loglevel: warning log_rotate_count: 0 hosts: - trans13nrv.eu.org fqdn: xmpp.trans13nrv.eu.org certfiles: - "/etc/letsencrypt/live/trans13nrv.eu.org/privkey.pem" - "/etc/letsencrypt/live/trans13nrv.eu.org/fullchain.pem" update_sql_schema: true new_sql_schema: true sql_type: pgsql sql_server: localhost sql_database: ejabberd sql_username: ejabberd sql_password: ejabberd auth_method: [sql] default_db: sql acme: auto: false language: fr define_macro: 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" 'TLS_OPTIONS': - "no_sslv3" - "no_tlsv1" - "no_tlsv1_1" - "cipher_server_preference" - "no_compression" # 'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 c2s_ciphers: 'TLS_CIPHERS' s2s_ciphers: 'TLS_CIPHERS' c2s_protocol_options: 'TLS_OPTIONS' s2s_protocol_options: 'TLS_OPTIONS' # c2s_dhfile: 'DH_FILE' # s2s_dhfile: 'DH_FILE' listen: - port: 5222 ip: "137.74.82.131" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls: true - port: 5223 ip: "137.74.82.131" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s tls: true - port: 5269 ip: "137.74.82.131" module: ejabberd_s2s_in max_stanza_size: 524288 - port: 5443 ip: "137.74.82.131" module: ejabberd_http tls: true protocol_options: 'TLS_OPTIONS' request_handlers: /api: mod_http_api /bosh: mod_bosh ## /captcha: ejabberd_captcha /upload: mod_http_upload /ws: ejabberd_http_ws custom_headers: "Access-Control-Allow-Origin": "*" "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT" "Access-Control-Allow-Headers": "Authorization" "Access-Control-Allow-Credentials": "true" # - # port: 5280 # module: ejabberd_http # tls: false # protocol_options: 'TLS_OPTIONS' # request_handlers: {} # /.well-known/acme-challenge: ejabberd_acme # /admin: ejabberd_web_admin - port: 3478 ip: "137.74.82.131" transport: udp module: ejabberd_stun use_turn: true turn_ipv4_address: "137.74.82.131" - port: 1883 ip: "137.74.82.131" module: mod_mqtt backlog: 1000 ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text ## password storage (see auth_password_format option). disable_sasl_mechanisms: - "digest-md5" - "X-OAUTH2" s2s_use_starttls: required ## Store the plain passwords or hashed for SCRAM: auth_password_format: scram ## Full path to a script that generates the image. ## captcha_cmd: "/usr/share/ejabberd/captcha.sh" acl: admin: user: - "stupeflo@trans13nrv.eu.org" - "llowin@trans13nrv.eu.org" local: user_regexp: "" loopback: ip: - 127.0.0.0/8 - ::1/128 access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: local pubsub_createnode: allow: local trusted_network: allow: loopback api_permissions: "console commands": from: - ejabberd_ctl who: all what: "*" "admin access": who: access: allow: - acl: loopback - acl: admin oauth: scope: "ejabberd:admin" access: allow: - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - status - connected_users_number shaper: normal: rate: 3000 burst_size: 20000 fast: 200000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast modules: mod_admin_update_sql: {} mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} ## mod_delegation: {} # for xep0356 mod_disco: {} mod_fail2ban: {} mod_http_api: {} mod_http_upload: name: "HTTP File Upload" access: local max_size: 104857600 # 100 MiB. file_mode: "0640" dir_mode: "2750" docroot: "/opt/ejabberd/upload/@HOST@" put_url: "https://@HOST@:8443/upload" thumbnail: false hosts: - upload.trans13nrv.eu.org mod_last: {} mod_mam: ## Mnesia is limited to 2GB, better to use an SQL backend ## For small servers SQLite is a good fit and is very easy ## to configure. Uncomment this when you have SQL configured: db_type: sql assume_mam_usage: true default: always mod_mqtt: {} mod_muc: access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: mam: true host: muc.trans13nrv.eu.org mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_pres_counter: count: 5 interval: 60 mod_privacy: {} mod_private: {} ## mod_proxy65: ## access: local ## max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode ignore_pep_from_offline: false last_item_cache: false max_items_node: 1000 default_node_config: max_items: 1000 plugins: - "flat" - "pep" host: pubsub.trans13nrv.eu.org force_node_config: "eu.siacs.conversations.axolotl.*": access_model: open ## Avoid buggy clients to make their bookmarks public storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} ## mod_register: ## ## Only accept registration requests from the "trusted" ## ## network (see access_rules section above). ## ## Think twice before enabling registration from any ## ## address. See the Jabber SPAM Manifesto for details: ## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto ## ip_access: trusted_network mod_register: ip_access: trusted_network mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_sic: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_stun_disco: {} mod_vcard: search: false mod_vcard_xupdate: {} mod_version: {} ### Local Variables: ### mode: yaml ### End: ### vim: set filetype=yaml tabstop=8