of connection to LDAP servers:
 | |
| {ldap_encrypt, none}.
 | |
| %%{ldap_encrypt, tls}.
 | |
| %%
 | |
| %% Port to connect to on LDAP servers:
 | |
| {ldap_port, 389}.
 | |
| %%{ldap_port, 636}.
 | |
| %%
 | |
| %% LDAP manager:
 | |
| 
 | |
| {ldap_rootdn, "cn=Directory Manager"}.
 | |
| 
 | |
| %%
 | |
| %% Password of LDAP manager:
 | |
| 
 | |
| {ldap_password, "mcsmanager"}.
 | |
| 
 | |
| %%
 | |
| %% Search base of LDAP directory:
 | |
| {ldap_base, "dc=babel,dc=it"}.
 | |
| %%
 | |
| %% LDAP attribute that holds user ID:
 | |
| {ldap_uids, [{"mail", "%u@%d"}]}.
 | |
| %%
 | |
| %% LDAP filter:
 | |
| %%{ldap_filter, "(objectClass=shadowAccount)"}.
 | |
| 
 | |
| %%
 | |
| %% Anonymous login support:
 | |
| %%   auth_method: anonymous
 | |
| %%   anonymous_protocol: sasl_anon | login_anon | both
 | |
| %%   allow_multiple_connections: true | false
 | |
| %%
 | |
| %%{host_config, "public.example.org", [{auth_method, anonymous},
 | |
| %%                                     {allow_multiple_connections, false},
 | |
| %%                                     {anonymous_protocol, sasl_anon}]}.
 | |
| %%
 | |
| %% To use both anonymous and internal authentication:
 | |
| %%
 | |
| %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
 | |
| 
 | |
| 
 | |
| %%%.   ==============
 | |
| %%%'   DATABASE SETUP
 | |
| 
 | |
| %% ejabberd by default uses the internal Mnesia database,
 | |
| %% so you do not necessarily need this section.
 | |
| %% This section provides configuration examples in case
 | |
| %% you want to use other database backends.
 | |
| %% Please consult the ejabberd Guide for details on database creation.
 | |
| 
 | |
| %%
 | |
| %% MySQL server:
 | |
| %%
 | |
| %%{odbc_server, {mysql, "server", "database", "username", "password"}}.
 | |
| %%
 | |
| %% If you want to specify the port:
 | |
| %%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
 | |
| 
 | |
| %%
 | |
| %% PostgreSQL server:
 | |
| %%
 | |
| %%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
 | |
| %%
 | |
| %% If you want to specify the port:
 | |
| %%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
 | |
| %%
 | |
| %% If you use PostgreSQL, have a large database, and need a
 | |
| %% faster but inexact replacement for "select count(*) from users"
 | |
| %%
 | |
| %%{pgsql_users_number_estimate, true}.
 | |
| 
 | |
| %%
 | |
| %% ODBC compatible or MSSQL server:
 | |
| %%
 | |
| %%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
 | |
| 
 | |
| %%
 | |
| %% Number of connections to open to the database for each virtual host
 | |
| %%
 | |
| %%{odbc_pool_size, 10}.
 | |
| 
 | |
| %%
 | |
| %% Interval to make a dummy SQL request to keep the connections to the
 | |
| %% database alive. Specify in seconds: for example 28800 means 8 hours
 | |
| %%
 | |
| %%{odbc_keepalive_interval, undefined}.
 | |
| 
 | |
| 
 | |
| %%%.   ===============
 | |
| %%%'   TRAFFIC SHAPERS
 | |
| 
 | |
| %%
 | |
| %% The "normal" shaper limits traffic speed to 1000 B/s
 | |
| %%
 | |
| {shaper, normal, {maxrate, 1000}}.
 | |
| 
 | |
| %%
 | |
| %% The "fast" shaper limits traffic speed to 50000 B/s
 | |
| %%
 | |
| {shaper, fast, {maxrate, 50000}}.
 | |
| 
 | |
| %%
 | |
| %% This option specifies the maximum number of elements in the queue
 | |
| %% of the FSM. Refer to the documentation for details.
 | |
| %%
 | |
| {max_fsm_queue, 1000}.
 | |
| 
 | |
| 
 | |
| %%%.   ====================
 | |
| %%%'   ACCESS CONTROL LISTS
 | |
| 
 | |
| %%
 | |
| %% The 'admin' ACL grants administrative privileges to XMPP accounts.
 | |
| %% You can put here as many accounts as you want.
 | |
| %%
 | |
| %%{acl, admin, {user, "aleksey", "localhost"}}.
 | |
| %%{acl, admin, {user, "ermine", "example.org"}}.
 | |
| {acl, admin, {user, "admin", "example.com"}}.
 | |
| {acl, admin, {user, "admin", "localhost.localdomain"}}.
 | |
| 
 | |
| %%
 | |
| %% Blocked users
 | |
| %%
 | |
| %%{acl, blocked, {user, "baduser", "example.org"}}.
 | |
| %%{acl, blocked, {user, "test"}}.
 | |
| 
 | |
| %%
 | |
| %% Local users: don't modify this line.
 | |
| %%
 | |
| {acl, local, {user_regexp, ""}}.
 | |
| 
 | |
| %%
 | |
| %% More examples of ACLs
 | |
| %%
 | |
| %%{acl, jabberorg, {server, "jabber.org"}}.
 | |
| %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
 | |
| %%{acl, test, {user_regexp, "^test"}}.
 | |
| %%{acl, test, {user_glob, "test*"}}.
 | |
| 
 | |
| %%
 | |
| %% Define specific ACLs in a virtual host.
 | |
| %%
 | |
| %%{host_config, "localhost",
 | |
| %% [
 | |
| %%  {acl, admin, {user, "bob-local", "localhost"}}
 | |
| %% ]
 | |
| %%}.
 | |
| 
 | |
| 
 | |
| %%%.   ============
 | |
| %%%'   ACCESS RULES
 | |
| 
 | |
| %% Maximum number of simultaneous sessions allowed for a single user:
 | |
| {access, max_user_sessions, [{10, all}]}.
 | |
| 
 | |
| %% Maximum number of offline messages that users can have:
 | |
| {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
 | |
| 
 | |
| %% This rule allows access only for local users:
 | |
| {access, local, [{allow, local}]}.
 | |
| 
 | |
| %% Only non-blocked users can use c2s connections:
 | |
| {access, c2s, [{deny, blocked},
 | |
| 	       {allow, all}]}.
 | |
| 
 | |
| %% For C2S connections, all users except admins use the "normal" shaper
 | |
| {access, c2s_shaper, [{none, admin},
 | |
| 		      {normal, all}]}.
 | |
| 
 | |
| %% All S2S connections use the "fast" shaper
 | |
| {access, s2s_shaper, [{fast, all}]}.
 | |
| 
 | |
| %% Only admins can send announcement messages:
 | |
| {access, announce, [{allow, admin}]}.
 | |
| 
 | |
| %% Only admins can use the configuration interface:
 | |
| {access, configure, [{allow, admin}]}.
 | |
| 
 | |
| %% Admins of this server are also admins of the MUC service:
 | |
| {access, muc_admin, [{allow, admin}]}.
 | |
| 
 | |
| %% Only accounts of the local ejabberd server can create rooms:
 | |
| {access, muc_create, [{allow, local}]}.
 | |
| 
 | |
| %% All users are allowed to use the MUC service:
 | |
| {access, muc, [{allow, all}]}.
 | |
| 
 | |
| %% Only accounts on the local ejabberd server can create Pubsub nodes:
 | |
| {access, pubsub_createnode, [{allow, local}]}.
 | |
| 
 | |
| %% In-band registration allows registration of any possible username.
 | |
| %% To disable in-band registration, replace 'allow' with 'deny'.
 | |
| {access, register, [{allow, all}]}.
 | |
| 
 | |
| %% By default the frequency of account registrations from the same IP
 | |
| %% is limited to 1 account every 10 minutes. To disable, specify: infinity
 | |
| %%{registration_timeout, 600}.
 | |
| 
 | |
| %%
 | |
| %% Define specific Access Rules in a virtual host.
 | |
| %%
 | |
| %%{host_config, "localhost",
 | |
| %% [
 | |
| %%  {access, c2s, [{allow, admin}, {deny, all}]},
 | |
| %%  {access, register, [{deny, all}]}
 | |
| %% ]
 | |
| %%}.
 | |
| 
 | |
| 
 | |
| %%%.   ================
 | |
| %%%'   DEFAULT LANGUAGE
 | |
| 
 | |
| %%
 | |
| %% language: Default language used for server messages.
 | |
| %%
 | |
| {language, "en"}.
 | |
| 
 | |
| %%
 | |
| %% Set a different default language in a virtual host.
 | |
| %%
 | |
| %%{host_config, "localhost",
 | |
| %% [{language, "ru"}]
 | |
| %%}.
 | |
| 
 | |
| 
 | |
| %%%.   =======
 | |
| %%%'   CAPTCHA
 | |
| 
 | |
| %%
 | |
| %% Full path to a script that generates the image.
 | |
| %%
 | |
| %%{captcha_cmd, "/usr/lib64/erlang/lib/ejabberd-2.1.5/priv/bin/captcha.sh"}.
 | |
| 
 | |
| %%
 | |
| %% Host part of the URL sent to the user.
 | |
| %%
 | |
| %%{captcha_host, "example.org:5280"}.
 | |
| 
 | |
| 
 | |
| %%%.   =======
 | |
| %%%'   MODULES
 | |
| 
 | |
| %%
 | |
| %% Modules enabled in all ejabberd virtual hosts.
 | |
| %%
 | |
| {modules,
 | |
|  [
 | |
|   {mod_adhoc,    []},
 | |
|   {mod_announce, [{access, announce}]}, % recommends mod_adhoc
 | |
|   {mod_caps,     []},
 | |
|   {mod_configure,[]}, % requires mod_adhoc
 | |
|   {mod_disco,    []},
 | |
|   %%{mod_echo,   [{host, "echo.localhost"}]},
 | |
|   {mod_irc,      []},
 | |
|   {mod_http_bind, []},
 | |
|   %%{mod_http_fileserver, [
 | |
|   %%                       {docroot, "/var/www"},
 | |
|   %%                       {accesslog, "/var/log/ejabberd/access.log"}
 | |
|   %%                      ]},
 | |
|   {mod_last,     []},
 | |
|   {mod_muc,      [
 | |
| 		  %%{host, "conference.@HOST@"},
 | |
| 		  {access, muc},
 | |
| 		  {access_create, muc_create},
 | |
| 		  {access_persistent, muc_create},
 | |
| 		  {access_admin, muc_admin}
 | |
| 		 ]},
 | |
|   %%{mod_muc_log,[]},
 | |
|   {mod_offline,  [{access_max_user_messages, max_user_offline_messages}]},
 | |
|   {mod_ping,     []},
 | |
|   {mod_privacy,  []},
 | |
|   {mod_private,  []},
 | |
|   %%{mod_proxy65,[]},
 | |
|   {mod_pubsub,   [
 | |
| 		  {access_createnode, pubsub_createnode},
 | |
| 		  {ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
 | |
| 		  %%{ignore_pep_from_offline, false},  % XEP compliant, but increases resource comsumption
 | |
| 		  {last_item_cache, false},
 | |
| 		  {plugins, ["flat", "hometree", "pep"]}  % pep requires mod_caps
 | |
| 		 ]},
 | |
|   {mod_register, [
 | |
| 		  %%
 | |
| 		  %% After successful registration, the user receives
 | |
| 		  %% a message with this subject and body.
 | |
| 		  %%
 | |
| 		  {welcome_message, {"Welcome!",
 | |
| 				     "Hi.\nWelcome to this XMPP server."}},
 | |
| 
 | |
| 		  %%
 | |
| 		  %% When a user registers, send a notification to
 | |
| 		  %% these XMPP accounts.
 | |
| 		  %%
 | |
| 		  %%{registration_watchers, ["admin1@example.org"]},
 | |
| 
 | |
| 		  {access, register}
 | |
| 		 ]},
 | |
|   {mod_roster,   []},
 | |
|   %%{mod_service_log,[]},
 | |
|   {mod_shared_roster,[]},
 | |
|   {mod_stats,    []},
 | |
|   {mod_time,     []},
 | |
|   {mod_vcard,    []},
 | |
|   {mod_version,  []}
 | |
|  ]}.
 | |
| 
 | |
| %%
 | |
| %% Enable modules with custom options in a specific virtual host
 | |
| %%
 | |
| %%{host_config, "localhost",
 | |
| %% [{{add, modules},
 | |
| %%   [
 | |
| %%    {mod_echo, [{host, "mirror.localhost"}]}
 | |
| %%   ]
 | |
| %%  }
 | |
| %% ]}.
 | |
| 
 | |
| 
 | |
| %%%.
 | |
| %%%'
 | |
| 
 | |
| %%% $Id$
 | |
| 
 | |
| %%% Local Variables:
 | |
| %%% mode: erlang
 | |
| %%% End:
 | |
| %%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
 |