2 %%% Debian ejabberd configuration file
3 %%% This config must be in UTF-8 encoding
5 %%% The parameters used in this configuration file are explained in more detail
6 %%% in the ejabberd Installation and Operation Guide.
7 %%% Please consult the Guide in case of doubts, it is available at
8 %%% /usr/share/doc/ejabberd/guide.html
10 %%% This configuration file contains Erlang terms.
11 %%% In case you want to understand the syntax, here are the concepts:
13 %%% - The character to comment a line is %
15 %%% - Each term ends in a dot, for example:
18 %%% - A tuple has a fixed definition, its elements are
19 %%% enclosed in {}, and separated with commas:
22 %%% - A list can have as many elements as you want,
23 %%% and is enclosed in [], for example:
24 %%% [http_poll, web_admin, tls]
26 %%% - A keyword of ejabberd is a word in lowercase.
27 %%% The strings are enclosed in "" and can have spaces, dots...
29 %%% {ldap_rootdn, "dc=example,dc=com"}.
31 %%% - This term includes a tuple, a keyword, a list and two strings:
32 %%% {hosts, ["jabber.example.net", "im.example.com"]}.
35 %%% ===================================
36 %%% OVERRIDE OPTIONS STORED IN DATABASE
39 %% Override global options (shared by all ejabberd nodes in a cluster).
44 %% Override local options (specific for this particular ejabberd node).
49 %% Remove the Access Control Lists before new ones are added.
54 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
55 %% Options which are set by Debconf and managed by ucf
58 {acl, admin, {user, "", "localhost"}}.
61 {hosts, ["dehnerts.com"]}.
63 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
70 %% loglevel: Verbosity of log files generated by ejabberd.
71 %% 0: No ejabberd log at all (not recommended)
81 %% watchdog_admins: If an ejabberd process consumes too much memory,
82 %% send live notifications to those Jabber accounts.
84 %%{watchdog_admins, ["bob@example.com"]}.
91 %% hosts: Domains served by ejabberd.
92 %% You can define one or several, for example:
93 %% {hosts, ["example.net", "example.com", "example.org"]}.
95 %% (This option is defined by debconf earlier)
96 %% {hosts, ["localhost"]}.
99 %% route_subdomains: Delegate subdomains to other Jabber server.
100 %% For example, if this ejabberd serves example.org and you want
101 %% to allow communication with a Jabber server called im.example.org.
103 %%{route_subdomains, s2s}.
110 %% listen: Which ports will ejabberd listen, which service handles it
111 %% and what options to start it with.
115 {5222, ejabberd_c2s, [
117 {shaper, c2s_shaper},
118 {max_stanza_size, 65536},
120 starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
124 %% To enable the old SSL connection method (deprecated) in port 5223:
126 %%{5223, ejabberd_c2s, [
128 %% {shaper, c2s_shaper},
129 %% {max_stanza_size, 65536},
131 %% tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
134 {5269, ejabberd_s2s_in, [
135 {shaper, s2s_shaper},
136 {max_stanza_size, 131072}
139 %% External MUC jabber-muc
140 %%{5554, ejabberd_service, [
141 %% {ip, {127, 0, 0, 1}},
143 %% {shaper_rule, fast},
144 %% {host, "muc.localhost", [{password, "secret"}]}
147 %% Jabber ICQ Transport
148 %%{5555, ejabberd_service, [
149 %% {ip, {127, 0, 0, 1}},
151 %% {shaper_rule, fast},
152 %% {hosts, ["icq.localhost", "sms.localhost"],
153 %% [{password, "secret"}]}
157 %%{5556, ejabberd_service, [
158 %% {ip, {127, 0, 0, 1}},
160 %% {shaper_rule, fast},
161 %% {host, "aim.localhost", [{password, "secret"}]}
165 %%{5557, ejabberd_service, [
166 %% {ip, {127, 0, 0, 1}},
168 %% {shaper_rule, fast},
169 %% {host, "msn.localhost", [{password, "secret"}]}
173 %%{5558, ejabberd_service, [
174 %% {ip, {127, 0, 0, 1}},
176 %% {shaper_rule, fast},
177 %% {host, "yahoo.localhost", [{password, "secret"}]}
180 %% External JUD (internal is more powerful,
181 %% but doesn't allow to register users from other servers)
182 %%{5559, ejabberd_service, [
183 %% {ip, {127, 0, 0, 1}},
185 %% {shaper_rule, fast},
186 %% {host, "jud.localhost", [{password, "secret"}]}
189 {5280, ejabberd_http, [
192 %% {["pub", "archive"], mod_http_fileserver}
203 %% max_fsm_queue: Enable limiting of lengths of "message queues"
204 %% for outgoing connections. Roughly speaking, each message in such
205 %% queues represents one XML stanza queued to be sent into
206 %% an output stream it is serving.
207 %% The default value is an atom 'undefined' which specifies no limiting.
209 %% When specified globally, this option limits the message queue lengths
210 %% for all ejabberd_c2s_in and ejabberd_service listeners,
211 %% as well as for outgoing s2s connections.
213 %% This option can also be specified as an option for ejabberd_c2s_in
214 %% and ejabberd_service listeners, in wich case it will override
215 %% the value of the global option.
217 {max_fsm_queue, 1000}.
220 %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
221 %% Allowed values are: true or false.
222 %% You must specify a certificate file.
224 {s2s_use_starttls, true}.
227 %% s2s_certfile: Specify a certificate file.
229 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
232 %% domain_certfile: Specify a different certificate for each served hostname.
234 %%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
235 %%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
238 %% S2S whitelist or blacklist
240 %% Default s2s policy for undefined hosts.
242 %%{s2s_default_policy, allow}.
245 %% Allow or deny communication with specific servers.
247 %%{{s2s_host, "goodhost.org"}, allow}.
248 %%{{s2s_host, "badhost.org"}, deny}.
251 %% The maximum allowed delay for retry to connect
252 %% after a failed connection attempt to a remote server, in seconds.
253 %% The default value is 300 seconds (5 minutes).
255 %% The reconnection algorythm works like this: if connection fails,
256 %% ejabberd makes an initial random delay between 1 and 15 seconds,
257 %% then retries, and if this attempt fails, makes another delay,
258 %% twice as long as previous. These attempts are performed either
259 %% until a successful connection is made or until the next calculated
260 %% delay is greated or equal than the value of s2s_max_retry_delay.
262 %%{s2s_max_retry_delay, 300}.
265 %% Outgoing S2S options
267 %% Preferred address families (which to try first) and connect timeout
270 %%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
277 %% auth_method: Method used to authenticate the users.
278 %% The default method is the internal.
279 %% If you want to use a different method,
280 %% comment this line and enable the correct ones.
282 {auth_method, internal}.
285 %% Authentication using external script
286 %% Make sure the script is executable by ejabberd.
288 %%{auth_method, external}.
289 %%{extauth_program, "/path/to/authentication/script"}.
292 %% Authentication using ODBC
293 %% Remember to setup a database in the next section.
295 %%{auth_method, odbc}.
298 %% Authentication using PAM
300 %%{auth_method, pam}.
301 %%{pam_service, "pamservicename"}.
304 %% Authentication using LDAP
306 %%{auth_method, ldap}.
308 %% List of LDAP servers:
309 %%{ldap_servers, ["localhost"]}.
311 %% Encryption of connection to LDAP servers (LDAPS):
312 %%{ldap_encrypt, none}.
313 %%{ldap_encrypt, tls}.
315 %% Port connect to LDAP server:
320 %%{ldap_rootdn, "dc=example,dc=com"}.
322 %% Password to LDAP manager:
323 %%{ldap_password, "******"}.
325 %% Search base of LDAP directory:
326 %%{ldap_base, "dc=example,dc=com"}.
328 %% LDAP attribute that holds user ID:
329 %%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
332 %%{ldap_filter, "(objectClass=shadowAccount)"}.
335 %% Anonymous login support:
336 %% auth_method: anonymous
337 %% anonymous_protocol: sasl_anon | login_anon | both
338 %% allow_multiple_connections: true | false
340 %%{host_config, "public.example.org", [{auth_method, anonymous},
341 %% {allow_multiple_connections, false},
342 %% {anonymous_protocol, sasl_anon}]}.
344 %% To use both anonymous and internal authentication:
346 %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
352 %% ejabberd uses by default the internal Mnesia database,
353 %% so you can avoid this section.
354 %% This section provides configuration examples in case
355 %% you want to use other database backends.
356 %% Please consult the ejabberd Guide for details about database creation.
358 %% NOTE that ejabberd in Debian supports "out of the box"
359 %% only mnesia (default) and ODBC storage backends.
360 %% Working with MySQL and PostgreSQL DB backends requires
361 %% building and installation of the corresponding Erlang modules,
362 %% not distributed as a part of ejabberd.
363 %% Refer to /usr/share/doc/ejabberd/README.Debian for details.
368 %%{odbc_server, {mysql, "server", "database", "username", "password"}}.
370 %% If you want to specify the port:
371 %%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
374 %% PostgreSQL server:
376 %%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
378 %% If you want to specify the port:
379 %%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
381 %% If you use PostgreSQL, have a large database, and need a
382 %% faster but inexact replacement for "select count(*) from users"
384 %%{pgsql_users_number_estimate, true}.
387 %% ODBC compatible or MSSQL server:
389 %%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
392 %% Number of connections to open to the database for each virtual host
394 %%{odbc_pool_size, 10}.
397 %% Interval to make a dummy SQL request to keep alive the connections
398 %% to the database. Specify in seconds: for example 28800 means 8 hours
400 %%{odbc_keepalive_interval, undefined}.
407 %% The "normal" shaper limits traffic speed to 1.000 B/s
409 {shaper, normal, {maxrate, 1000}}.
412 %% The "fast" shaper limits traffic speed to 50.000 B/s
414 {shaper, fast, {maxrate, 50000}}.
417 %%% ====================
418 %%% ACCESS CONTROL LISTS
421 %% The 'admin' ACL grants administrative privileges to Jabber accounts.
422 %% You can put as many accounts as you want.
424 %%{acl, admin, {user, "aleksey", "localhost"}}.
425 {acl, admin, {user, "alex-admin" }}.
426 {acl, admin, {user, "alex-admin@dehnerts.com" }}.
427 {acl, admin, {user, "alex-admin@jabber.dehnerts.com" }}.
428 %%{acl, admin, {user, "ermine", "example.org"}}.
433 %%{acl, blocked, {user, "baduser", "example.org"}}.
434 %%{acl, blocked, {user, "test"}}.
437 %% Local users: don't modify this line.
439 {acl, local, {user_regexp, ""}}.
442 %% More examples of ACLs
444 %%{acl, jabberorg, {server, "jabber.org"}}.
445 %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
446 %%{acl, test, {user_regexp, "^test"}}.
447 %%{acl, test, {user_glob, "test*"}}.
450 %% Define specific ACLs in a virtual host.
452 %%{host_config, "localhost",
454 %% {acl, admin, {user, "bob-local", "localhost"}}
462 %% Define the maximum number of time a single user is allowed to connect:
463 {access, max_user_sessions, [{10, all}]}.
465 %% Maximum number of offline messages that users can have:
466 {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
468 %% This rule allows access only for local users:
469 {access, local, [{allow, local}]}.
471 %% Only non-blocked users can use c2s connections:
472 {access, c2s, [{deny, blocked},
475 %% For all users except admins used "normal" shaper
476 {access, c2s_shaper, [{none, admin},
479 %% For all S2S connections used "fast" shaper
480 {access, s2s_shaper, [{fast, all}]}.
482 %% Only admins can send announcement messages:
483 {access, announce, [{allow, admin}]}.
485 %% Only admins can use configuration interface:
486 {access, configure, [{allow, admin}]}.
488 %% Admins of this server are also admins of MUC service:
489 {access, muc_admin, [{allow, admin}]}.
491 %% All users are allowed to use MUC service:
492 {access, muc, [{allow, all}]}.
494 %% No username can be registered via in-band registration:
495 %% To enable in-band registration, replace 'deny' with 'allow'
496 % (note that if you remove mod_register from modules list then users will not
497 % be able to change their password as well as register).
498 % This setting is default because it's more safe.
499 {access, register, [{deny, all}]}.
501 %% By default frequency of account registrations from the same IP
502 %% is limited to 1 account every 10 minutes. To disable put: infinity
503 %%{registration_timeout, 600}.
505 %% Everybody can create pubsub nodes
506 {access, pubsub_createnode, [{allow, all}]}.
509 %% Define specific Access rules in a virtual host.
511 %%{host_config, "localhost",
513 %% {access, c2s, [{allow, admin}, {deny, all}]},
514 %% {access, register, [{deny, all}]}
523 %% language: Default language used for server messages.
528 %% Set a different default language in a virtual host.
530 %%{host_config, "localhost",
531 %% [{language, "ru"}]
539 %% Full path to a script that generates the image.
540 %% Note that this script must be made executable
541 %% for the user ejabberd:ejabberd.
543 %%{captcha_cmd, "/usr/lib/ejabberd/priv/bin/captcha.sh"}.
546 %% Host part of the URL sent to the user.
547 %% The port specified must be configured as the "ejabberd_http"
548 %% listener which must have the "captcha" directive included
549 %% in its configuration (see the "LISTENING PORTS" section above).
551 %%{captcha_host, "localhost:5280"}.
558 %% Modules enabled in all ejabberd virtual hosts.
563 {mod_announce, [{access, announce}]}, % requires mod_adhoc
565 {mod_configure,[]}, % requires mod_adhoc
566 {mod_admin_extra, []},
568 %%{mod_echo, [{host, "echo.localhost"}]},
570 %% NOTE that mod_http_fileserver must also be enabled in the
571 %% "request_handlers" clause of the "ejabberd_http" listener
572 %% configuration (see the "LISTENING PORTS" section above).
573 %%{mod_http_fileserver, [
574 %% {docroot, "/var/www"},
575 %% {accesslog, "/var/log/ejabberd/access.log"}
579 %%{host, "conference.@HOST@"},
581 {access_create, muc},
582 {access_persistent, muc},
583 {access_admin, muc_admin},
587 {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
594 {mod_pubsub, [ % requires mod_caps
595 {access_createnode, pubsub_createnode},
596 {pep_sendlast_offline, false},
597 {last_item_cache, false},
598 %%{plugins, ["default", "pep"]}
599 {plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
603 %% After successful registration, the user receives
604 %% a message with this subject and body.
606 {welcome_message, {"Welcome!",
607 "Welcome to a Jabber service powered by Debian. "
608 "For information about Jabber visit "
609 "http://www.jabber.org"}},
610 %% Replace it with 'none' if you don't want to send such message:
611 %%{welcome_message, none},
614 %% When a user registers, send a notification to
615 %% these Jabber accounts.
617 %%{registration_watchers, ["admin1@example.org"]},
622 %%{mod_service_log,[]},
623 %%{mod_shared_roster,[]},
631 %% Enable modules with custom options in a specific virtual host
633 %%{host_config, "localhost",
636 %% {mod_echo, [{host, "mirror.localhost"}]}
642 %%% $Id: ejabberd.cfg.example 2497 2009-08-17 20:27:28Z cromain $
647 %%% vim: set filetype=erlang tabstop=8: