tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated ejabberd.cfg template based on latest CentOS config

Browse source
This commit is contained in:
Ossi Salmi 2012-07-18 17:11:43 +03:00
parent 7f50003a89
commit f6b182fa92
1 changed files with 179 additions and 170 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

343
ejabberd/templates/ejabberd.cfg.erb
View file

@ -1,11 +1,13 @@
%%%
%%% ejabberd configuration file
%%% This config must be in UTF-8 encoding
%%%
%%%'
%%% The parameters used in this configuration file are explained in more detail
%%% in the ejabberd Installation and Operation Guide.
%%% Please consult the Guide in case of doubts, it is available at
%%% /usr/share/doc/ejabberd/guide.html
%%% Please consult the Guide in case of doubts, it is included with
%%% your copy of ejabberd, and is also available online at
%%% http://www.process-one.net/en/ejabberd/docs/
%%% This configuration file contains Erlang terms.
%%% In case you want to understand the syntax, here are the concepts:
@ -24,16 +26,21 @@
%%% [http_poll, web_admin, tls]
%%%
%%% - A keyword of ejabberd is a word in lowercase.
%%% The strings are enclosed in "" and can have spaces, dots...
%%% Strings are enclosed in "" and can contain spaces, dots, ...
%%% {language, "en"}.
%%% {ldap_rootdn, "dc=example,dc=com"}.
%%%
%%% - This term includes a tuple, a keyword, a list and two strings:
%%% - This term includes a tuple, a keyword, a list, and two strings:
%%% {hosts, ["jabber.example.net", "im.example.com"]}.
%%%
%%% ===================================
%%% OVERRIDE OPTIONS STORED IN DATABASE
%%%. =======================
%%%' OVERRIDE STORED OPTIONS
%%
%% Override the old values stored in the database.
%%
%%
%% Override global options (shared by all ejabberd nodes in a cluster).
@ -51,8 +58,8 @@ override_local.
override_acls.
%%% =========
%%% DEBUGGING
%%%. =========
%%%' DEBUGGING
%%
%% loglevel: Verbosity of log files generated by ejabberd.
@ -66,15 +73,16 @@ override_acls.
{loglevel, 4}.
%%
%% watchdog_admins: If an ejabberd process consumes too much memory,
%% send live notifications to those Jabber accounts.
%% watchdog_admins: Only useful for developers: if an ejabberd process
%% consumes a lot of memory, send live notifications to these XMPP
%% accounts.
%%
%%{watchdog_admins, ["bob@example.com"]}.
{watchdog_admins, []}.
%%% ================
%%% SERVED HOSTNAMES
%%%. ================
%%%' SERVED HOSTNAMES
%%
%% hosts: Domains served by ejabberd.
@ -85,37 +93,45 @@ override_acls.
{hosts, [<%= ejabberd_hosts.join(", ") %>]}.
%%
%% route_subdomains: Delegate subdomains to other Jabber server.
%% route_subdomains: Delegate subdomains to other XMPP servers.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with a Jabber server called im.example.org.
%% to allow communication with an XMPP server called im.example.org.
%%
%%{route_subdomains, s2s}.
%%% ===============
%%% LISTENING PORTS
%%%. ===============
%%%' LISTENING PORTS
%%
%% listen: Which ports will ejabberd listen, which service handles it
%% and what options to start it with.
%% listen: The ports ejabberd will listen on, which service each is handled
%% by and what options to start it with.
%%
{listen,
[
{5222, ejabberd_c2s, [
%%
%% If TLS is compiled in and you installed a SSL
%% certificate, specify the full path to the
%% file and uncomment this line:
%%
{certfile, "/etc/ejabberd/ejabberd.pem"}, starttls_required,
{access, c2s},
%%{shaper, c2s_shaper},
{max_stanza_size, 655360},
starttls_required, {certfile, "/etc/ejabberd/ejabberd.pem"}
{shaper, c2s_shaper},
{max_stanza_size, 655360}
]},
%%
%% To enable the old SSL connection method (deprecated) in port 5223:
%% To enable the old SSL connection method on port 5223:
%%
{5223, ejabberd_c2s, [
{access, c2s},
%%{shaper, c2s_shaper},
{max_stanza_size, 655360},
tls, {certfile, "/etc/ejabberd/ejabberd.pem"}
{shaper, c2s_shaper},
{certfile, "/etc/ejabberd/ejabberd.pem"}, tls,
{max_stanza_size, 655360}
]},
{5269, ejabberd_s2s_in, [
@ -123,55 +139,22 @@ override_acls.
{max_stanza_size, 1310720}
]},
%% External MUC jabber-muc
%%{5554, ejabberd_service, [
%% {ip, {127, 0, 0, 1}},
%%
%% ejabberd_service: Interact with external components (transports, ...)
%%
%%{8888, ejabberd_service, [
%% {access, all},
%% {shaper_rule, fast},
%% {host, "muc.localhost", [{password, "secret"}]}
%% {ip, {127, 0, 0, 1}},
%% {hosts, ["icq.example.org", "sms.example.org"],
%% [{password, "secret"}]
%% }
%% ]},
%% Jabber ICQ Transport
%%{5555, ejabberd_service, [
%% {ip, {127, 0, 0, 1}},
%% {access, all},
%% {shaper_rule, fast},
%% {hosts, ["icq.localhost", "sms.localhost"],
%% [{password, "secret"}]}
%% ]},
%% AIM Transport
%%{5556, ejabberd_service, [
%% {ip, {127, 0, 0, 1}},
%% {access, all},
%% {shaper_rule, fast},
%% {host, "aim.localhost", [{password, "secret"}]}
%% ]},
%% MSN Transport
%%{5557, ejabberd_service, [
%% {ip, {127, 0, 0, 1}},
%% {access, all},
%% {shaper_rule, fast},
%% {host, "msn.localhost", [{password, "secret"}]}
%% ]},
%% Yahoo! Transport
%%{5558, ejabberd_service, [
%% {ip, {127, 0, 0, 1}},
%% {access, all},
%% {shaper_rule, fast},
%% {host, "yahoo.localhost", [{password, "secret"}]}
%% ]},
%% External JUD (internal is more powerful,
%% but doesn't allow to register users from other servers)
%%{5559, ejabberd_service, [
%% {ip, {127, 0, 0, 1}},
%% {access, all},
%% {shaper_rule, fast},
%% {host, "jud.localhost", [{password, "secret"}]}
%% ]},
%%
%% ejabberd_stun: Handles STUN Binding requests
%%
%%{{3478, udp}, ejabberd_stun, []},
{5280, ejabberd_http, [
%%{request_handlers,
@ -181,6 +164,7 @@ override_acls.
%%captcha,
http_bind,
http_poll,
%%register,
web_admin
]}
@ -188,7 +172,7 @@ override_acls.
%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: true or false.
%% Allowed values are: false optional required required_trusted
%% You must specify a certificate file.
%%
{s2s_use_starttls, required}.
@ -217,20 +201,6 @@ override_acls.
%%{{s2s_host, "goodhost.org"}, allow}.
%%{{s2s_host, "badhost.org"}, deny}.
%%
%% The maximum allowed delay for retry to connect
%% after a failed connection attempt to a remote server, in seconds.
%% The default value is 300 seconds (5 minutes).
%%
%% The reconnection algorythm works like this: if connection fails,
%% ejabberd makes an initial random delay between 1 and 15 seconds,
%% then retries, and if this attempt fails, makes another delay,
%% twice as long as previous. These attempts are performed either
%% until a successful connection is made or until the next calculated
%% delay is greated or equal than the value of s2s_max_retry_delay.
%%
%%{s2s_max_retry_delay, 300}.
%%
%% Outgoing S2S options
%%
@ -240,8 +210,15 @@ override_acls.
%%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
%%% ==============
%%% AUTHENTICATION
%%%. ==============
%%%' AUTHENTICATION
<% if has_variable?("ejabberd_extauth") -%>
{auth_method, external}.
{extauth_program, "<%= ejabberd_extauth %>"}.
<% else -%>
{auth_method, internal}.
<% end -%>
%%
%% auth_method: Method used to authenticate the users.
@ -249,12 +226,14 @@ override_acls.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
<% if has_variable?("ejabberd_extauth") -%>
{auth_method, external}.
{extauth_program, "<%= ejabberd_extauth %>"}.
<% else -%>
{auth_method, internal}.
<% end -%>
%%{auth_method, internal}.
%%
%% Store the plain passwords or hashed for SCRAM:
%%{auth_password_format, plain}.
%%{auth_password_format, scram}.
%%
%% Define the FQDN if ejabberd doesn't detect it:
%%{fqdn, "server3.example.com"}.
%%
%% Authentication using external script
@ -283,18 +262,18 @@ override_acls.
%% List of LDAP servers:
%%{ldap_servers, ["localhost"]}.
%%
%% Encryption of connection to LDAP servers (LDAPS):
%% Encryption of connection to LDAP servers:
%%{ldap_encrypt, none}.
%%{ldap_encrypt, tls}.
%%
%% Port connect to LDAP server:
%% Port to connect to on LDAP servers:
%%{ldap_port, 389}.
%%{ldap_port, 636}.
%%
%% LDAP manager:
%%{ldap_rootdn, "dc=example,dc=com"}.
%%
%% Password to LDAP manager:
%% Password of LDAP manager:
%%{ldap_password, "******"}.
%%
%% Search base of LDAP directory:
@ -321,21 +300,14 @@ override_acls.
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
%%% ==============
%%% DATABASE SETUP
%%%. ==============
%%%' DATABASE SETUP
%% ejabberd uses by default the internal Mnesia database,
%% so you can avoid this section.
%% ejabberd by default uses the internal Mnesia database,
%% so you do not necessarily need this section.
%% This section provides configuration examples in case
%% you want to use other database backends.
%% Please consult the ejabberd Guide for details about database creation.
%% NOTE that ejabberd in Debian supports "out of the box"
%% only mnesia (default) and ODBC storage backends.
%% Working with MySQL and PostgreSQL DB backends requires
%% building and installation of the corresponding Erlang modules,
%% not distributed as a part of ejabberd.
%% Refer to /usr/share/doc/ejabberd/README.Debian for details.
%% Please consult the ejabberd Guide for details on database creation.
%%
%% MySQL server:
@ -369,33 +341,41 @@ override_acls.
%%{odbc_pool_size, 10}.
%%
%% Interval to make a dummy SQL request to keep alive the connections
%% to the database. Specify in seconds: for example 28800 means 8 hours
%% Interval to make a dummy SQL request to keep the connections to the
%% database alive. Specify in seconds: for example 28800 means 8 hours
%%
%%{odbc_keepalive_interval, undefined}.
%%% ===============
%%% TRAFFIC SHAPERS
%%%. ===============
%%%' TRAFFIC SHAPERS
%%
%% The "normal" shaper limits traffic speed to 1.000 B/s
%% The "normal" shaper limits traffic speed to 1000 B/s
%%
{shaper, normal, {maxrate, 1000}}.
%%
%% The "fast" shaper limits traffic speed to 50.000 B/s
%% The "fast" shaper limits traffic speed to 50000 B/s
%%
{shaper, fast, {maxrate, 50000}}.
%%
%% This option specifies the maximum number of elements in the queue
%% of the FSM. Refer to the documentation for details.
%%
{max_fsm_queue, 10000}.
%%% ====================
%%% ACCESS CONTROL LISTS
%%%. ====================
%%%' ACCESS CONTROL LISTS
%%
%% The 'admin' ACL grants administrative privileges to Jabber accounts.
%% You can put as many accounts as you want.
%% The 'admin' ACL grants administrative privileges to XMPP accounts.
%% You can put here as many accounts as you want.
%%
%%{acl, admin, {user, "aleksey", "localhost"}}.
%%{acl, admin, {user, "ermine", "example.org"}}.
<% ejabberd_admin.each do |admin|
user, host = admin.split("@") -%>
{acl, admin, {user, "<%= user %>", "<%= host %>"}}.
@ -430,10 +410,10 @@ user, host = admin.split("@") -%>
%%}.
%%% ============
%%% ACCESS RULES
%%%. ============
%%%' ACCESS RULES
%% Define the maximum number of time a single user is allowed to connect:
%% Maximum number of simultaneous sessions allowed for a single user:
{access, max_user_sessions, [{100, all}]}.
%% Maximum number of offline messages that users can have:
@ -446,46 +426,43 @@ user, host = admin.split("@") -%>
{access, c2s, [{deny, blocked},
{allow, all}]}.
%% For all users except admins used "normal" shaper
%% For C2S connections, all users except admins use the "normal" shaper
%%{access, c2s_shaper, [{none, admin},
%% {normal, all}]}.
{access, c2s_shaper, [{none, all}]}.
%% For all S2S connections used "fast" shaper
%% All S2S connections use the "fast" shaper
%%{access, s2s_shaper, [{fast, all}]}.
{access, s2s_shaper, [{none, all}]}.
%% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
%% Only admins can use configuration interface:
%% Only admins can use the configuration interface:
{access, configure, [{allow, admin}]}.
%% Admins of this server are also admins of MUC service:
%% Admins of this server are also admins of the MUC service:
{access, muc_admin, [{allow, admin}]}.
%% Only accounts of the local ejabberd server can create rooms:
{access, muc_create, [{allow, local}]}.
%% All users are allowed to use MUC service:
%% All users are allowed to use the MUC service:
{access, muc, [{allow, all}]}.
%% No username can be registered via in-band registration:
%% To enable in-band registration, replace 'deny' with 'allow'
% (note that if you remove mod_register from modules list then users will not
% be able to change their password as well as register).
% This setting is default because it's more safe.
{access, register, [{deny, all}]}.
%% By default frequency of account registrations from the same IP
%% is limited to 1 account every 10 minutes. To disable put: infinity
%%{registration_timeout, 600}.
%% Only accounts on the local ejabberd server can create Pubsub nodes:
{access, pubsub_createnode, [{allow, local}]}.
%% In-band registration allows registration of any possible username.
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{deny, all}]}.
%% By default the frequency of account registrations from the same IP
%% is limited to 1 account every 10 minutes. To disable, specify: infinity
%%{registration_timeout, 600}.
%%
%% Define specific Access rules in a virtual host.
%% Define specific Access Rules in a virtual host.
%%
%%{host_config, "localhost",
%% [
@ -495,8 +472,8 @@ user, host = admin.split("@") -%>
%%}.
%%% ================
%%% DEFAULT LANGUAGE
%%%. ================
%%%' DEFAULT LANGUAGE
%%
%% language: Default language used for server messages.
@ -511,27 +488,26 @@ user, host = admin.split("@") -%>
%%}.
%%% =======
%%% CAPTCHA
%%%. =======
%%%' CAPTCHA
%%
%% Full path to a script that generates the image.
%% Note that this script must be made executable
%% for the user ejabberd:ejabberd.
%%
%%{captcha_cmd, "/usr/lib/ejabberd/priv/bin/captcha.sh"}.
%%{captcha_cmd, "/usr/lib64/ejabberd/priv/bin/captcha.sh"}.
%%
%% Host part of the URL sent to the user.
%% The port specified must be configured as the "ejabberd_http"
%% listener which must have the "captcha" directive included
%% in its configuration (see the "LISTENING PORTS" section above).
%% Host for the URL and port where ejabberd listens for CAPTCHA requests.
%%
%%{captcha_host, "localhost:5280"}.
%%{captcha_host, "example.org:5280"}.
%%
%% Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
%%
%%{captcha_limit, 5}.
%%% =======
%%% MODULES
%%%. =======
%%%' MODULES
%%
%% Modules enabled in all ejabberd virtual hosts.
@ -539,17 +515,14 @@ user, host = admin.split("@") -%>
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_announce, [{access, announce}]}, % recommends mod_adhoc
{mod_blocking,[]}, % requires mod_privacy
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_admin_extra, []},
{mod_disco, []},
%%{mod_echo, [{host, "echo.localhost"}]},
{mod_http_bind, []},
{mod_irc, []},
%% NOTE that mod_http_fileserver must also be enabled in the
%% "request_handlers" clause of the "ejabberd_http" listener
%% configuration (see the "LISTENING PORTS" section above).
{mod_http_bind, []},
%%{mod_http_fileserver, [
%% {docroot, "/var/www"},
%% {accesslog, "/var/log/ejabberd/access.log"}
@ -587,40 +560,73 @@ user, host = admin.split("@") -%>
{file_format, <%= ejabberd_muclog_format %>},
<% end -%>
{cssfile, false},
{top_link, {"/portal/", "Back to Portal"}}
{top_link, {"/jabber-logs/", "Back to Logs"}}
]},
<% end -%>
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
{mod_ping, []},
%%{mod_pres_counter,[{count, 5}, {interval, 60}]},
{mod_privacy, []},
{mod_private, []},
%%{mod_proxy65,[]},
{mod_proxy65, [
{access, local},
{shaper, c2s_shaper}
]},
{mod_pubsub, [ % requires mod_caps
{mod_pubsub, [
{access_createnode, pubsub_createnode},
{ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
%%{ignore_pep_from_offline, false}, % XEP compliant, but increases resource comsumption
{last_item_cache, false},
%%{plugins, ["default", "pep"]}
{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
]},
{mod_register, [
%%
%% Protect In-Band account registrations with CAPTCHA.
%%
%%{captcha_protected, true},
%%
%% Set the minimum informational entropy for passwords.
%%
%%{password_strength, 32},
%%
%% After successful registration, the user receives
%% a message with this subject and body.
%%
{welcome_message, none},
{welcome_message, {"Welcome!",
"Hi.\nWelcome to this XMPP server."}},
%%
%% When a user registers, send a notification to
%% these Jabber accounts.
%% these XMPP accounts.
%%
%%{registration_watchers, ["admin1@example.org"]},
%%
%% Only clients in the server machine can register accounts
%%
{ip_access, [{allow, "127.0.0.0/8"},
{deny, "0.0.0.0/0"}]},
%%
%% Local c2s or remote s2s users cannot register accounts
%%
%%{access_from, deny},
{access, register}
]},
%%{mod_register_web, [
%%
%% When a user registers, send a notification to
%% these XMPP accounts.
%%
%%{registration_watchers, ["admin1@example.org"]}
%% ]},
{mod_roster, []},
%%{mod_service_log,[]},
%%{mod_shared_roster,[]},
{mod_shared_roster,[]},
{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
@ -639,9 +645,12 @@ user, host = admin.split("@") -%>
%% ]}.
%%% $Id: ejabberd.cfg.example 2497 2009-08-17 20:27:28Z cromain $
%%%.
%%%'
%%% $Id$
%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8:
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker: