From: Alex Dehnert Date: Mon, 8 Mar 2010 07:32:32 +0000 (-0500) Subject: Stock configuration X-Git-Url: https://dehnerts.com/gitweb/?a=commitdiff_plain;h=45db07d1be636142f7984108142e2ebf60e349aa;p=sysconfig%2Fejabberd.git Stock configuration --- 45db07d1be636142f7984108142e2ebf60e349aa diff --git a/ejabberd.cfg b/ejabberd.cfg new file mode 100644 index 0000000..b5ab8a0 --- /dev/null +++ b/ejabberd.cfg @@ -0,0 +1,515 @@ +%%% +%%% Debian ejabberd configuration file +%%% This config must be in UTF-8 encoding +%%% +%%% The parameters used in this configuration file are explained in more detail +%%% in the ejabberd Installation and Operation Guide. +%%% Please consult the Guide in case of doubts, it is available at +%%% /usr/share/doc/ejabberd/guide.html + +%%% =================================== +%%% OVERRIDE OPTIONS STORED IN DATABASE + +%% +%% Override global options (shared by all ejabberd nodes in a cluster). +%% +%%override_global. + +%% +%% Override local options (specific for this particular ejabberd node). +%% +%%override_local. + +%% +%% Remove the Access Control Lists before new ones are added. +%% +%%override_acls. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% Options which are set by Debconf and managed by ucf + +%% Admin user +{acl, admin, {user, "", "localhost"}}. + +%% Hostname +{hosts, ["localhost"]}. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%% This configuration file contains Erlang terms. +%%% In case you want to understand the syntax, here are the concepts: +%%% +%%% - The character to comment a line is % +%%% +%%% - Each term ends in a dot, for example: +%%% override_global. +%%% +%%% - A tuple has a fixed definition, its elements are +%%% enclosed in {}, and separated with commas: +%%% {loglevel, 4}. +%%% +%%% - A list can have as many elements as you want, +%%% and is enclosed in [], for example: +%%% [http_poll, web_admin, tls] +%%% +%%% - A keyword of ejabberd is a word in lowercase. +%%% The strings are enclosed in "" and can have spaces, dots... +%%% {language, "en"}. +%%% {ldap_rootdn, "dc=example,dc=com"}. +%%% +%%% - This term includes a tuple, a keyword, a list and two strings: +%%% {hosts, ["jabber.example.net", "im.example.com"]}. +%%% + + +%%% ========= +%%% DEBUGGING + +%% +%% loglevel: Verbosity of log files generated by ejabberd. +%% 0: No ejabberd log at all (not recommended) +%% 1: Critical +%% 2: Error +%% 3: Warning +%% 4: Info +%% 5: Debug +%% +{loglevel, 4}. + +%% +%% watchdog_admins: If an ejabberd process consumes too much memory, +%% send live notifications to those Jabber accounts. +%% +%%{watchdog_admins, ["bob@example.com"]}. + + +%%% ================ +%%% SERVED HOSTNAMES + +%% +%% hosts: Domains served by ejabberd. +%% You can define one or several, for example: +%% {hosts, ["example.net", "example.com", "example.org"]}. +%% +%% (This option is defined by debconf earlier) +%% {hosts, ["localhost"]}. + +%% +%% route_subdomains: Delegate subdomains to other Jabber server. +%% For example, if this ejabberd serves example.org and you want +%% to allow communication with a Jabber server called im.example.org. +%% +%%{route_subdomains, s2s}. + + +%%% =============== +%%% LISTENING PORTS + +%% +%% listen: Which ports will ejabberd listen, which service handles it +%% and what options to start it with. +%% +{listen, + [ + {5222, ejabberd_c2s, [ + {access, c2s}, + {shaper, c2s_shaper}, + {max_stanza_size, 65536}, + starttls, {certfile, "/etc/ejabberd/ejabberd.pem"} + ]}, + + %% + %% To enable the old SSL connection method (deprecated) in port 5223: + %% + %%{5223, ejabberd_c2s, [ + %% {access, c2s}, + %% {shaper, c2s_shaper}, + %% {max_stanza_size, 65536}, + %% tls, {certfile, "/etc/ejabberd/ejabberd.pem"} + %% ]}, + + {5269, ejabberd_s2s_in, [ + {shaper, s2s_shaper}, + {max_stanza_size, 131072} + ]}, + + %% External MUC jabber-muc (but internal mod_muc is better :)) + %%{5554, ejabberd_service, [ + %% {ip, {127, 0, 0, 1}}, + %% {access, all}, + %% {shaper_rule, fast}, + %% {host, "muc.localhost", [{password, "secret"}]} + %% ]}, + + %% Jabber ICQ Transport + %%{5555, ejabberd_service, [ + %% {ip, {127, 0, 0, 1}}, + %% {access, all}, + %% {shaper_rule, fast}, + %% {hosts, ["icq.localhost", "sms.localhost"], + %% [{password, "secret"}]} + %% ]}, + + %% AIM Transport + %%{5556, ejabberd_service, [ + %% {ip, {127, 0, 0, 1}}, + %% {access, all}, + %% {shaper_rule, fast}, + %% {host, "aim.localhost", [{password, "secret"}]} + %% ]}, + + %% MSN Transport + %%{5557, ejabberd_service, [ + %% {ip, {127, 0, 0, 1}}, + %% {access, all}, + %% {shaper_rule, fast}, + %% {host, "msn.localhost", [{password, "secret"}]} + %% ]}, + + %% Yahoo! Transport + %%{5558, ejabberd_service, [ + %% {ip, {127, 0, 0, 1}}, + %% {access, all}, + %% {shaper_rule, fast}, + %% {host, "yahoo.localhost", [{password, "secret"}]} + %% ]}, + + %% External JUD (internal is more powerful, + %% but doesn't allow to register users from other servers) + %%{5559, ejabberd_service, [ + %% {ip, {127, 0, 0, 1}}, + %% {access, all}, + %% {shaper_rule, fast}, + %% {host, "jud.localhost", [{password, "secret"}]} + %% ]}, + + {5280, ejabberd_http, [ + http_poll, + web_admin + ]} + + ]}. + +%% +%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. +%% Allowed values are: true or false. +%% You must specify a certificate file. +%% +{s2s_use_starttls, true}. + +%% +%% s2s_certfile: Specify a certificate file. +%% +{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}. + +%% +%% domain_certfile: Specify a different certificate for each served hostname. +%% +%%{domain_certfile, "example.org", "/path/to/example_org.pem"}. +%%{domain_certfile, "example.com", "/path/to/example_com.pem"}. + +%% +%% S2S whitelist or blacklist +%% +%% Default s2s policy for undefined hosts. +%% +%%{s2s_default_policy, allow}. + +%% +%% Allow or deny communication with specific servers. +%% +%%{{s2s_host, "goodhost.org"}, allow}. +%%{{s2s_host, "badhost.org"}, deny}. + + +%%% ============== +%%% AUTHENTICATION + +%% +%% auth_method: Method used to authenticate the users. +%% The default method is the internal. +%% If you want to use a different method, +%% comment this line and enable the correct ones. +%% +{auth_method, internal}. + +%% +%% Authentication using external script +%% Make sure the script is executable by ejabberd. +%% +%%{auth_method, external}. +%%{extauth_program, "/path/to/authentication/script"}. + +%% +%% Authentication using ODBC +%% Remember to setup a database in the next section. +%% +%%{auth_method, odbc}. + +%% +%% Authentication using PAM +%% +%%{auth_method, pam}. +%%{pam_service, "pamservicename"}. + +%% +%% Authentication using LDAP +%% +%%{auth_method, ldap}. +%% +%% List of LDAP servers: +%%{ldap_servers, ["localhost"]}. +%% +%% Encryption of connection to LDAP servers (LDAPS): +%%{ldap_encrypt, tls}. +%% +%% Port connect to LDAP server: +%%{ldap_port, 636}. +%% +%% LDAP manager: +%%{ldap_rootdn, "dc=example,dc=com"}. +%% +%% Password to LDAP manager: +%%{ldap_password, "******"}. +%% +%% Search base of LDAP directory: +%%{ldap_base, "dc=example,dc=com"}. +%% +%% LDAP attribute that holds user ID: +%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}. +%% +%% LDAP filter: +%%{ldap_filter, "(objectClass=shadowAccount)"}. + +%% +%% Anonymous login support: +%% auth_method: anonymous +%% anonymous_protocol: sasl_anon | login_anon | both +%% allow_multiple_connections: true | false +%% +%%{host_config, "public.example.org", [{auth_method, anonymous}, +%% {allow_multiple_connections, false}, +%% {anonymous_protocol, sasl_anon}]}. +%% +%% To use both anonymous and internal authentication: +%% +%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}. + + +%%% ============== +%%% DATABASE SETUP + +%% ejabberd uses by default the internal Mnesia database, +%% so you can avoid this section. +%% This section provides configuration examples in case +%% you want to use other database backends. +%% Please consult the ejabberd Guide for details about database creation. + +%% +%% MySQL server: +%% +%%{odbc_server, {mysql, "server", "database", "username", "password"}}. +%% +%% If you want to specify the port: +%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}. + +%% +%% PostgreSQL server: +%% +%%{odbc_server, {pgsql, "server", "database", "username", "password"}}. +%% +%% If you want to specify the port: +%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}. +%% +%% If you use PostgreSQL, have a large database, and need a +%% faster but inexact replacement for "select count(*) from users" +%% +%%{pgsql_users_number_estimate, true}. + +%% +%% ODBC compatible or MSSQL server: +%% +%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}. + +%% +%% Number of connections to open to the database for each virtual host +%% +%%{odbc_pool_size, 10}. + +%% +%% Interval to make a dummy SQL request to keep alive the connections +%% to the database. Specify in seconds: for example 28800 means 8 hours +%% +%%{odbc_keepalive_interval, undefined}. + + +%%% =============== +%%% TRAFFIC SHAPERS + +%% +%% The "normal" shaper limits traffic speed to 1.000 B/s +%% +{shaper, normal, {maxrate, 1000}}. + +%% +%% The "fast" shaper limits traffic speed to 50.000 B/s +%% +{shaper, fast, {maxrate, 50000}}. + + +%%% ==================== +%%% ACCESS CONTROL LISTS + +%% +%% The 'admin' ACL grants administrative privileges to Jabber accounts. +%% You can put as many accounts as you want. +%% +%%{acl, admin, {user, "aleksey", "localhost"}}. +%%{acl, admin, {user, "ermine", "example.org"}}. + +%% +%% Blocked users +%% +%%{acl, blocked, {user, "baduser", "example.org"}}. +%%{acl, blocked, {user, "test"}}. + +%% +%% Local users: don't modify this line. +%% +{acl, local, {user_regexp, ""}}. + +%% +%% More examples of ACLs +%% +%%{acl, jabberorg, {server, "jabber.org"}}. +%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. +%%{acl, test, {user_regexp, "^test"}}. +%%{acl, test, {user_glob, "test*"}}. + + +%%% ============ +%%% ACCESS RULES + +%% Define the maximum number of time a single user is allowed to connect: +{access, max_user_sessions, [{10, all}]}. + +%% This rule allows access only for local users: +{access, local, [{allow, local}]}. + +%% Only non-blocked users can use c2s connections: +{access, c2s, [{deny, blocked}, + {allow, all}]}. + +%% For all users except admins used "normal" shaper +{access, c2s_shaper, [{none, admin}, + {normal, all}]}. + +%% For all S2S connections used "fast" shaper +{access, s2s_shaper, [{fast, all}]}. + +%% Only admins can send announcement messages: +{access, announce, [{allow, admin}]}. + +%% Only admins can use configuration interface: +{access, configure, [{allow, admin}]}. + +%% Admins of this server are also admins of MUC service: +{access, muc_admin, [{allow, admin}]}. + +%% All users are allowed to use MUC service: +{access, muc, [{allow, all}]}. + +%% No username can be registered via in-band registration: +%% To enable in-band registration, replace 'deny' with 'allow' +% (note that if you remove mod_register from modules list then users will not +% be able to change their password as well as register). +% This setting is default because it's more safe. +{access, register, [{deny, all}]}. + +%% Everybody can create pubsub nodes +{access, pubsub_createnode, [{allow, all}]}. + + +%%% ================ +%%% DEFAULT LANGUAGE + +%% +%% language: Default language used for server messages. +%% +{language, "en"}. + + +%%% ======= +%%% MODULES + +%% +%% Modules enabled in all ejabberd virtual hosts. +%% +{modules, + [ + {mod_adhoc, []}, + {mod_announce, [{access, announce}]}, % requires mod_adhoc + {mod_caps, []}, + {mod_configure,[]}, % requires mod_adhoc + {mod_ctlextra, []}, + {mod_disco, []}, + %%{mod_echo, [{host, "echo.localhost"}]}, + {mod_irc, []}, + {mod_last, []}, + {mod_muc, [ + %%{host, "conference.@HOST@"}, + {access, muc}, + {access_create, muc}, + {access_persistent, muc}, + {access_admin, muc_admin}, + {max_users, 500} + ]}, + %%{mod_muc_log,[]}, + {mod_offline, []}, + {mod_privacy, []}, + {mod_private, []}, + {mod_proxy65, [ + {access, local}, + {shaper, c2s_shaper} + ]}, + {mod_pubsub, [ % requires mod_caps + {access_createnode, pubsub_createnode}, + {plugins, ["default", "pep"]} + ]}, + {mod_register, [ + %% + %% After successful registration, the user receives + %% a message with this subject and body. + %% + {welcome_message, {"Welcome!", + "Welcome to a Jabber service powered by Debian. " + "For information about Jabber visit " + "http://www.jabber.org"}}, + %% Replace it with 'none' if you don't want to send such message: + %%{welcome_message, none}, + + %% + %% When a user registers, send a notification to + %% these Jabber accounts. + %% + %%{registration_watchers, ["admin1@example.org"]}, + + {access, register} + ]}, + {mod_roster, []}, + %%{mod_service_log,[]}, + %%{mod_shared_roster,[]}, + {mod_stats, []}, + {mod_time, []}, + {mod_vcard, []}, + {mod_version, []} + ]}. + + +%%% $Id: ejabberd.cfg.example 1178 2008-02-08 18:28:36Z badlop $ + +%%% Local Variables: +%%% mode: erlang +%%% End: +%%% vim: set filetype=erlang tabstop=8: