|
|
@@ -0,0 +1,932 @@ |
|
|
|
%%% |
|
|
|
%%% ejabberd configuration file |
|
|
|
%%% |
|
|
|
%%%' |
|
|
|
|
|
|
|
%%% The parameters used in this configuration file are explained in more detail |
|
|
|
%%% in the ejabberd Installation and Operation Guide. |
|
|
|
%%% Please consult the Guide in case of doubts, it is included with |
|
|
|
%%% your copy of ejabberd, and is also available online at |
|
|
|
%%% http://www.process-one.net/en/ejabberd/docs/ |
|
|
|
|
|
|
|
%%% This configuration file contains Erlang terms. |
|
|
|
%%% In case you want to understand the syntax, here are the concepts: |
|
|
|
%%% |
|
|
|
%%% - The character to comment a line is % |
|
|
|
%%% |
|
|
|
%%% - Each term ends in a dot, for example: |
|
|
|
%%% override_global. |
|
|
|
%%% |
|
|
|
%%% - A tuple has a fixed definition, its elements are |
|
|
|
%%% enclosed in {}, and separated with commas: |
|
|
|
%%% {loglevel, 4}. |
|
|
|
%%% |
|
|
|
%%% - A list can have as many elements as you want, |
|
|
|
%%% and is enclosed in [], for example: |
|
|
|
%%% [http_poll, web_admin, tls] |
|
|
|
%%% |
|
|
|
%%% Pay attention that list elements are delimited with commas, |
|
|
|
%%% but no comma is allowed after the last list element. This will |
|
|
|
%%% give a syntax error unlike in more lenient languages (e.g. Python). |
|
|
|
%%% |
|
|
|
%%% - A keyword of ejabberd is a word in lowercase. |
|
|
|
%%% Strings are enclosed in "" and can contain spaces, dots, ... |
|
|
|
%%% {language, "en"}. |
|
|
|
%%% {ldap_rootdn, "dc=example,dc=com"}. |
|
|
|
%%% |
|
|
|
%%% - This term includes a tuple, a keyword, a list, and two strings: |
|
|
|
%%% {hosts, ["jabber.example.net", "im.example.com"]}. |
|
|
|
%%% |
|
|
|
%%% - This config is preprocessed during release generation by a tool which |
|
|
|
%%% interprets double curly braces as substitution markers, so avoid this |
|
|
|
%%% syntax in this file (though it's valid Erlang). |
|
|
|
%%% |
|
|
|
%%% So this is OK (though arguably looks quite ugly): |
|
|
|
%%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }. |
|
|
|
%%% |
|
|
|
%%% And I can't give an example of what's not OK exactly because |
|
|
|
%%% of this rule. |
|
|
|
%%% |
|
|
|
|
|
|
|
|
|
|
|
%%%. ======================= |
|
|
|
%%%' OVERRIDE STORED OPTIONS |
|
|
|
|
|
|
|
%% |
|
|
|
%% Override the old values stored in the database. |
|
|
|
%% |
|
|
|
|
|
|
|
%% |
|
|
|
%% Override global options (shared by all ejabberd nodes in a cluster). |
|
|
|
%% |
|
|
|
%%override_global. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Override local options (specific for this particular ejabberd node). |
|
|
|
%% |
|
|
|
%%override_local. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Remove the Access Control Lists before new ones are added. |
|
|
|
%% |
|
|
|
%%override_acls. |
|
|
|
|
|
|
|
|
|
|
|
%%%. ========= |
|
|
|
%%%' DEBUGGING |
|
|
|
|
|
|
|
%% |
|
|
|
%% loglevel: Verbosity of log files generated by ejabberd. |
|
|
|
%% 0: No ejabberd log at all (not recommended) |
|
|
|
%% 1: Critical |
|
|
|
%% 2: Error |
|
|
|
%% 3: Warning |
|
|
|
%% 4: Info |
|
|
|
%% 5: Debug |
|
|
|
%% |
|
|
|
{loglevel, 3}. |
|
|
|
|
|
|
|
%%%. ================ |
|
|
|
%%%' SERVED HOSTNAMES |
|
|
|
|
|
|
|
%% |
|
|
|
%% hosts: Domains served by ejabberd. |
|
|
|
%% You can define one or several, for example: |
|
|
|
%% {hosts, ["example.net", "example.com", "example.org"]}. |
|
|
|
%% |
|
|
|
{hosts, ["pleroma.soykaf.com"] }. |
|
|
|
|
|
|
|
%% |
|
|
|
%% route_subdomains: Delegate subdomains to other XMPP servers. |
|
|
|
%% For example, if this ejabberd serves example.org and you want |
|
|
|
%% to allow communication with an XMPP server called im.example.org. |
|
|
|
%% |
|
|
|
%%{route_subdomains, s2s}. |
|
|
|
|
|
|
|
|
|
|
|
%%%. =============== |
|
|
|
%%%' LISTENING PORTS |
|
|
|
|
|
|
|
%% |
|
|
|
%% listen: The ports ejabberd will listen on, which service each is handled |
|
|
|
%% by and what options to start it with. |
|
|
|
%% |
|
|
|
{listen, |
|
|
|
[ |
|
|
|
%% BOSH and WS endpoints over HTTP |
|
|
|
{ 5280, ejabberd_cowboy, [ |
|
|
|
{num_acceptors, 10}, |
|
|
|
{transport_options, [{max_connections, 1024}]}, |
|
|
|
{modules, [ |
|
|
|
|
|
|
|
{"_", "/http-bind", mod_bosh}, |
|
|
|
{"_", "/ws-xmpp", mod_websockets, [{ejabberd_service, [ |
|
|
|
{access, all}, |
|
|
|
{shaper_rule, fast}, |
|
|
|
{ip, {127, 0, 0, 1}}, |
|
|
|
{password, "secret"}]} |
|
|
|
%% Uncomment to enable connection dropping or/and server-side pings |
|
|
|
%{timeout, 600000}, {ping_rate, 2000} |
|
|
|
]} |
|
|
|
%% Uncomment to serve static files |
|
|
|
%{"_", "/static/[...]", cowboy_static, |
|
|
|
% {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]} |
|
|
|
%}, |
|
|
|
|
|
|
|
%% Example usage of mod_revproxy |
|
|
|
|
|
|
|
%% {"_", "/[...]", mod_revproxy, [{timeout, 5000}, |
|
|
|
%% % time limit for upstream to respond |
|
|
|
%% {body_length, 8000000}, |
|
|
|
%% % maximum body size (may be infinity) |
|
|
|
%% {custom_headers, [{<<"header">>,<<"value">>}]} |
|
|
|
%% % list of extra headers that are send to upstream |
|
|
|
%% ]} |
|
|
|
|
|
|
|
%% Example usage of mod_cowboy |
|
|
|
|
|
|
|
%% {"_", "/[...]", mod_cowboy, [{http, mod_revproxy, |
|
|
|
%% [{timeout, 5000}, |
|
|
|
%% % time limit for upstream to respond |
|
|
|
%% {body_length, 8000000}, |
|
|
|
%% % maximum body size (may be infinity) |
|
|
|
%% {custom_headers, [{<<"header">>,<<"value">>}]} |
|
|
|
%% % list of extra headers that are send to upstream |
|
|
|
%% ]}, |
|
|
|
%% {ws, xmpp, mod_websockets} |
|
|
|
%% ]} |
|
|
|
]} |
|
|
|
]}, |
|
|
|
|
|
|
|
%% BOSH and WS endpoints over HTTPS |
|
|
|
{ 5285, ejabberd_cowboy, [ |
|
|
|
{num_acceptors, 10}, |
|
|
|
{transport_options, [{max_connections, 1024}]}, |
|
|
|
{ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]}, |
|
|
|
{modules, [ |
|
|
|
{"_", "/http-bind", mod_bosh}, |
|
|
|
{"_", "/ws-xmpp", mod_websockets, [ |
|
|
|
%% Uncomment to enable connection dropping or/and server-side pings |
|
|
|
%{timeout, 600000}, {ping_rate, 60000} |
|
|
|
]} |
|
|
|
%% Uncomment to serve static files |
|
|
|
%{"_", "/static/[...]", cowboy_static, |
|
|
|
% {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]} |
|
|
|
%}, |
|
|
|
]} |
|
|
|
]}, |
|
|
|
|
|
|
|
%% MongooseIM HTTP API it's important to start it on localhost |
|
|
|
%% or some private interface only (not accessible from the outside) |
|
|
|
%% At least start it on different port which will be hidden behind firewall |
|
|
|
|
|
|
|
{ {8088, "127.0.0.1"} , ejabberd_cowboy, [ |
|
|
|
{num_acceptors, 10}, |
|
|
|
{transport_options, [{max_connections, 1024}]}, |
|
|
|
{modules, [ |
|
|
|
{"localhost", "/api", mongoose_api_admin, []} |
|
|
|
]} |
|
|
|
]}, |
|
|
|
|
|
|
|
{ 8089 , ejabberd_cowboy, [ |
|
|
|
{num_acceptors, 10}, |
|
|
|
{transport_options, [{max_connections, 1024}]}, |
|
|
|
{protocol_options, [{compress, true}]}, |
|
|
|
{ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]}, |
|
|
|
{modules, [ |
|
|
|
{"_", "/api/sse", lasse_handler, [mongoose_client_api_sse]}, |
|
|
|
{"_", "/api/messages/[:with]", mongoose_client_api_messages, []}, |
|
|
|
{"_", "/api/contacts/[:jid]", mongoose_client_api_contacts, []}, |
|
|
|
{"_", "/api/rooms/[:id]", mongoose_client_api_rooms, []}, |
|
|
|
{"_", "/api/rooms/[:id]/config", mongoose_client_api_rooms_config, []}, |
|
|
|
{"_", "/api/rooms/:id/users/[:user]", mongoose_client_api_rooms_users, []}, |
|
|
|
{"_", "/api/rooms/[:id]/messages", mongoose_client_api_rooms_messages, []} |
|
|
|
]} |
|
|
|
]}, |
|
|
|
|
|
|
|
%% Following HTTP API is deprected, the new one abouve should be used instead |
|
|
|
|
|
|
|
{ {5288, "127.0.0.1"} , ejabberd_cowboy, [ |
|
|
|
{num_acceptors, 10}, |
|
|
|
{transport_options, [{max_connections, 1024}]}, |
|
|
|
{modules, [ |
|
|
|
{"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics, |
|
|
|
mongoose_api_users]}]} |
|
|
|
]} |
|
|
|
]}, |
|
|
|
|
|
|
|
{ 5222, ejabberd_c2s, [ |
|
|
|
|
|
|
|
%% |
|
|
|
%% If TLS is compiled in and you installed a SSL |
|
|
|
%% certificate, specify the full path to the |
|
|
|
%% file and uncomment this line: |
|
|
|
%% |
|
|
|
{certfile, "priv/ssl/both.pem"}, starttls, |
|
|
|
|
|
|
|
%%{zlib, 10000}, |
|
|
|
%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS |
|
|
|
%% {ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"}, |
|
|
|
{access, c2s}, |
|
|
|
{shaper, c2s_shaper}, |
|
|
|
{max_stanza_size, 65536}, |
|
|
|
{protocol_options, ["no_sslv3"]} |
|
|
|
|
|
|
|
]}, |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%% |
|
|
|
%% To enable the old SSL connection method on port 5223: |
|
|
|
%% |
|
|
|
%%{5223, ejabberd_c2s, [ |
|
|
|
%% {access, c2s}, |
|
|
|
%% {shaper, c2s_shaper}, |
|
|
|
%% {certfile, "/path/to/ssl.pem"}, tls, |
|
|
|
%% {max_stanza_size, 65536} |
|
|
|
%% ]}, |
|
|
|
|
|
|
|
{ 5269, ejabberd_s2s_in, [ |
|
|
|
{shaper, s2s_shaper}, |
|
|
|
{max_stanza_size, 131072}, |
|
|
|
{protocol_options, ["no_sslv3"]} |
|
|
|
|
|
|
|
]} |
|
|
|
|
|
|
|
%% |
|
|
|
%% ejabberd_service: Interact with external components (transports, ...) |
|
|
|
%% |
|
|
|
,{8888, ejabberd_service, [ |
|
|
|
{access, all}, |
|
|
|
{shaper_rule, fast}, |
|
|
|
{ip, {127, 0, 0, 1}}, |
|
|
|
{password, "secret"} |
|
|
|
]} |
|
|
|
|
|
|
|
%% |
|
|
|
%% ejabberd_stun: Handles STUN Binding requests |
|
|
|
%% |
|
|
|
%%{ {3478, udp}, ejabberd_stun, []} |
|
|
|
|
|
|
|
]}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. |
|
|
|
%% Allowed values are: false optional required required_trusted |
|
|
|
%% You must specify a certificate file. |
|
|
|
%% |
|
|
|
{s2s_use_starttls, optional}. |
|
|
|
%% |
|
|
|
%% s2s_certfile: Specify a certificate file. |
|
|
|
%% |
|
|
|
{s2s_certfile, "priv/ssl/both.pem"}. |
|
|
|
|
|
|
|
%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS |
|
|
|
%% {s2s_ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% domain_certfile: Specify a different certificate for each served hostname. |
|
|
|
%% |
|
|
|
%%{domain_certfile, "example.org", "/path/to/example_org.pem"}. |
|
|
|
%%{domain_certfile, "example.com", "/path/to/example_com.pem"}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% S2S whitelist or blacklist |
|
|
|
%% |
|
|
|
%% Default s2s policy for undefined hosts. |
|
|
|
%% |
|
|
|
{s2s_default_policy, deny }. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Allow or deny communication with specific servers. |
|
|
|
%% |
|
|
|
%%{ {s2s_host, "goodhost.org"}, allow}. |
|
|
|
%%{ {s2s_host, "badhost.org"}, deny}. |
|
|
|
|
|
|
|
{outgoing_s2s_port, 5269 }. |
|
|
|
|
|
|
|
%% |
|
|
|
%% IP addresses predefined for specific hosts to skip DNS lookups. |
|
|
|
%% Ports defined here take precedence over outgoing_s2s_port. |
|
|
|
%% Examples: |
|
|
|
%% |
|
|
|
%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }. |
|
|
|
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }. |
|
|
|
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Outgoing S2S options |
|
|
|
%% |
|
|
|
%% Preferred address families (which to try first) and connect timeout |
|
|
|
%% in milliseconds. |
|
|
|
%% |
|
|
|
%%{outgoing_s2s_options, [ipv4, ipv6], 10000}. |
|
|
|
%% |
|
|
|
%%%. ============== |
|
|
|
%%%' SESSION BACKEND |
|
|
|
|
|
|
|
%%{sm_backend, {mnesia, []}}. |
|
|
|
|
|
|
|
%% Requires {redis, global, default, ..., ...} outgoing pool |
|
|
|
%%{sm_backend, {redis, []}}. |
|
|
|
|
|
|
|
{sm_backend, {mnesia, []} }. |
|
|
|
|
|
|
|
|
|
|
|
%%%. ============== |
|
|
|
%%%' AUTHENTICATION |
|
|
|
|
|
|
|
%% Advertised SASL mechanisms |
|
|
|
{sasl_mechanisms, [cyrsasl_plain]}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% auth_method: Method used to authenticate the users. |
|
|
|
%% The default method is the internal. |
|
|
|
%% If you want to use a different method, |
|
|
|
%% comment this line and enable the correct ones. |
|
|
|
%% |
|
|
|
%% {auth_method, internal }. |
|
|
|
{auth_method, http }. |
|
|
|
{auth_opts, [ |
|
|
|
{http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]}, |
|
|
|
{password_format, plain} % default |
|
|
|
%% {password_format, scram} |
|
|
|
|
|
|
|
%% {scram_iterations, 4096} % default |
|
|
|
|
|
|
|
%% |
|
|
|
%% For auth_http: |
|
|
|
%% {basic_auth, "user:password"} |
|
|
|
%% {path_prefix, "/"} % default |
|
|
|
%% auth_http requires {http, Host | global, auth, ..., ...} outgoing pool. |
|
|
|
%% |
|
|
|
%% For auth_external |
|
|
|
%%{extauth_program, "/path/to/authentication/script"}. |
|
|
|
%% |
|
|
|
%% For auth_jwt |
|
|
|
%% {jwt_secret_source, "/path/to/file"}, |
|
|
|
%% {jwt_algorithm, "RS256"}, |
|
|
|
%% {jwt_username_key, user} |
|
|
|
%% For cyrsasl_external |
|
|
|
%% {authenticate_with_cn, false} |
|
|
|
{cyrsasl_external, standard} |
|
|
|
]}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Authentication using external script |
|
|
|
%% Make sure the script is executable by ejabberd. |
|
|
|
%% |
|
|
|
%%{auth_method, external}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Authentication using RDBMS |
|
|
|
%% Remember to setup a database in the next section. |
|
|
|
%% |
|
|
|
%%{auth_method, rdbms}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Authentication using LDAP |
|
|
|
%% |
|
|
|
%%{auth_method, ldap}. |
|
|
|
%% |
|
|
|
|
|
|
|
%% List of LDAP servers: |
|
|
|
%%{ldap_servers, ["localhost"]}. |
|
|
|
%% |
|
|
|
%% Encryption of connection to LDAP servers: |
|
|
|
%%{ldap_encrypt, none}. |
|
|
|
%%{ldap_encrypt, tls}. |
|
|
|
%% |
|
|
|
%% Port to connect to on LDAP servers: |
|
|
|
%%{ldap_port, 389}. |
|
|
|
%%{ldap_port, 636}. |
|
|
|
%% |
|
|
|
%% LDAP manager: |
|
|
|
%%{ldap_rootdn, "dc=example,dc=com"}. |
|
|
|
%% |
|
|
|
%% Password of LDAP manager: |
|
|
|
%%{ldap_password, "******"}. |
|
|
|
%% |
|
|
|
%% Search base of LDAP directory: |
|
|
|
%%{ldap_base, "dc=example,dc=com"}. |
|
|
|
%% |
|
|
|
%% LDAP attribute that holds user ID: |
|
|
|
%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}. |
|
|
|
%% |
|
|
|
%% LDAP filter: |
|
|
|
%%{ldap_filter, "(objectClass=shadowAccount)"}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Anonymous login support: |
|
|
|
%% auth_method: anonymous |
|
|
|
%% anonymous_protocol: sasl_anon | login_anon | both |
|
|
|
%% allow_multiple_connections: true | false |
|
|
|
%% |
|
|
|
%%{host_config, "public.example.org", [{auth_method, anonymous}, |
|
|
|
%% {allow_multiple_connections, false}, |
|
|
|
%% {anonymous_protocol, sasl_anon}]}. |
|
|
|
%% |
|
|
|
%% To use both anonymous and internal authentication: |
|
|
|
%% |
|
|
|
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}. |
|
|
|
|
|
|
|
|
|
|
|
%%%. ============== |
|
|
|
%%%' OUTGOING CONNECTIONS (e.g. DB) |
|
|
|
|
|
|
|
%% Here you may configure all outgoing connections used by MongooseIM, |
|
|
|
%% e.g. to RDBMS (such as MySQL), Riak or external HTTP components. |
|
|
|
%% Default MongooseIM configuration uses only Mnesia (non-Mnesia extensions are disabled), |
|
|
|
%% so no options here are uncommented out of the box. |
|
|
|
%% This section includes configuration examples; for comprehensive guide |
|
|
|
%% please consult MongooseIM documentation, page "Outgoing connections": |
|
|
|
%% - doc/advanced-configuration/outgoing-connections.md |
|
|
|
%% - https://mongooseim.readthedocs.io/en/latest/advanced-configuration/outgoing-connections/ |
|
|
|
|
|
|
|
|
|
|
|
{outgoing_pools, [ |
|
|
|
% {riak, global, default, [{workers, 5}], [{address, "127.0.0.1"}, {port, 8087}]}, |
|
|
|
% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]}, |
|
|
|
{http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]} |
|
|
|
% {cassandra, global, default, [{workers, 100}], [{servers, [{"server1", 9042}]}, {keyspace, "big_mongooseim"}]}, |
|
|
|
% {rdbms, global, default, [{workers, 10}], [{server, {mysql, "server", 3306, "database", "username", "password"}}]} |
|
|
|
]}. |
|
|
|
|
|
|
|
%% More examples that may be added to outgoing_pools list: |
|
|
|
%% |
|
|
|
%% == MySQL == |
|
|
|
%% {rdbms, global, default, [{workers, 10}], |
|
|
|
%% [{server, {mysql, "server", 3306, "database", "username", "password"}}, |
|
|
|
%% {keepalive_interval, 10}]}, |
|
|
|
%% keepalive_interval is optional |
|
|
|
|
|
|
|
%% == PostgreSQL == |
|
|
|
%% {rdbms, global, default, [{workers, 10}], |
|
|
|
%% [{server, {pgsql, "server", 5432, "database", "username", "password"}}]}, |
|
|
|
|
|
|
|
%% == ODBC (MSSQL) == |
|
|
|
%% {rdbms, global, default, [{workers, 10}], |
|
|
|
%% [{server, "DSN=mongooseim;UID=mongooseim;PWD=mongooseim"}]}, |
|
|
|
|
|
|
|
%% == Elastic Search == |
|
|
|
%% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]}, |
|
|
|
|
|
|
|
%% == Riak == |
|
|
|
%% {riak, global, default, [{workers, 20}], [{address, "127.0.0.1"}, {port, 8087}]}, |
|
|
|
|
|
|
|
%% == HTTP == |
|
|
|
%% {http, global, conn1, [{workers, 50}], [{server, "http://server:8080"}]}, |
|
|
|
|
|
|
|
%% == Cassandra == |
|
|
|
%% {cassandra, global, default, [{workers, 100}], |
|
|
|
%% [ |
|
|
|
%% {servers, [ |
|
|
|
%% {"cassandra_server1.example.com", 9042}, |
|
|
|
%% {"cassandra_server2.example.com", 9042}, |
|
|
|
%% {"cassandra_server3.example.com", 9042}, |
|
|
|
%% {"cassandra_server4.example.com", 9042} |
|
|
|
%% ]}, |
|
|
|
%% {keyspace, "big_mongooseim"} |
|
|
|
%% ]} |
|
|
|
|
|
|
|
%% == Extra options == |
|
|
|
%% |
|
|
|
%% If you use PostgreSQL, have a large database, and need a |
|
|
|
%% faster but inexact replacement for "select count(*) from users" |
|
|
|
%% |
|
|
|
%%{pgsql_users_number_estimate, true}. |
|
|
|
%% |
|
|
|
%% rdbms_server_type specifies what database is used over the RDBMS layer |
|
|
|
%% Can take values mssql, pgsql, mysql |
|
|
|
%% In some cases (for example for MAM with pgsql) it is required to set proper value. |
|
|
|
%% |
|
|
|
%% {rdbms_server_type, pgsql}. |
|
|
|
|
|
|
|
%%%. =============== |
|
|
|
%%%' TRAFFIC SHAPERS |
|
|
|
|
|
|
|
%% |
|
|
|
%% The "normal" shaper limits traffic speed to 1000 B/s |
|
|
|
%% |
|
|
|
{shaper, normal, {maxrate, 1000}}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% The "fast" shaper limits traffic speed to 50000 B/s |
|
|
|
%% |
|
|
|
{shaper, fast, {maxrate, 50000}}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% This option specifies the maximum number of elements in the queue |
|
|
|
%% of the FSM. Refer to the documentation for details. |
|
|
|
%% |
|
|
|
{max_fsm_queue, 1000}. |
|
|
|
|
|
|
|
%%%. ==================== |
|
|
|
%%%' ACCESS CONTROL LISTS |
|
|
|
|
|
|
|
%% |
|
|
|
%% The 'admin' ACL grants administrative privileges to XMPP accounts. |
|
|
|
%% You can put here as many accounts as you want. |
|
|
|
%% |
|
|
|
%{acl, admin, {user, "alice", "localhost"}}. |
|
|
|
%{acl, admin, {user, "a", "localhost"}}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Blocked users |
|
|
|
%% |
|
|
|
%%{acl, blocked, {user, "baduser", "example.org"}}. |
|
|
|
%%{acl, blocked, {user, "test"}}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Local users: don't modify this line. |
|
|
|
%% |
|
|
|
{acl, local, {user_regexp, ""}}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% More examples of ACLs |
|
|
|
%% |
|
|
|
%%{acl, jabberorg, {server, "jabber.org"}}. |
|
|
|
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. |
|
|
|
%%{acl, test, {user_regexp, "^test"}}. |
|
|
|
%%{acl, test, {user_glob, "test*"}}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Define specific ACLs in a virtual host. |
|
|
|
%% |
|
|
|
%%{host_config, "localhost", |
|
|
|
%% [ |
|
|
|
%% {acl, admin, {user, "bob-local", "localhost"}} |
|
|
|
%% ] |
|
|
|
%%}. |
|
|
|
|
|
|
|
%%%. ============ |
|
|
|
%%%' ACCESS RULES |
|
|
|
|
|
|
|
%% Maximum number of simultaneous sessions allowed for a single user: |
|
|
|
{access, max_user_sessions, [{10, all}]}. |
|
|
|
|
|
|
|
%% Maximum number of offline messages that users can have: |
|
|
|
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}. |
|
|
|
|
|
|
|
%% This rule allows access only for local users: |
|
|
|
{access, local, [{allow, local}]}. |
|
|
|
|
|
|
|
%% Only non-blocked users can use c2s connections: |
|
|
|
{access, c2s, [{deny, blocked}, |
|
|
|
{allow, all}]}. |
|
|
|
|
|
|
|
%% For C2S connections, all users except admins use the "normal" shaper |
|
|
|
{access, c2s_shaper, [{none, admin}, |
|
|
|
{normal, all}]}. |
|
|
|
|
|
|
|
%% All S2S connections use the "fast" shaper |
|
|
|
{access, s2s_shaper, [{fast, all}]}. |
|
|
|
|
|
|
|
%% Admins of this server are also admins of the MUC service: |
|
|
|
{access, muc_admin, [{allow, admin}]}. |
|
|
|
|
|
|
|
%% Only accounts of the local ejabberd server can create rooms: |
|
|
|
{access, muc_create, [{allow, local}]}. |
|
|
|
|
|
|
|
%% All users are allowed to use the MUC service: |
|
|
|
{access, muc, [{allow, all}]}. |
|
|
|
|
|
|
|
%% In-band registration allows registration of any possible username. |
|
|
|
%% To disable in-band registration, replace 'allow' with 'deny'. |
|
|
|
{access, register, [{allow, all}]}. |
|
|
|
|
|
|
|
%% By default the frequency of account registrations from the same IP |
|
|
|
%% is limited to 1 account every 10 minutes. To disable, specify: infinity |
|
|
|
{registration_timeout, infinity}. |
|
|
|
|
|
|
|
%% Default settings for MAM. |
|
|
|
%% To set non-standard value, replace 'default' with 'allow' or 'deny'. |
|
|
|
%% Only user can access his/her archive by default. |
|
|
|
%% An online user can read room's archive by default. |
|
|
|
%% Only an owner can change settings and purge messages by default. |
|
|
|
%% Empty list (i.e. `[]`) means `[{deny, all}]`. |
|
|
|
{access, mam_set_prefs, [{default, all}]}. |
|
|
|
{access, mam_get_prefs, [{default, all}]}. |
|
|
|
{access, mam_lookup_messages, [{default, all}]}. |
|
|
|
{access, mam_purge_single_message, [{default, all}]}. |
|
|
|
{access, mam_purge_multiple_messages, [{default, all}]}. |
|
|
|
|
|
|
|
%% 1 command of the specified type per second. |
|
|
|
{shaper, mam_shaper, {maxrate, 1}}. |
|
|
|
%% This shaper is primeraly for Mnesia overload protection during stress testing. |
|
|
|
%% The limit is 1000 operations of each type per second. |
|
|
|
{shaper, mam_global_shaper, {maxrate, 1000}}. |
|
|
|
|
|
|
|
{access, mam_set_prefs_shaper, [{mam_shaper, all}]}. |
|
|
|
{access, mam_get_prefs_shaper, [{mam_shaper, all}]}. |
|
|
|
{access, mam_lookup_messages_shaper, [{mam_shaper, all}]}. |
|
|
|
{access, mam_purge_single_message_shaper, [{mam_shaper, all}]}. |
|
|
|
{access, mam_purge_multiple_messages_shaper, [{mam_shaper, all}]}. |
|
|
|
|
|
|
|
{access, mam_set_prefs_global_shaper, [{mam_global_shaper, all}]}. |
|
|
|
{access, mam_get_prefs_global_shaper, [{mam_global_shaper, all}]}. |
|
|
|
{access, mam_lookup_messages_global_shaper, [{mam_global_shaper, all}]}. |
|
|
|
{access, mam_purge_single_message_global_shaper, [{mam_global_shaper, all}]}. |
|
|
|
{access, mam_purge_multiple_messages_global_shaper, [{mam_global_shaper, all}]}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Define specific Access Rules in a virtual host. |
|
|
|
%% |
|
|
|
%%{host_config, "localhost", |
|
|
|
%% [ |
|
|
|
%% {access, c2s, [{allow, admin}, {deny, all}]}, |
|
|
|
%% {access, register, [{deny, all}]} |
|
|
|
%% ] |
|
|
|
%%}. |
|
|
|
|
|
|
|
%%%. ================ |
|
|
|
%%%' DEFAULT LANGUAGE |
|
|
|
|
|
|
|
%% |
|
|
|
%% language: Default language used for server messages. |
|
|
|
%% |
|
|
|
{language, "en"}. |
|
|
|
|
|
|
|
%% |
|
|
|
%% Set a different default language in a virtual host. |
|
|
|
%% |
|
|
|
%%{host_config, "localhost", |
|
|
|
%% [{language, "ru"}] |
|
|
|
%%}. |
|
|
|
|
|
|
|
%%%. ================ |
|
|
|
%%%' MISCELLANEOUS |
|
|
|
|
|
|
|
{all_metrics_are_global, false }. |
|
|
|
|
|
|
|
%%%. ======== |
|
|
|
%%%' SERVICES |
|
|
|
|
|
|
|
%% Unlike modules, services are started per node and provide either features which are not |
|
|
|
%% related to any particular host, or backend stuff which is used by modules. |
|
|
|
%% This is handled by `mongoose_service` module. |
|
|
|
|
|
|
|
{services, |
|
|
|
[ |
|
|
|
{service_admin_extra, [{submods, [node, accounts, sessions, vcard, |
|
|
|
roster, last, private, stanza, stats]}]} |
|
|
|
] |
|
|
|
}. |
|
|
|
|
|
|
|
%%%. ======= |
|
|
|
%%%' MODULES |
|
|
|
|
|
|
|
%% |
|
|
|
%% Modules enabled in all mongooseim virtual hosts. |
|
|
|
%% For list of possible modules options, check documentation. |
|
|
|
%% |
|
|
|
{modules, |
|
|
|
[ |
|
|
|
|
|
|
|
%% The format for a single route is as follows: |
|
|
|
%% {Host, Path, Method, Upstream} |
|
|
|
%% |
|
|
|
%% "_" can be used as wildcard for Host, Path and Method |
|
|
|
%% Upstream can be either host (just http(s)://host:port) or uri |
|
|
|
%% The difference is that host upstreams append whole path while |
|
|
|
%% uri upstreams append only remainder that follows the matched Path |
|
|
|
%% (this behaviour is similar to nginx's proxy_pass rules) |
|
|
|
%% |
|
|
|
%% Bindings can be used to match certain parts of host or path. |
|
|
|
%% They will be later overlaid with parts of the upstream uri. |
|
|
|
%% |
|
|
|
%% {mod_revproxy, |
|
|
|
%% [{routes, [{"www.erlang-solutions.com", "/admin", "_", |
|
|
|
%% "https://www.erlang-solutions.com/"}, |
|
|
|
%% {":var.com", "/:var", "_", "http://localhost:8080/"}, |
|
|
|
%% {":domain.com", "/", "_", "http://localhost:8080/:domain"}] |
|
|
|
%% }]}, |
|
|
|
|
|
|
|
% {mod_http_upload, [ |
|
|
|
%% Set max file size in bytes. Defaults to 10 MB. |
|
|
|
%% Disabled if value is `undefined`. |
|
|
|
% {max_file_size, 1024}, |
|
|
|
%% Use S3 storage backend |
|
|
|
% {backend, s3}, |
|
|
|
%% Set options for S3 backend |
|
|
|
% {s3, [ |
|
|
|
% {bucket_url, "http://s3-eu-west-1.amazonaws.com/konbucket2"}, |
|
|
|
% {region, "eu-west-1"}, |
|
|
|
% {access_key_id, "AKIAIAOAONIULXQGMOUA"}, |
|
|
|
% {secret_access_key, "dGhlcmUgYXJlIG5vIGVhc3RlciBlZ2dzIGhlcmVf"} |
|
|
|
% ]} |
|
|
|
% ]}, |
|
|
|
|
|
|
|
{mod_adhoc, []}, |
|
|
|
|
|
|
|
{mod_disco, [{users_can_see_hidden_services, false}]}, |
|
|
|
{mod_commands, []}, |
|
|
|
{mod_muc_commands, []}, |
|
|
|
{mod_muc_light_commands, []}, |
|
|
|
{mod_last, []}, |
|
|
|
{mod_stream_management, [ |
|
|
|
% default 100 |
|
|
|
% size of a buffer of unacked messages |
|
|
|
% {buffer_max, 100} |
|
|
|
|
|
|
|
% default 1 - server sends the ack request after each stanza |
|
|
|
% {ack_freq, 1} |
|
|
|
|
|
|
|
% default: 600 seconds |
|
|
|
% {resume_timeout, 600} |
|
|
|
]}, |
|
|
|
%% {mod_muc_light, [{host, "muclight.@HOST@"}]}, |
|
|
|
%% {mod_muc, [{host, "muc.@HOST@"}, |
|
|
|
%% {access, muc}, |
|
|
|
%% {access_create, muc_create} |
|
|
|
%% ]}, |
|
|
|
%% {mod_muc_log, [ |
|
|
|
%% {outdir, "/tmp/muclogs"}, |
|
|
|
%% {access_log, muc} |
|
|
|
%% ]}, |
|
|
|
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]}, |
|
|
|
{mod_privacy, []}, |
|
|
|
{mod_blocking, []}, |
|
|
|
{mod_private, []}, |
|
|
|
% {mod_private, [{backend, mnesia}]}, |
|
|
|
% {mod_private, [{backend, rdbms}]}, |
|
|
|
% {mod_register, [ |
|
|
|
% %% |
|
|
|
% %% Set the minimum informational entropy for passwords. |
|
|
|
% %% |
|
|
|
% %%{password_strength, 32}, |
|
|
|
% |
|
|
|
% %% |
|
|
|
% %% After successful registration, the user receives |
|
|
|
% %% a message with this subject and body. |
|
|
|
% %% |
|
|
|
% {welcome_message, {""}}, |
|
|
|
% |
|
|
|
% %% |
|
|
|
% %% When a user registers, send a notification to |
|
|
|
% %% these XMPP accounts. |
|
|
|
% %% |
|
|
|
% |
|
|
|
% |
|
|
|
% %% |
|
|
|
% %% Only clients in the server machine can register accounts |
|
|
|
% %% |
|
|
|
% {ip_access, [{allow, "127.0.0.0/8"}, |
|
|
|
% {deny, "0.0.0.0/0"}]}, |
|
|
|
% |
|
|
|
% %% |
|
|
|
% %% Local c2s or remote s2s users cannot register accounts |
|
|
|
% %% |
|
|
|
% %%{access_from, deny}, |
|
|
|
% |
|
|
|
% {access, register} |
|
|
|
% ]}, |
|
|
|
{mod_roster, []}, |
|
|
|
{mod_sic, []}, |
|
|
|
{mod_vcard, [%{matches, 1}, |
|
|
|
%{search, true}, |
|
|
|
%{ldap_search_operator, 'or'}, %% either 'or' or 'and' |
|
|
|
%{ldap_binary_search_fields, [<<"PHOTO">>]}, |
|
|
|
%% list of binary search fields (as in vcard after mapping) |
|
|
|
{host, "vjud.@HOST@"} |
|
|
|
]}, |
|
|
|
{mod_bosh, []}, |
|
|
|
{mod_carboncopy, []} |
|
|
|
|
|
|
|
%% |
|
|
|
%% Message Archive Management (MAM, XEP-0313) for registered users and |
|
|
|
%% Multi-User chats (MUCs). |
|
|
|
%% |
|
|
|
|
|
|
|
% {mod_mam_meta, [ |
|
|
|
%% Use RDBMS backend (default) |
|
|
|
% {backend, rdbms}, |
|
|
|
|
|
|
|
%% Do not store user preferences (default) |
|
|
|
% {user_prefs_store, false}, |
|
|
|
%% Store user preferences in RDBMS |
|
|
|
% {user_prefs_store, rdbms}, |
|
|
|
%% Store user preferences in Mnesia (recommended). |
|
|
|
%% The preferences store will be called each time, as a message is routed. |
|
|
|
%% That is why Mnesia is better suited for this job. |
|
|
|
% {user_prefs_store, mnesia}, |
|
|
|
|
|
|
|
%% Enables a pool of asynchronous writers. (default) |
|
|
|
%% Messages will be grouped together based on archive id. |
|
|
|
% {async_writer, true}, |
|
|
|
|
|
|
|
%% Cache information about users (default) |
|
|
|
% {cache_users, true}, |
|
|
|
|
|
|
|
%% Enable archivization for private messages (default) |
|
|
|
% {pm, [ |
|
|
|
%% Top-level options can be overriden here if needed, for example: |
|
|
|
% {async_writer, false} |
|
|
|
% ]}, |
|
|
|
|
|
|
|
%% |
|
|
|
%% Message Archive Management (MAM) for multi-user chats (MUC). |
|
|
|
%% Enable XEP-0313 for "muc.@HOST@". |
|
|
|
%% |
|
|
|
% {muc, [ |
|
|
|
% {host, "muc.@HOST@"} |
|
|
|
%% As with pm, top-level options can be overriden for MUC archive |
|
|
|
% ]}, |
|
|
|
% |
|
|
|
%% Do not use a <stanza-id/> element (by default stanzaid is used) |
|
|
|
% no_stanzaid_element, |
|
|
|
% ]}, |
|
|
|
|
|
|
|
|
|
|
|
%% |
|
|
|
%% MAM configuration examples |
|
|
|
%% |
|
|
|
|
|
|
|
%% Only MUC, no user-defined preferences, good performance. |
|
|
|
% {mod_mam_meta, [ |
|
|
|
% {backend, rdbms}, |
|
|
|
% {pm, false}, |
|
|
|
% {muc, [ |
|
|
|
% {host, "muc.@HOST@"} |
|
|
|
% ]} |
|
|
|
% ]}, |
|
|
|
|
|
|
|
%% Only archives for c2c messages, good performance. |
|
|
|
% {mod_mam_meta, [ |
|
|
|
% {backend, rdbms}, |
|
|
|
% {pm, [ |
|
|
|
% {user_prefs_store, mnesia} |
|
|
|
% ]} |
|
|
|
% ]}, |
|
|
|
|
|
|
|
%% Basic configuration for c2c messages, bad performance, easy to debug. |
|
|
|
% {mod_mam_meta, [ |
|
|
|
% {backend, rdbms}, |
|
|
|
% {async_writer, false}, |
|
|
|
% {cache_users, false} |
|
|
|
% ]}, |
|
|
|
|
|
|
|
%% Cassandra archive for c2c and MUC conversations. |
|
|
|
%% No custom settings supported (always archive). |
|
|
|
% {mod_mam_meta, [ |
|
|
|
% {backend, cassandra}, |
|
|
|
% {user_prefs_store, cassandra}, |
|
|
|
% {muc, [{host, "muc.@HOST@"}]} |
|
|
|
% ]} |
|
|
|
|
|
|
|
% {mod_event_pusher, [ |
|
|
|
% {backends, [ |
|
|
|
% %% |
|
|
|
% %% Configuration for Amazon SNS notifications. |
|
|
|
% %% |
|
|
|
% {sns, [ |
|
|
|
% %% AWS credentials, region and host configuration |
|
|
|
% {access_key_id, "AKIAJAZYHOIPY6A2PESA"}, |
|
|
|
% {secret_access_key, "c3RvcCBsb29raW5nIGZvciBlYXN0ZXIgZWdncyxr"}, |
|
|
|
% {region, "eu-west-1"}, |
|
|
|
% {account_id, "251423380551"}, |
|
|
|
% {region, "eu-west-1"}, |
|
|
|
% {sns_host, "sns.eu-west-1.amazonaws.com"}, |
|
|
|
% |
|
|
|
% %% Messages from this MUC host will be sent to the SNS topic |
|
|
|
% {muc_host, "muc.@HOST@"}, |
|
|
|
% |
|
|
|
% %% Plugin module for defining custom message attributes and user identification |
|
|
|
% {plugin_module, mod_event_pusher_sns_defaults}, |
|
|
|
% |
|
|
|
% %% Topic name configurations. Removing a topic will disable this specific SNS notification |
|
|
|
% {presence_updates_topic, "user_presence_updated-dev-1"}, %% For presence updates |
|
|
|
% {pm_messages_topic, "user_message_sent-dev-1"}, %% For private chat messages |
|
|
|
% {muc_messages_topic, "user_messagegroup_sent-dev-1"} %% For group chat messages |
|
|
|
% |
|
|
|
% %% Pool options |
|
|
|
% {pool_size, 100}, %% Worker pool size for publishing notifications |
|
|
|
% {publish_retry_count, 2}, %% Retry count in case of publish error |
|
|
|
% {publish_retry_time_ms, 50} %% Base exponential backoff time (in ms) for publish errors |
|
|
|
% ]} |
|
|
|
% ]} |
|
|
|
|
|
|
|
]}. |
|
|
|
|
|
|
|
|
|
|
|
%% |
|
|
|
%% Enable modules with custom options in a specific virtual host |
|
|
|
%% |
|
|
|
%%{host_config, "localhost", |
|
|
|
%% [{ {add, modules}, |
|
|
|
%% [ |
|
|
|
%% {mod_some_module, []} |
|
|
|
%% ] |
|
|
|
%% } |
|
|
|
%% ]}. |
|
|
|
|
|
|
|
%%%. |
|
|
|
%%%' |
|
|
|
|
|
|
|
%%% $Id$ |
|
|
|
|
|
|
|
%%% Local Variables: |
|
|
|
%%% mode: erlang |
|
|
|
%%% End: |
|
|
|
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker: |
|
|
|
%%%. |