1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
% Default FreeBSD ejabberd.cfg
%override_acls.
% Users that have admin access. Add line like one of the following after you
% will be successfully registered on server to get admin access:
%{acl, admin, {user, "aleksey"}}.
%{acl, admin, {user, "ermine"}}.
% Blocked users:
%{acl, blocked, {user, "test"}}.
% Local users:
{acl, local, {user_regexp, ""}}.
% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.
% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.
% None username can be registered via in-band registration:
%{access, register, [{deny, all}]}.
% After successful registration user will get message with following subject
% and body:
{welcome_message,
{"Welcome!",
"Welcome to FreeBSD Jabber Service. "
"For information about Jabber visit http://jabber.org"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.
% List of people who will get notifications about registered users
%{registration_watchers, ["admin1@localhost",
% "admin2@localhost"]}.
% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
% This rule allows access only for local users:
{access, local, [{allow, local}]}.
% Authentification method. If you want to use internal user base, then use
% this line:
{auth_method, internal}.
% For LDAP uthentification use these lines instead of above one:
%{auth_method, ldap}.
%{ldap_servers, ["localhost"]}. % List of LDAP servers
%{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
%{ldap_base, "dc=example,dc=com"}. % Base of LDAP directory
% For authentification via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentification/script"}.
% Host name: (replace for your hostname)
{host, "localhost"}.
% Default language for server messages
{language, "en"}.
% Listened ports:
{listen,
% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
starttls, {certfile, "/etc/ssl/certs/ejabberd.pem"},
{shaper, c2s_shaper}]},
% SSL-enabled client-2-server service
{5223, ejabberd_c2s, [{access, c2s},
tls, {certfile, "/etc/ssl/certs/ejabberd.pem"},
{shaper, c2s_shaper}]},
% Server-2-server service
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper}]},
% External MUC jabber-muc (but internal mod_muc is better :))
% {5554, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "muc.localhost", [{password, "secret"}]}]},
% Jabber ICQ Transport
% {5555, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {hosts, ["icq.localhost", "sms.localhost"], [{password, "secret"}]}]},
% AIM Transport
% {5556, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "aim.localhost", [{password, "secret"}]}]},
% MSN Transport
% {5557, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "msn.localhost", [{password, "secret"}]}]},
% Yahoo! Transport
% {5558, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "yahoo.localhost", [{password, "secret"}]}]},
% External JUD (internal is more powerful,
% but doesn't allow to register users from other servers)
% {5559, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "jud.localhost", [{password, "secret"}]}]},
% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
{5280, ejabberd_http, [http_poll, web_admin]}
]}.
% If SRV lookup fails, then port 5269 is used to communicate with remote server
{outgoing_s2s_port, 5269}.
% Used modules:
{modules,
[
{mod_announce, [{access, announce}]},
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_configure, []},
{mod_configure2, []},
{mod_disco, [{extra_domains, ["users.jabber.org"]}]},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, []},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
{mod_pubsub, []},
{mod_time, []},
{mod_last, []},
{mod_version, []}
]}.
|
