2 %%% Debian ejabberd configuration file
3 %%% This config must be in UTF-8 encoding
5 %%% The parameters used in this configuration file are explained in more detail
6 %%% in the ejabberd Installation and Operation Guide.
7 %%% Please consult the Guide in case of doubts, it is available at
8 %%% /usr/share/doc/ejabberd/guide.html
10 %%% ===================================
11 %%% OVERRIDE OPTIONS STORED IN DATABASE
14 %% Override global options (shared by all ejabberd nodes in a cluster).
19 %% Override local options (specific for this particular ejabberd node).
24 %% Remove the Access Control Lists before new ones are added.
29 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
30 %% Options which are set by Debconf and managed by ucf
33 {acl, admin, {user, "", "localhost"}}.
36 {hosts, ["localhost"]}.
38 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40 %%% This configuration file contains Erlang terms.
41 %%% In case you want to understand the syntax, here are the concepts:
43 %%% - The character to comment a line is %
45 %%% - Each term ends in a dot, for example:
48 %%% - A tuple has a fixed definition, its elements are
49 %%% enclosed in {}, and separated with commas:
52 %%% - A list can have as many elements as you want,
53 %%% and is enclosed in [], for example:
54 %%% [http_poll, web_admin, tls]
56 %%% - A keyword of ejabberd is a word in lowercase.
57 %%% The strings are enclosed in "" and can have spaces, dots...
59 %%% {ldap_rootdn, "dc=example,dc=com"}.
61 %%% - This term includes a tuple, a keyword, a list and two strings:
62 %%% {hosts, ["jabber.example.net", "im.example.com"]}.
70 %% loglevel: Verbosity of log files generated by ejabberd.
71 %% 0: No ejabberd log at all (not recommended)
81 %% watchdog_admins: If an ejabberd process consumes too much memory,
82 %% send live notifications to those Jabber accounts.
84 %%{watchdog_admins, ["bob@example.com"]}.
91 %% hosts: Domains served by ejabberd.
92 %% You can define one or several, for example:
93 %% {hosts, ["example.net", "example.com", "example.org"]}.
95 %% (This option is defined by debconf earlier)
96 %% {hosts, ["localhost"]}.
99 %% route_subdomains: Delegate subdomains to other Jabber server.
100 %% For example, if this ejabberd serves example.org and you want
101 %% to allow communication with a Jabber server called im.example.org.
103 %%{route_subdomains, s2s}.
110 %% listen: Which ports will ejabberd listen, which service handles it
111 %% and what options to start it with.
115 {5222, ejabberd_c2s, [
117 {shaper, c2s_shaper},
118 {max_stanza_size, 65536},
119 starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
123 %% To enable the old SSL connection method (deprecated) in port 5223:
125 %%{5223, ejabberd_c2s, [
127 %% {shaper, c2s_shaper},
128 %% {max_stanza_size, 65536},
129 %% tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
132 {5269, ejabberd_s2s_in, [
133 {shaper, s2s_shaper},
134 {max_stanza_size, 131072}
137 %% External MUC jabber-muc (but internal mod_muc is better :))
138 %%{5554, ejabberd_service, [
139 %% {ip, {127, 0, 0, 1}},
141 %% {shaper_rule, fast},
142 %% {host, "muc.localhost", [{password, "secret"}]}
145 %% Jabber ICQ Transport
146 %%{5555, ejabberd_service, [
147 %% {ip, {127, 0, 0, 1}},
149 %% {shaper_rule, fast},
150 %% {hosts, ["icq.localhost", "sms.localhost"],
151 %% [{password, "secret"}]}
155 %%{5556, ejabberd_service, [
156 %% {ip, {127, 0, 0, 1}},
158 %% {shaper_rule, fast},
159 %% {host, "aim.localhost", [{password, "secret"}]}
163 %%{5557, ejabberd_service, [
164 %% {ip, {127, 0, 0, 1}},
166 %% {shaper_rule, fast},
167 %% {host, "msn.localhost", [{password, "secret"}]}
171 %%{5558, ejabberd_service, [
172 %% {ip, {127, 0, 0, 1}},
174 %% {shaper_rule, fast},
175 %% {host, "yahoo.localhost", [{password, "secret"}]}
178 %% External JUD (internal is more powerful,
179 %% but doesn't allow to register users from other servers)
180 %%{5559, ejabberd_service, [
181 %% {ip, {127, 0, 0, 1}},
183 %% {shaper_rule, fast},
184 %% {host, "jud.localhost", [{password, "secret"}]}
187 {5280, ejabberd_http, [
195 %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
196 %% Allowed values are: true or false.
197 %% You must specify a certificate file.
199 {s2s_use_starttls, true}.
202 %% s2s_certfile: Specify a certificate file.
204 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
207 %% domain_certfile: Specify a different certificate for each served hostname.
209 %%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
210 %%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
213 %% S2S whitelist or blacklist
215 %% Default s2s policy for undefined hosts.
217 %%{s2s_default_policy, allow}.
220 %% Allow or deny communication with specific servers.
222 %%{{s2s_host, "goodhost.org"}, allow}.
223 %%{{s2s_host, "badhost.org"}, deny}.
230 %% auth_method: Method used to authenticate the users.
231 %% The default method is the internal.
232 %% If you want to use a different method,
233 %% comment this line and enable the correct ones.
235 {auth_method, internal}.
238 %% Authentication using external script
239 %% Make sure the script is executable by ejabberd.
241 %%{auth_method, external}.
242 %%{extauth_program, "/path/to/authentication/script"}.
245 %% Authentication using ODBC
246 %% Remember to setup a database in the next section.
248 %%{auth_method, odbc}.
251 %% Authentication using PAM
253 %%{auth_method, pam}.
254 %%{pam_service, "pamservicename"}.
257 %% Authentication using LDAP
259 %%{auth_method, ldap}.
261 %% List of LDAP servers:
262 %%{ldap_servers, ["localhost"]}.
264 %% Encryption of connection to LDAP servers (LDAPS):
265 %%{ldap_encrypt, tls}.
267 %% Port connect to LDAP server:
271 %%{ldap_rootdn, "dc=example,dc=com"}.
273 %% Password to LDAP manager:
274 %%{ldap_password, "******"}.
276 %% Search base of LDAP directory:
277 %%{ldap_base, "dc=example,dc=com"}.
279 %% LDAP attribute that holds user ID:
280 %%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
283 %%{ldap_filter, "(objectClass=shadowAccount)"}.
286 %% Anonymous login support:
287 %% auth_method: anonymous
288 %% anonymous_protocol: sasl_anon | login_anon | both
289 %% allow_multiple_connections: true | false
291 %%{host_config, "public.example.org", [{auth_method, anonymous},
292 %% {allow_multiple_connections, false},
293 %% {anonymous_protocol, sasl_anon}]}.
295 %% To use both anonymous and internal authentication:
297 %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
303 %% ejabberd uses by default the internal Mnesia database,
304 %% so you can avoid this section.
305 %% This section provides configuration examples in case
306 %% you want to use other database backends.
307 %% Please consult the ejabberd Guide for details about database creation.
312 %%{odbc_server, {mysql, "server", "database", "username", "password"}}.
314 %% If you want to specify the port:
315 %%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
318 %% PostgreSQL server:
320 %%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
322 %% If you want to specify the port:
323 %%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
325 %% If you use PostgreSQL, have a large database, and need a
326 %% faster but inexact replacement for "select count(*) from users"
328 %%{pgsql_users_number_estimate, true}.
331 %% ODBC compatible or MSSQL server:
333 %%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
336 %% Number of connections to open to the database for each virtual host
338 %%{odbc_pool_size, 10}.
341 %% Interval to make a dummy SQL request to keep alive the connections
342 %% to the database. Specify in seconds: for example 28800 means 8 hours
344 %%{odbc_keepalive_interval, undefined}.
351 %% The "normal" shaper limits traffic speed to 1.000 B/s
353 {shaper, normal, {maxrate, 1000}}.
356 %% The "fast" shaper limits traffic speed to 50.000 B/s
358 {shaper, fast, {maxrate, 50000}}.
361 %%% ====================
362 %%% ACCESS CONTROL LISTS
365 %% The 'admin' ACL grants administrative privileges to Jabber accounts.
366 %% You can put as many accounts as you want.
368 %%{acl, admin, {user, "aleksey", "localhost"}}.
369 %%{acl, admin, {user, "ermine", "example.org"}}.
374 %%{acl, blocked, {user, "baduser", "example.org"}}.
375 %%{acl, blocked, {user, "test"}}.
378 %% Local users: don't modify this line.
380 {acl, local, {user_regexp, ""}}.
383 %% More examples of ACLs
385 %%{acl, jabberorg, {server, "jabber.org"}}.
386 %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
387 %%{acl, test, {user_regexp, "^test"}}.
388 %%{acl, test, {user_glob, "test*"}}.
394 %% Define the maximum number of time a single user is allowed to connect:
395 {access, max_user_sessions, [{10, all}]}.
397 %% This rule allows access only for local users:
398 {access, local, [{allow, local}]}.
400 %% Only non-blocked users can use c2s connections:
401 {access, c2s, [{deny, blocked},
404 %% For all users except admins used "normal" shaper
405 {access, c2s_shaper, [{none, admin},
408 %% For all S2S connections used "fast" shaper
409 {access, s2s_shaper, [{fast, all}]}.
411 %% Only admins can send announcement messages:
412 {access, announce, [{allow, admin}]}.
414 %% Only admins can use configuration interface:
415 {access, configure, [{allow, admin}]}.
417 %% Admins of this server are also admins of MUC service:
418 {access, muc_admin, [{allow, admin}]}.
420 %% All users are allowed to use MUC service:
421 {access, muc, [{allow, all}]}.
423 %% No username can be registered via in-band registration:
424 %% To enable in-band registration, replace 'deny' with 'allow'
425 % (note that if you remove mod_register from modules list then users will not
426 % be able to change their password as well as register).
427 % This setting is default because it's more safe.
428 {access, register, [{deny, all}]}.
430 %% Everybody can create pubsub nodes
431 {access, pubsub_createnode, [{allow, all}]}.
438 %% language: Default language used for server messages.
447 %% Modules enabled in all ejabberd virtual hosts.
452 {mod_announce, [{access, announce}]}, % requires mod_adhoc
454 {mod_configure,[]}, % requires mod_adhoc
457 %%{mod_echo, [{host, "echo.localhost"}]},
461 %%{host, "conference.@HOST@"},
463 {access_create, muc},
464 {access_persistent, muc},
465 {access_admin, muc_admin},
476 {mod_pubsub, [ % requires mod_caps
477 {access_createnode, pubsub_createnode},
478 {plugins, ["default", "pep"]}
482 %% After successful registration, the user receives
483 %% a message with this subject and body.
485 {welcome_message, {"Welcome!",
486 "Welcome to a Jabber service powered by Debian. "
487 "For information about Jabber visit "
488 "http://www.jabber.org"}},
489 %% Replace it with 'none' if you don't want to send such message:
490 %%{welcome_message, none},
493 %% When a user registers, send a notification to
494 %% these Jabber accounts.
496 %%{registration_watchers, ["admin1@example.org"]},
501 %%{mod_service_log,[]},
502 %%{mod_shared_roster,[]},
510 %%% $Id: ejabberd.cfg.example 1178 2008-02-08 18:28:36Z badlop $
515 %%% vim: set filetype=erlang tabstop=8: