2 %%% Debian ejabberd configuration file
3 %%% This config must be in UTF-8 encoding
5 %%% The parameters used in this configuration file are explained in more detail
6 %%% in the ejabberd Installation and Operation Guide.
7 %%% Please consult the Guide in case of doubts, it is available at
8 %%% /usr/share/doc/ejabberd/guide.html
10 %%% This configuration file contains Erlang terms.
11 %%% In case you want to understand the syntax, here are the concepts:
13 %%% - The character to comment a line is %
15 %%% - Each term ends in a dot, for example:
18 %%% - A tuple has a fixed definition, its elements are
19 %%% enclosed in {}, and separated with commas:
22 %%% - A list can have as many elements as you want,
23 %%% and is enclosed in [], for example:
24 %%% [http_poll, web_admin, tls]
26 %%% - A keyword of ejabberd is a word in lowercase.
27 %%% The strings are enclosed in "" and can have spaces, dots...
29 %%% {ldap_rootdn, "dc=example,dc=com"}.
31 %%% - This term includes a tuple, a keyword, a list and two strings:
32 %%% {hosts, ["jabber.example.net", "im.example.com"]}.
35 %%% ===================================
36 %%% OVERRIDE OPTIONS STORED IN DATABASE
39 %% Override global options (shared by all ejabberd nodes in a cluster).
44 %% Override local options (specific for this particular ejabberd node).
49 %% Remove the Access Control Lists before new ones are added.
54 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
55 %% Options which are set by Debconf and managed by ucf
58 {acl, admin, {user, "", "localhost"}}.
61 {hosts, ["jabber.dehnerts.com"]}.
63 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
70 %% loglevel: Verbosity of log files generated by ejabberd.
71 %% 0: No ejabberd log at all (not recommended)
81 %% watchdog_admins: If an ejabberd process consumes too much memory,
82 %% send live notifications to those Jabber accounts.
84 %%{watchdog_admins, ["bob@example.com"]}.
91 %% hosts: Domains served by ejabberd.
92 %% You can define one or several, for example:
93 %% {hosts, ["example.net", "example.com", "example.org"]}.
95 %% (This option is defined by debconf earlier)
96 %% {hosts, ["localhost"]}.
99 %% route_subdomains: Delegate subdomains to other Jabber server.
100 %% For example, if this ejabberd serves example.org and you want
101 %% to allow communication with a Jabber server called im.example.org.
103 %%{route_subdomains, s2s}.
110 %% listen: Which ports will ejabberd listen, which service handles it
111 %% and what options to start it with.
115 {5222, ejabberd_c2s, [
117 {shaper, c2s_shaper},
118 {max_stanza_size, 65536},
120 starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
124 %% To enable the old SSL connection method (deprecated) in port 5223:
126 %%{5223, ejabberd_c2s, [
128 %% {shaper, c2s_shaper},
129 %% {max_stanza_size, 65536},
131 %% tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
134 {5269, ejabberd_s2s_in, [
135 {shaper, s2s_shaper},
136 {max_stanza_size, 131072}
139 %% External MUC jabber-muc
140 %%{5554, ejabberd_service, [
141 %% {ip, {127, 0, 0, 1}},
143 %% {shaper_rule, fast},
144 %% {host, "muc.localhost", [{password, "secret"}]}
147 %% Jabber ICQ Transport
148 %%{5555, ejabberd_service, [
149 %% {ip, {127, 0, 0, 1}},
151 %% {shaper_rule, fast},
152 %% {hosts, ["icq.localhost", "sms.localhost"],
153 %% [{password, "secret"}]}
157 %%{5556, ejabberd_service, [
158 %% {ip, {127, 0, 0, 1}},
160 %% {shaper_rule, fast},
161 %% {host, "aim.localhost", [{password, "secret"}]}
165 %%{5557, ejabberd_service, [
166 %% {ip, {127, 0, 0, 1}},
168 %% {shaper_rule, fast},
169 %% {host, "msn.localhost", [{password, "secret"}]}
173 %%{5558, ejabberd_service, [
174 %% {ip, {127, 0, 0, 1}},
176 %% {shaper_rule, fast},
177 %% {host, "yahoo.localhost", [{password, "secret"}]}
180 %% External JUD (internal is more powerful,
181 %% but doesn't allow to register users from other servers)
182 %%{5559, ejabberd_service, [
183 %% {ip, {127, 0, 0, 1}},
185 %% {shaper_rule, fast},
186 %% {host, "jud.localhost", [{password, "secret"}]}
189 {5280, ejabberd_http, [
192 %% {["pub", "archive"], mod_http_fileserver}
203 %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
204 %% Allowed values are: true or false.
205 %% You must specify a certificate file.
207 {s2s_use_starttls, true}.
210 %% s2s_certfile: Specify a certificate file.
212 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
215 %% domain_certfile: Specify a different certificate for each served hostname.
217 %%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
218 %%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
221 %% S2S whitelist or blacklist
223 %% Default s2s policy for undefined hosts.
225 %%{s2s_default_policy, allow}.
228 %% Allow or deny communication with specific servers.
230 %%{{s2s_host, "goodhost.org"}, allow}.
231 %%{{s2s_host, "badhost.org"}, deny}.
234 %% The maximum allowed delay for retry to connect
235 %% after a failed connection attempt to a remote server, in seconds.
236 %% The default value is 300 seconds (5 minutes).
238 %% The reconnection algorythm works like this: if connection fails,
239 %% ejabberd makes an initial random delay between 1 and 15 seconds,
240 %% then retries, and if this attempt fails, makes another delay,
241 %% twice as long as previous. These attempts are performed either
242 %% until a successful connection is made or until the next calculated
243 %% delay is greated or equal than the value of s2s_max_retry_delay.
245 %%{s2s_max_retry_delay, 300}.
248 %% Outgoing S2S options
250 %% Preferred address families (which to try first) and connect timeout
253 %%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
260 %% auth_method: Method used to authenticate the users.
261 %% The default method is the internal.
262 %% If you want to use a different method,
263 %% comment this line and enable the correct ones.
265 {auth_method, internal}.
268 %% Authentication using external script
269 %% Make sure the script is executable by ejabberd.
271 %%{auth_method, external}.
272 %%{extauth_program, "/path/to/authentication/script"}.
275 %% Authentication using ODBC
276 %% Remember to setup a database in the next section.
278 %%{auth_method, odbc}.
281 %% Authentication using PAM
283 %%{auth_method, pam}.
284 %%{pam_service, "pamservicename"}.
287 %% Authentication using LDAP
289 %%{auth_method, ldap}.
291 %% List of LDAP servers:
292 %%{ldap_servers, ["localhost"]}.
294 %% Encryption of connection to LDAP servers (LDAPS):
295 %%{ldap_encrypt, none}.
296 %%{ldap_encrypt, tls}.
298 %% Port connect to LDAP server:
303 %%{ldap_rootdn, "dc=example,dc=com"}.
305 %% Password to LDAP manager:
306 %%{ldap_password, "******"}.
308 %% Search base of LDAP directory:
309 %%{ldap_base, "dc=example,dc=com"}.
311 %% LDAP attribute that holds user ID:
312 %%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
315 %%{ldap_filter, "(objectClass=shadowAccount)"}.
318 %% Anonymous login support:
319 %% auth_method: anonymous
320 %% anonymous_protocol: sasl_anon | login_anon | both
321 %% allow_multiple_connections: true | false
323 %%{host_config, "public.example.org", [{auth_method, anonymous},
324 %% {allow_multiple_connections, false},
325 %% {anonymous_protocol, sasl_anon}]}.
327 %% To use both anonymous and internal authentication:
329 %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
335 %% ejabberd uses by default the internal Mnesia database,
336 %% so you can avoid this section.
337 %% This section provides configuration examples in case
338 %% you want to use other database backends.
339 %% Please consult the ejabberd Guide for details about database creation.
341 %% NOTE that ejabberd in Debian supports "out of the box"
342 %% only mnesia (default) and ODBC storage backends.
343 %% Working with MySQL and PostgreSQL DB backends requires
344 %% building and installation of the corresponding Erlang modules,
345 %% not distributed as a part of ejabberd.
346 %% Refer to /usr/share/doc/ejabberd/README.Debian for details.
351 %%{odbc_server, {mysql, "server", "database", "username", "password"}}.
353 %% If you want to specify the port:
354 %%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
357 %% PostgreSQL server:
359 %%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
361 %% If you want to specify the port:
362 %%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
364 %% If you use PostgreSQL, have a large database, and need a
365 %% faster but inexact replacement for "select count(*) from users"
367 %%{pgsql_users_number_estimate, true}.
370 %% ODBC compatible or MSSQL server:
372 %%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
375 %% Number of connections to open to the database for each virtual host
377 %%{odbc_pool_size, 10}.
380 %% Interval to make a dummy SQL request to keep alive the connections
381 %% to the database. Specify in seconds: for example 28800 means 8 hours
383 %%{odbc_keepalive_interval, undefined}.
390 %% The "normal" shaper limits traffic speed to 1.000 B/s
392 {shaper, normal, {maxrate, 1000}}.
395 %% The "fast" shaper limits traffic speed to 50.000 B/s
397 {shaper, fast, {maxrate, 50000}}.
400 %%% ====================
401 %%% ACCESS CONTROL LISTS
404 %% The 'admin' ACL grants administrative privileges to Jabber accounts.
405 %% You can put as many accounts as you want.
407 %%{acl, admin, {user, "aleksey", "localhost"}}.
408 {acl, admin, {user, "alex-admin" }}.
409 %%{acl, admin, {user, "ermine", "example.org"}}.
414 %%{acl, blocked, {user, "baduser", "example.org"}}.
415 %%{acl, blocked, {user, "test"}}.
418 %% Local users: don't modify this line.
420 {acl, local, {user_regexp, ""}}.
423 %% More examples of ACLs
425 %%{acl, jabberorg, {server, "jabber.org"}}.
426 %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
427 %%{acl, test, {user_regexp, "^test"}}.
428 %%{acl, test, {user_glob, "test*"}}.
431 %% Define specific ACLs in a virtual host.
433 %%{host_config, "localhost",
435 %% {acl, admin, {user, "bob-local", "localhost"}}
443 %% Define the maximum number of time a single user is allowed to connect:
444 {access, max_user_sessions, [{10, all}]}.
446 %% Maximum number of offline messages that users can have:
447 {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
449 %% This rule allows access only for local users:
450 {access, local, [{allow, local}]}.
452 %% Only non-blocked users can use c2s connections:
453 {access, c2s, [{deny, blocked},
456 %% For all users except admins used "normal" shaper
457 {access, c2s_shaper, [{none, admin},
460 %% For all S2S connections used "fast" shaper
461 {access, s2s_shaper, [{fast, all}]}.
463 %% Only admins can send announcement messages:
464 {access, announce, [{allow, admin}]}.
466 %% Only admins can use configuration interface:
467 {access, configure, [{allow, admin}]}.
469 %% Admins of this server are also admins of MUC service:
470 {access, muc_admin, [{allow, admin}]}.
472 %% All users are allowed to use MUC service:
473 {access, muc, [{allow, all}]}.
475 %% No username can be registered via in-band registration:
476 %% To enable in-band registration, replace 'deny' with 'allow'
477 % (note that if you remove mod_register from modules list then users will not
478 % be able to change their password as well as register).
479 % This setting is default because it's more safe.
480 {access, register, [{deny, all}]}.
482 %% By default frequency of account registrations from the same IP
483 %% is limited to 1 account every 10 minutes. To disable put: infinity
484 %%{registration_timeout, 600}.
486 %% Everybody can create pubsub nodes
487 {access, pubsub_createnode, [{allow, all}]}.
490 %% Define specific Access rules in a virtual host.
492 %%{host_config, "localhost",
494 %% {access, c2s, [{allow, admin}, {deny, all}]},
495 %% {access, register, [{deny, all}]}
504 %% language: Default language used for server messages.
509 %% Set a different default language in a virtual host.
511 %%{host_config, "localhost",
512 %% [{language, "ru"}]
520 %% Full path to a script that generates the image.
521 %% Note that this script must be made executable
522 %% for the user ejabberd:ejabberd.
524 %%{captcha_cmd, "/usr/lib/ejabberd/priv/bin/captcha.sh"}.
527 %% Host part of the URL sent to the user.
528 %% The port specified must be configured as the "ejabberd_http"
529 %% listener which must have the "captcha" directive included
530 %% in its configuration (see the "LISTENING PORTS" section above).
532 %%{captcha_host, "localhost:5280"}.
539 %% Modules enabled in all ejabberd virtual hosts.
544 {mod_announce, [{access, announce}]}, % requires mod_adhoc
546 {mod_configure,[]}, % requires mod_adhoc
547 {mod_admin_extra, []},
549 %%{mod_echo, [{host, "echo.localhost"}]},
551 %% NOTE that mod_http_fileserver must also be enabled in the
552 %% "request_handlers" clause of the "ejabberd_http" listener
553 %% configuration (see the "LISTENING PORTS" section above).
554 %%{mod_http_fileserver, [
555 %% {docroot, "/var/www"},
556 %% {accesslog, "/var/log/ejabberd/access.log"}
560 %%{host, "conference.@HOST@"},
562 {access_create, muc},
563 {access_persistent, muc},
564 {access_admin, muc_admin},
568 {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
575 {mod_pubsub, [ % requires mod_caps
576 {access_createnode, pubsub_createnode},
577 {pep_sendlast_offline, false},
578 {last_item_cache, false},
579 %%{plugins, ["default", "pep"]}
580 {plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
584 %% After successful registration, the user receives
585 %% a message with this subject and body.
587 {welcome_message, {"Welcome!",
588 "Welcome to a Jabber service powered by Debian. "
589 "For information about Jabber visit "
590 "http://www.jabber.org"}},
591 %% Replace it with 'none' if you don't want to send such message:
592 %%{welcome_message, none},
595 %% When a user registers, send a notification to
596 %% these Jabber accounts.
598 %%{registration_watchers, ["admin1@example.org"]},
603 %%{mod_service_log,[]},
604 %%{mod_shared_roster,[]},
612 %% Enable modules with custom options in a specific virtual host
614 %%{host_config, "localhost",
617 %% {mod_echo, [{host, "mirror.localhost"}]}
623 %%% $Id: ejabberd.cfg.example 2497 2009-08-17 20:27:28Z cromain $
628 %%% vim: set filetype=erlang tabstop=8: