### ### ejabberd configuration file ### ### The parameters used in this configuration file are explained at ### ### https://docs.ejabberd.im/admin/configuration ### ### The configuration file is written in YAML. ### ******************************************************* ### ******* !!! WARNING !!! ******* ### ******* YAML IS INDENTATION SENSITIVE ******* ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* ### ******************************************************* ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. ### hosts: - yegunity.org loglevel: info ca_file: /opt/ejabberd/conf/certs/social.yegunity.org/fullchain1.pem #certfiles: # - /opt/ejabberd/conf/server.pem ## If you already have certificates, list them here certfiles: - /opt/ejabberd/conf/certs/yegunity.org/*.pem - /opt/ejabberd/conf/certs/social.yegunity.org/*.pem listen: - port: 5222 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5223 ip: "::" tls: true module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 - port: 5443 module: ejabberd_http request_handlers: "/ws": ejabberd_http_ws "": mod_http_fileserver - port: 5280 ip: "::" module: ejabberd_http request_handlers: /admin: ejabberd_web_admin /.well-known/acme-challenge: ejabberd_acme - port: 3478 ip: "::" transport: udp module: ejabberd_stun use_turn: true ## The server's public IPv4 address: turn_ipv4_address: "107.190.70.199" ## The server's public IPv6 address: # turn_ipv6_address: "2001:db8::3" - port: 1883 ip: "::" module: mod_mqtt backlog: 1000 - module: ejabberd_http port: 8443 tls: true # For ejabberd < 17.12 only # certfile: "/etc/ejabberd/certificate.pem" # dhfile: "/etc/ejabberd/dh-parameters.pem" # ciphers: "ECDH:DH:!MEDIUM:!3DES:!aNULL:!eNULL@STRENGTH" # protocol_options: # - "no_sslv3" # - "cipher_server_preference" # - "no_compression" request_handlers: "upload": mod_http_upload custom_headers: "Access-Control-Allow-Origin": "*" "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT" "Access-Control-Allow-Headers": "Authorization" "Access-Control-Allow-Credentials": "true" s2s_use_starttls: optional #acl: #admin: #- user: "admin@yegunity.org" # local: # user_regexp: "" # loopback: # ip: # - 127.0.0.0/8 # - ::1/128 acl: admin: user: admin@yegunity.org access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: all pubsub_createnode: allow: all trusted_network: allow: loopback api_permissions: "console commands": from: - ejabberd_ctl who: all what: "*" "admin access": who: access: allow: - acl: loopback - acl: admin oauth: scope: "ejabberd:admin" access: allow: - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - status - connected_users_number shaper: normal: rate: 3000 burst_size: 20000 fast: 100000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: {} mod_fail2ban: {} mod_http_api: {} mod_http_upload: name: "HTTP File Upload" access: local max_size: 104857600 # 100 MiB. file_mode: "0640" dir_mode: "2750" docroot: "/var/www/social.yegunity.org/movim/upload" put_url: "https://upload.yegunity.org:5443/upload" thumbnail: false mod_last: {} mod_mam: ## Mnesia is limited to 2GB, better to use an SQL backend ## For small servers SQLite is a good fit and is very easy ## to configure. Uncomment this when you have SQL configured: ## db_type: sql assume_mam_usage: true default: always mod_mqtt: {} mod_muc: access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: mam: true mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_proxy65: access: local max_connections: 5 mod_pubsub: access_createnode: local ignore_pep_from_offline: false last_item_cache: false max_items_node: 1000 default_node_config: max_items: 1000 plugins: - flat - pep force_node_config: ## Avoid buggy clients to make their bookmarks public storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: ## Only accept registration requests from the "trusted" ## network (see access_rules section above). ## Think twice before enabling registration from any ## address. See the Jabber SPAM Manifesto for details: ## https://github.com/ge0rg/jabber-spam-fighting-manifesto ip_access: all mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_stun_disco: {} mod_vcard: {} mod_vcard_xupdate: {} mod_version: show_os: false mod_http_fileserver: docroot: "/var/www/social.yegunity.org/movim/upload" accesslog: "/var/www/social.yegunity.org/movim/upload/access.log" directory_indices: - "index.html" custom_headers: "Access-Control-Allow-Origin": "https://social.yegunity.org" "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload" "Content-Security-Policy": "default-src 'self' social.yegunity.org; connect-src 'self' https://social.yegunity.org wss://social.yegunity.org https://upload.yegunity.org; img-src * 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; font-src 'self' data:; upgrade-insecure-requests; " "X-Frame-Options": "sameorigin" "X-Xss-Protection": "1; mode=block" "X-Content-Type-Options": "nosniff" "Referrer-Policy": "strict-origin" content_types: ".ogg": "audio/ogg" ".png": "image/png" ".jpg": "image/jpg" ".css": "text/css" ".js": "text/javascript" default_content_type: "text/html" # Staging environment #ca_url: # - "https://acme-staging-v02.api.letsencrypt.org/" #### Local Variables: ### mode: yaml ### End: ### vim: set filetype=yaml tabstop=8