Updated ejabberd.cfg template based on latest CentOS config

2012-07-18 17:11:43 +03:00 · 2012-07-18 17:11:43 +03:00 · f6b182fa92
commit f6b182fa92
parent 7f50003a89
1 changed files with 179 additions and 170 deletions
--- a/ejabberd/templates/ejabberd.cfg.erb
+++ b/ejabberd/templates/ejabberd.cfg.erb
@ -1,11 +1,13 @@
 %%%
-%%%  ejabberd configuration file
+%%%               ejabberd configuration file
 %%%  This config must be in UTF-8 encoding
 %%%
 %%%'
 %%% The parameters used in this configuration file are explained in more detail
 %%% in the ejabberd Installation and Operation Guide.
-%%% Please consult the Guide in case of doubts, it is available at
+%%% Please consult the Guide in case of doubts, it is included with
-%%% /usr/share/doc/ejabberd/guide.html
+%%% your copy of ejabberd, and is also available online at
 %%% http://www.process-one.net/en/ejabberd/docs/
 %%% This configuration file contains Erlang terms.
 %%% In case you want to understand the syntax, here are the concepts:
@ -24,16 +26,21 @@
 %%%      [http_poll, web_admin, tls]
 %%%
 %%%  - A keyword of ejabberd is a word in lowercase.
-%%%    The strings are enclosed in "" and can have spaces, dots...
+%%%    Strings are enclosed in "" and can contain spaces, dots, ...
 %%%      {language, "en"}.
 %%%      {ldap_rootdn, "dc=example,dc=com"}.
 %%%
-%%%  - This term includes a tuple, a keyword, a list and two strings:
+%%%  - This term includes a tuple, a keyword, a list, and two strings:
 %%%      {hosts, ["jabber.example.net", "im.example.com"]}.
 %%%
-%%%   ===================================
+
-%%%   OVERRIDE OPTIONS STORED IN DATABASE
+%%%.   =======================
 %%%'   OVERRIDE STORED OPTIONS
 %%
 %% Override the old values stored in the database.
 %%
 %%
 %% Override global options (shared by all ejabberd nodes in a cluster).
@ -51,8 +58,8 @@ override_local.
 override_acls.
-%%%   =========
+%%%.   =========
-%%%   DEBUGGING
+%%%'   DEBUGGING
 %%
 %% loglevel: Verbosity of log files generated by ejabberd.
@ -66,15 +73,16 @@ override_acls.
 {loglevel, 4}.
 %%
-%% watchdog_admins: If an ejabberd process consumes too much memory,
+%% watchdog_admins: Only useful for developers: if an ejabberd process
-%% send live notifications to those Jabber accounts.
+%% consumes a lot of memory, send live notifications to these XMPP
 %% accounts.
 %%
 %%{watchdog_admins, ["bob@example.com"]}.
 {watchdog_admins, []}.
-%%%   ================
+%%%.   ================
-%%%   SERVED HOSTNAMES
+%%%'   SERVED HOSTNAMES
 %%
 %% hosts: Domains served by ejabberd.
@ -85,37 +93,45 @@ override_acls.
 {hosts, [<%= ejabberd_hosts.join(", ") %>]}.
 %%
-%% route_subdomains: Delegate subdomains to other Jabber server.
+%% route_subdomains: Delegate subdomains to other XMPP servers.
 %% For example, if this ejabberd serves example.org and you want
-%% to allow communication with a Jabber server called im.example.org.
+%% to allow communication with an XMPP server called im.example.org.
 %%
 %%{route_subdomains, s2s}.
-%%%   ===============
+%%%.   ===============
-%%%   LISTENING PORTS
+%%%'   LISTENING PORTS
 %%
-%% listen: Which ports will ejabberd listen, which service handles it
+%% listen: The ports ejabberd will listen on, which service each is handled
-%% and what options to start it with.
+%% by and what options to start it with.
 %%
 {listen,
 [
  {5222, ejabberd_c2s, [
 			%%
 			%% If TLS is compiled in and you installed a SSL
 			%% certificate, specify the full path to the
 			%% file and uncomment this line:
 			%%
 			{certfile, "/etc/ejabberd/ejabberd.pem"}, starttls_required,
 			{access, c2s},
-			%%{shaper, c2s_shaper},
+			{shaper, c2s_shaper},
-			{max_stanza_size, 655360},
+			{max_stanza_size, 655360}
 			starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}
 		       ]},
  %%
-  %% To enable the old SSL connection method (deprecated) in port 5223:
+  %% To enable the old SSL connection method on port 5223:
  %%
  {5223, ejabberd_c2s, [
  			{access, c2s},
-  			%%{shaper, c2s_shaper},
+  			{shaper, c2s_shaper},
-  			{max_stanza_size, 655360},
+  			{certfile, "/etc/ejabberd/ejabberd.pem"}, tls,
-  			tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
+  			{max_stanza_size, 655360}
  		       ]},
  {5269, ejabberd_s2s_in, [
@ -123,55 +139,22 @@ override_acls.
 			   {max_stanza_size, 1310720}
 			  ]},
-  %% External MUC jabber-muc
+  %%
-  %%{5554, ejabberd_service, [
+  %% ejabberd_service: Interact with external components (transports, ...)
-  %%			    {ip, {127, 0, 0, 1}},
+  %%
  %%{8888, ejabberd_service, [
  %%			    {access, all},
  %%			    {shaper_rule, fast},
-  %%			    {host, "muc.localhost", [{password, "secret"}]}
+  %%			    {ip, {127, 0, 0, 1}},
-  %%			    ]},
+  %%			    {hosts, ["icq.example.org", "sms.example.org"],
  %%			     [{password, "secret"}]
  %%			    }
  %%			   ]},
-  %% Jabber ICQ Transport
+  %%
-  %%{5555, ejabberd_service, [
+  %% ejabberd_stun: Handles STUN Binding requests
-  %%			    {ip, {127, 0, 0, 1}},
+  %%
-  %%			    {access, all},
+  %%{{3478, udp}, ejabberd_stun, []},
  %%			    {shaper_rule, fast},
  %%			    {hosts, ["icq.localhost", "sms.localhost"],
  %%				       [{password, "secret"}]}
  %%			    ]},
  %% AIM Transport
  %%{5556, ejabberd_service, [
  %%			    {ip, {127, 0, 0, 1}},
  %%			    {access, all},
  %%			    {shaper_rule, fast},
  %%			    {host, "aim.localhost", [{password, "secret"}]}
  %%			    ]},
  %% MSN Transport
  %%{5557, ejabberd_service, [
  %%			    {ip, {127, 0, 0, 1}},
  %%			    {access, all},
  %%			    {shaper_rule, fast},
  %%			    {host, "msn.localhost", [{password, "secret"}]}
  %%			    ]},
  %% Yahoo! Transport
  %%{5558, ejabberd_service, [
  %%			    {ip, {127, 0, 0, 1}},
  %%			    {access, all},
  %%			    {shaper_rule, fast},
  %%			    {host, "yahoo.localhost", [{password, "secret"}]}
  %%			    ]},
  %% External JUD (internal is more powerful,
  %% but doesn't allow to register users from other servers)
  %%{5559, ejabberd_service, [
  %%			    {ip, {127, 0, 0, 1}},
  %%			    {access, all},
  %%			    {shaper_rule, fast},
  %%			    {host, "jud.localhost", [{password, "secret"}]}
  %%			    ]},
  {5280, ejabberd_http, [
 			 %%{request_handlers,
@ -181,6 +164,7 @@ override_acls.
 			 %%captcha,
 			 http_bind,
 			 http_poll,
 			 %%register,
 			 web_admin
 			]}
@ -188,7 +172,7 @@ override_acls.
 %%
 %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
-%% Allowed values are: true or false.
+%% Allowed values are: false optional required required_trusted
 %% You must specify a certificate file.
 %%
 {s2s_use_starttls, required}.
@ -217,20 +201,6 @@ override_acls.
 %%{{s2s_host, "goodhost.org"}, allow}.
 %%{{s2s_host, "badhost.org"}, deny}.
 %%
 %% The maximum allowed delay for retry to connect
 %% after a failed connection attempt to a remote server, in seconds.
 %% The default value is 300 seconds (5 minutes). 
 %%
 %% The reconnection algorythm works like this: if connection fails,
 %% ejabberd makes an initial random delay between 1 and 15 seconds,
 %% then retries, and if this attempt fails, makes another delay,
 %% twice as long as previous. These attempts are performed either
 %% until a successful connection is made or until the next calculated
 %% delay is greated or equal than the value of s2s_max_retry_delay.
 %%
 %%{s2s_max_retry_delay, 300}.
 %%
 %% Outgoing S2S options
 %%
@ -240,8 +210,15 @@ override_acls.
 %%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
-%%%   ==============
+%%%.   ==============
-%%%   AUTHENTICATION
+%%%'   AUTHENTICATION
 <% if has_variable?("ejabberd_extauth") -%>
 {auth_method, external}.
 {extauth_program, "<%= ejabberd_extauth %>"}.
 <% else -%>
 {auth_method, internal}.
 <% end -%>
 %%
 %% auth_method: Method used to authenticate the users.
@ -249,12 +226,14 @@ override_acls.
 %% If you want to use a different method,
 %% comment this line and enable the correct ones.
 %%
-<% if has_variable?("ejabberd_extauth") -%>
+%%{auth_method, internal}.
-{auth_method, external}.
+%%
-{extauth_program, "<%= ejabberd_extauth %>"}.
+%% Store the plain passwords or hashed for SCRAM:
-<% else -%>
+%%{auth_password_format, plain}.
-{auth_method, internal}.
+%%{auth_password_format, scram}.
-<% end -%>
+%%
 %% Define the FQDN if ejabberd doesn't detect it:
 %%{fqdn, "server3.example.com"}.
 %%
 %% Authentication using external script
@ -283,18 +262,18 @@ override_acls.
 %% List of LDAP servers:
 %%{ldap_servers, ["localhost"]}.
 %%
-%% Encryption of connection to LDAP servers (LDAPS):
+%% Encryption of connection to LDAP servers:
 %%{ldap_encrypt, none}.
 %%{ldap_encrypt, tls}.
 %%
-%% Port connect to LDAP server:
+%% Port to connect to on LDAP servers:
 %%{ldap_port, 389}.
 %%{ldap_port, 636}.
 %%
 %% LDAP manager:
 %%{ldap_rootdn, "dc=example,dc=com"}.
 %%
-%% Password to LDAP manager:
+%% Password of LDAP manager:
 %%{ldap_password, "******"}.
 %%
 %% Search base of LDAP directory:
@ -321,21 +300,14 @@ override_acls.
 %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
-%%%   ==============
+%%%.   ==============
-%%%   DATABASE SETUP
+%%%'   DATABASE SETUP
-%% ejabberd uses by default the internal Mnesia database,
+%% ejabberd by default uses the internal Mnesia database,
-%% so you can avoid this section.
+%% so you do not necessarily need this section.
 %% This section provides configuration examples in case
 %% you want to use other database backends.
-%% Please consult the ejabberd Guide for details about database creation.
+%% Please consult the ejabberd Guide for details on database creation.
 %% NOTE that ejabberd in Debian supports "out of the box"
 %% only mnesia (default) and ODBC storage backends.
 %% Working with MySQL and PostgreSQL DB backends requires
 %% building and installation of the corresponding Erlang modules,
 %% not distributed as a part of ejabberd.
 %% Refer to /usr/share/doc/ejabberd/README.Debian for details.
 %%
 %% MySQL server:
@ -369,33 +341,41 @@ override_acls.
 %%{odbc_pool_size, 10}.
 %%
-%% Interval to make a dummy SQL request to keep alive the connections
+%% Interval to make a dummy SQL request to keep the connections to the
-%% to the database. Specify in seconds: for example 28800 means 8 hours
+%% database alive. Specify in seconds: for example 28800 means 8 hours
 %%
 %%{odbc_keepalive_interval, undefined}.
-%%%   ===============
+%%%.   ===============
-%%%   TRAFFIC SHAPERS
+%%%'   TRAFFIC SHAPERS
 %%
-%% The "normal" shaper limits traffic speed to 1.000 B/s
+%% The "normal" shaper limits traffic speed to 1000 B/s
 %%
 {shaper, normal, {maxrate, 1000}}.
 %%
-%% The "fast" shaper limits traffic speed to 50.000 B/s
+%% The "fast" shaper limits traffic speed to 50000 B/s
 %%
 {shaper, fast, {maxrate, 50000}}.
 %%
 %% This option specifies the maximum number of elements in the queue
 %% of the FSM. Refer to the documentation for details.
 %%
 {max_fsm_queue, 10000}.
-%%%   ====================
+
-%%%   ACCESS CONTROL LISTS
+%%%.   ====================
 %%%'   ACCESS CONTROL LISTS
 %%
-%% The 'admin' ACL grants administrative privileges to Jabber accounts.
+%% The 'admin' ACL grants administrative privileges to XMPP accounts.
-%% You can put as many accounts as you want.
+%% You can put here as many accounts as you want.
 %%
 %%{acl, admin, {user, "aleksey", "localhost"}}.
 %%{acl, admin, {user, "ermine", "example.org"}}.
 <% ejabberd_admin.each do |admin|
 user, host = admin.split("@") -%>
 {acl, admin, {user, "<%= user %>", "<%= host %>"}}.
@ -430,10 +410,10 @@ user, host = admin.split("@") -%>
 %%}.
-%%%   ============
+%%%.   ============
-%%%   ACCESS RULES
+%%%'   ACCESS RULES
-%% Define the maximum number of time a single user is allowed to connect:
+%% Maximum number of simultaneous sessions allowed for a single user:
 {access, max_user_sessions, [{100, all}]}.
 %% Maximum number of offline messages that users can have:
@ -446,46 +426,43 @@ user, host = admin.split("@") -%>
 {access, c2s, [{deny, blocked},
 	       {allow, all}]}.
-%% For all users except admins used "normal" shaper
+%% For C2S connections, all users except admins use the "normal" shaper
 %%{access, c2s_shaper, [{none, admin},
 %%		      {normal, all}]}.
 {access, c2s_shaper, [{none, all}]}.
-%% For all S2S connections used "fast" shaper
+%% All S2S connections use the "fast" shaper
 %%{access, s2s_shaper, [{fast, all}]}.
 {access, s2s_shaper, [{none, all}]}.
 %% Only admins can send announcement messages:
 {access, announce, [{allow, admin}]}.
-%% Only admins can use configuration interface:
+%% Only admins can use the configuration interface:
 {access, configure, [{allow, admin}]}.
-%% Admins of this server are also admins of MUC service:
+%% Admins of this server are also admins of the MUC service:
 {access, muc_admin, [{allow, admin}]}.
 %% Only accounts of the local ejabberd server can create rooms:
 {access, muc_create, [{allow, local}]}.
-%% All users are allowed to use MUC service:
+%% All users are allowed to use the MUC service:
 {access, muc, [{allow, all}]}.
 %% No username can be registered via in-band registration:
 %% To enable in-band registration, replace 'deny' with 'allow'
 % (note that if you remove mod_register from modules list then users will not
 % be able to change their password as well as register).
 % This setting is default because it's more safe.
 {access, register, [{deny, all}]}.
 %% By default frequency of account registrations from the same IP
 %% is limited to 1 account every 10 minutes. To disable put: infinity
 %%{registration_timeout, 600}.
 %% Only accounts on the local ejabberd server can create Pubsub nodes:
 {access, pubsub_createnode, [{allow, local}]}.
 %% In-band registration allows registration of any possible username.
 %% To disable in-band registration, replace 'allow' with 'deny'.
 {access, register, [{deny, all}]}.
 %% By default the frequency of account registrations from the same IP
 %% is limited to 1 account every 10 minutes. To disable, specify: infinity
 %%{registration_timeout, 600}.
 %%
-%% Define specific Access rules in a virtual host.
+%% Define specific Access Rules in a virtual host.
 %%
 %%{host_config, "localhost",
 %% [
@ -495,8 +472,8 @@ user, host = admin.split("@") -%>
 %%}.
-%%%   ================
+%%%.   ================
-%%%   DEFAULT LANGUAGE
+%%%'   DEFAULT LANGUAGE
 %%
 %% language: Default language used for server messages.
@ -511,27 +488,26 @@ user, host = admin.split("@") -%>
 %%}.
-%%%   =======
+%%%.   =======
-%%%   CAPTCHA
+%%%'   CAPTCHA
 %%
 %% Full path to a script that generates the image.
 %% Note that this script must be made executable
 %% for the user ejabberd:ejabberd.
 %%
-%%{captcha_cmd, "/usr/lib/ejabberd/priv/bin/captcha.sh"}.
+%%{captcha_cmd, "/usr/lib64/ejabberd/priv/bin/captcha.sh"}.
 %%
-%% Host part of the URL sent to the user.
+%% Host for the URL and port where ejabberd listens for CAPTCHA requests.
 %% The port specified must be configured as the "ejabberd_http"
 %% listener which must have the "captcha" directive included
 %% in its configuration (see the "LISTENING PORTS" section above).
 %%
-%%{captcha_host, "localhost:5280"}.
+%%{captcha_host, "example.org:5280"}.
 %%
 %% Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
 %%
 %%{captcha_limit, 5}.
-%%%   =======
+%%%.   =======
-%%%   MODULES
+%%%'   MODULES
 %%
 %% Modules enabled in all ejabberd virtual hosts.
@ -539,19 +515,16 @@ user, host = admin.split("@") -%>
 {modules,
 [
  {mod_adhoc,    []},
-  {mod_announce, [{access, announce}]}, % requires mod_adhoc
+  {mod_announce, [{access, announce}]}, % recommends mod_adhoc
  {mod_blocking,[]}, % requires mod_privacy
  {mod_caps,     []},
  {mod_configure,[]}, % requires mod_adhoc
  {mod_admin_extra, []},
  {mod_disco,    []},
  %%{mod_echo,   [{host, "echo.localhost"}]},
  {mod_http_bind, []},
  {mod_irc,      []},
-  %% NOTE that mod_http_fileserver must also be enabled in the
+  {mod_http_bind, []},
  %% "request_handlers" clause of the "ejabberd_http" listener
  %% configuration (see the "LISTENING PORTS" section above).
  %%{mod_http_fileserver, [
-  %%                       {docroot, "/var/www"}, 
+  %%                       {docroot, "/var/www"},
  %%                       {accesslog, "/var/log/ejabberd/access.log"}
  %%                      ]},
  {mod_last,     []},
@ -587,40 +560,73 @@ user, host = admin.split("@") -%>
 		  {file_format, <%= ejabberd_muclog_format %>},
 <% end -%>
 		  {cssfile, false},
-		  {top_link, {"/portal/", "Back to Portal"}}
+		  {top_link, {"/jabber-logs/", "Back to Logs"}}
 		 ]},
 <% end -%>
  {mod_offline,  [{access_max_user_messages, max_user_offline_messages}]},
  {mod_ping,     []},
  %%{mod_pres_counter,[{count, 5}, {interval, 60}]},
  {mod_privacy,  []},
  {mod_private,  []},
  %%{mod_proxy65,[]},
  {mod_proxy65,  [
 		  {access, local},
 		  {shaper, c2s_shaper}
 		 ]},
-  {mod_pubsub,   [ % requires mod_caps
+  {mod_pubsub,   [
 		  {access_createnode, pubsub_createnode},
 		  {ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
 		  %%{ignore_pep_from_offline, false},  % XEP compliant, but increases resource comsumption
 		  {last_item_cache, false},
 		  %%{plugins, ["default", "pep"]}
 		  {plugins, ["flat", "hometree", "pep"]}  % pep requires mod_caps
 		 ]},
  {mod_register, [
 		  %%
 		  %% Protect In-Band account registrations with CAPTCHA.
 		  %%
 		  %%{captcha_protected, true},
 		  %%
 		  %% Set the minimum informational entropy for passwords.
 		  %%
 		  %%{password_strength, 32},
 		  %%
 		  %% After successful registration, the user receives
 		  %% a message with this subject and body.
 		  %%
-		  {welcome_message, none},
+		  {welcome_message, {"Welcome!",
 				     "Hi.\nWelcome to this XMPP server."}},
 		  %%
 		  %% When a user registers, send a notification to
-		  %% these Jabber accounts.
+		  %% these XMPP accounts.
 		  %%
 		  %%{registration_watchers, ["admin1@example.org"]},
 		  %%
 		  %% Only clients in the server machine can register accounts
 		  %%
 		  {ip_access, [{allow, "127.0.0.0/8"},
 			       {deny, "0.0.0.0/0"}]},
 		  %%
 		  %% Local c2s or remote s2s users cannot register accounts
 		  %%
 		  %%{access_from, deny},
 		  {access, register}
 		 ]},
  %%{mod_register_web, [
 		  %%
 		  %% When a user registers, send a notification to
 		  %% these XMPP accounts.
 		  %%
 		  %%{registration_watchers, ["admin1@example.org"]}
  %%		 ]},
  {mod_roster,   []},
  %%{mod_service_log,[]},
-  %%{mod_shared_roster,[]},
+  {mod_shared_roster,[]},
  {mod_stats,    []},
  {mod_time,     []},
  {mod_vcard,    []},
@ -639,9 +645,12 @@ user, host = admin.split("@") -%>
 %% ]}.
-%%% $Id: ejabberd.cfg.example 2497 2009-08-17 20:27:28Z cromain $
+%%%.
 %%%'
 %%% $Id$
 %%% Local Variables:
 %%% mode: erlang
 %%% End:
-%%% vim: set filetype=erlang tabstop=8:
+%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker: