diff options
| author | Badlop <badlop@process-one.net> | 2008-03-21 16:17:37 +0000 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2008-03-21 16:17:37 +0000 |
| commit | efec28ada7c798986b8b5e9fe4bf7f4327f5c77b (patch) | |
| tree | c91cccc65f33d08502c89a0119055009c6e898a1 /doc/guide.html | |
| parent | Pubsub subscription is now wrapped in pubsub tags (EJAB-580) (diff) | |
* doc/guide.tex: Document s2s_default_policy and
s2s_host (EJAB-575)
* doc/guide.html: Likewise
SVN Revision: 1246
Diffstat (limited to 'doc/guide.html')
| -rw-r--r-- | doc/guide.html | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/guide.html b/doc/guide.html index 5acec86be..8a26e710d 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -709,6 +709,13 @@ use STARTTLS for s2s connections. file containing a SSL certificate. </DD><DT CLASS="dt-description"><B><TT>{domain_certfile, Domain, Path}</TT></B></DT><DD CLASS="dd-description"> Full path to the file containing the SSL certificate for a specific domain. +</DD><DT CLASS="dt-description"><B><TT>{s2s_default_policy, allow|deny}</TT></B></DT><DD CLASS="dd-description"> +The default policy for incoming and outgoing s2s connections to other Jabber servers. +The default value is <TT>allow</TT>. +</DD><DT CLASS="dt-description"><B><TT>{{s2s_host, Host}, allow|deny}</TT></B></DT><DD CLASS="dd-description"> +Defines if incoming and outgoing s2s connections with a specific remote host are allowed or denied. +This allows to restrict ejabberd to only stablish s2s connections +with a small list of trusted servers, or to block some specific servers. </DD></DL><P>For example, the following simple configuration defines: </P><UL CLASS="itemize"><LI CLASS="li-itemize"> There are three domains. The default certificate file is <TT>server.pem</TT>. @@ -757,6 +764,8 @@ c2s connections are listened for on port 5222 and 5223 (SSL) and denied for the user called ‘<TT>bad</TT>’. </LI><LI CLASS="li-itemize">s2s connections are listened for on port 5269 with STARTTLS for secured traffic enabled. +Incoming and outgoing connections of remote Jabber servers are denied, +only two servers can connect: "jabber.example.org" and "example.com". </LI><LI CLASS="li-itemize">Port 5280 is serving the Web Admin and the HTTP Polling service. Note that it is also possible to serve them on different ports. The second example in section <A HREF="#webinterface">??</A> shows how exactly this can be done. @@ -815,6 +824,9 @@ connected to port 5237 with password ‘<TT>ggsecret</TT>’. }. {s2s_use_starttls, true}. {s2s_certfile, "/path/to/ssl.pem"}. + {s2s_default_policy, deny}. + {{s2s_host,"jabber.example.org"}, allow}. + {{s2s_host,"example.com"}, allow}. </PRE><P>Note, that for jabberd 1.4- or WPJabber-based services you have to make the transports log and do XDB by themselves: </P><PRE CLASS="verbatim"> <!-- |