mirror of
https://git.pleroma.social/sjw/pleroma.git
synced 2024-12-23 19:55:03 +01:00
Merge branch 'doc/mongoose-im-config' into 'develop'
Sample Mongoose IM config See merge request pleroma/pleroma!1226
This commit is contained in:
commit
f8d4c02431
932
installation/pleroma-mongooseim.cfg
Executable file
932
installation/pleroma-mongooseim.cfg
Executable file
@ -0,0 +1,932 @@
|
||||
%%%
|
||||
%%% ejabberd configuration file
|
||||
%%%
|
||||
%%%'
|
||||
|
||||
%%% The parameters used in this configuration file are explained in more detail
|
||||
%%% in the ejabberd Installation and Operation Guide.
|
||||
%%% Please consult the Guide in case of doubts, it is included with
|
||||
%%% your copy of ejabberd, and is also available online at
|
||||
%%% http://www.process-one.net/en/ejabberd/docs/
|
||||
|
||||
%%% This configuration file contains Erlang terms.
|
||||
%%% In case you want to understand the syntax, here are the concepts:
|
||||
%%%
|
||||
%%% - The character to comment a line is %
|
||||
%%%
|
||||
%%% - Each term ends in a dot, for example:
|
||||
%%% override_global.
|
||||
%%%
|
||||
%%% - A tuple has a fixed definition, its elements are
|
||||
%%% enclosed in {}, and separated with commas:
|
||||
%%% {loglevel, 4}.
|
||||
%%%
|
||||
%%% - A list can have as many elements as you want,
|
||||
%%% and is enclosed in [], for example:
|
||||
%%% [http_poll, web_admin, tls]
|
||||
%%%
|
||||
%%% Pay attention that list elements are delimited with commas,
|
||||
%%% but no comma is allowed after the last list element. This will
|
||||
%%% give a syntax error unlike in more lenient languages (e.g. Python).
|
||||
%%%
|
||||
%%% - A keyword of ejabberd is a word in lowercase.
|
||||
%%% Strings are enclosed in "" and can contain spaces, dots, ...
|
||||
%%% {language, "en"}.
|
||||
%%% {ldap_rootdn, "dc=example,dc=com"}.
|
||||
%%%
|
||||
%%% - This term includes a tuple, a keyword, a list, and two strings:
|
||||
%%% {hosts, ["jabber.example.net", "im.example.com"]}.
|
||||
%%%
|
||||
%%% - This config is preprocessed during release generation by a tool which
|
||||
%%% interprets double curly braces as substitution markers, so avoid this
|
||||
%%% syntax in this file (though it's valid Erlang).
|
||||
%%%
|
||||
%%% So this is OK (though arguably looks quite ugly):
|
||||
%%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
|
||||
%%%
|
||||
%%% And I can't give an example of what's not OK exactly because
|
||||
%%% of this rule.
|
||||
%%%
|
||||
|
||||
|
||||
%%%. =======================
|
||||
%%%' OVERRIDE STORED OPTIONS
|
||||
|
||||
%%
|
||||
%% Override the old values stored in the database.
|
||||
%%
|
||||
|
||||
%%
|
||||
%% Override global options (shared by all ejabberd nodes in a cluster).
|
||||
%%
|
||||
%%override_global.
|
||||
|
||||
%%
|
||||
%% Override local options (specific for this particular ejabberd node).
|
||||
%%
|
||||
%%override_local.
|
||||
|
||||
%%
|
||||
%% Remove the Access Control Lists before new ones are added.
|
||||
%%
|
||||
%%override_acls.
|
||||
|
||||
|
||||
%%%. =========
|
||||
%%%' DEBUGGING
|
||||
|
||||
%%
|
||||
%% loglevel: Verbosity of log files generated by ejabberd.
|
||||
%% 0: No ejabberd log at all (not recommended)
|
||||
%% 1: Critical
|
||||
%% 2: Error
|
||||
%% 3: Warning
|
||||
%% 4: Info
|
||||
%% 5: Debug
|
||||
%%
|
||||
{loglevel, 3}.
|
||||
|
||||
%%%. ================
|
||||
%%%' SERVED HOSTNAMES
|
||||
|
||||
%%
|
||||
%% hosts: Domains served by ejabberd.
|
||||
%% You can define one or several, for example:
|
||||
%% {hosts, ["example.net", "example.com", "example.org"]}.
|
||||
%%
|
||||
{hosts, ["pleroma.soykaf.com"] }.
|
||||
|
||||
%%
|
||||
%% route_subdomains: Delegate subdomains to other XMPP servers.
|
||||
%% For example, if this ejabberd serves example.org and you want
|
||||
%% to allow communication with an XMPP server called im.example.org.
|
||||
%%
|
||||
%%{route_subdomains, s2s}.
|
||||
|
||||
|
||||
%%%. ===============
|
||||
%%%' LISTENING PORTS
|
||||
|
||||
%%
|
||||
%% listen: The ports ejabberd will listen on, which service each is handled
|
||||
%% by and what options to start it with.
|
||||
%%
|
||||
{listen,
|
||||
[
|
||||
%% BOSH and WS endpoints over HTTP
|
||||
{ 5280, ejabberd_cowboy, [
|
||||
{num_acceptors, 10},
|
||||
{transport_options, [{max_connections, 1024}]},
|
||||
{modules, [
|
||||
|
||||
{"_", "/http-bind", mod_bosh},
|
||||
{"_", "/ws-xmpp", mod_websockets, [{ejabberd_service, [
|
||||
{access, all},
|
||||
{shaper_rule, fast},
|
||||
{ip, {127, 0, 0, 1}},
|
||||
{password, "secret"}]}
|
||||
%% Uncomment to enable connection dropping or/and server-side pings
|
||||
%{timeout, 600000}, {ping_rate, 2000}
|
||||
]}
|
||||
%% Uncomment to serve static files
|
||||
%{"_", "/static/[...]", cowboy_static,
|
||||
% {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
|
||||
%},
|
||||
|
||||
%% Example usage of mod_revproxy
|
||||
|
||||
%% {"_", "/[...]", mod_revproxy, [{timeout, 5000},
|
||||
%% % time limit for upstream to respond
|
||||
%% {body_length, 8000000},
|
||||
%% % maximum body size (may be infinity)
|
||||
%% {custom_headers, [{<<"header">>,<<"value">>}]}
|
||||
%% % list of extra headers that are send to upstream
|
||||
%% ]}
|
||||
|
||||
%% Example usage of mod_cowboy
|
||||
|
||||
%% {"_", "/[...]", mod_cowboy, [{http, mod_revproxy,
|
||||
%% [{timeout, 5000},
|
||||
%% % time limit for upstream to respond
|
||||
%% {body_length, 8000000},
|
||||
%% % maximum body size (may be infinity)
|
||||
%% {custom_headers, [{<<"header">>,<<"value">>}]}
|
||||
%% % list of extra headers that are send to upstream
|
||||
%% ]},
|
||||
%% {ws, xmpp, mod_websockets}
|
||||
%% ]}
|
||||
]}
|
||||
]},
|
||||
|
||||
%% BOSH and WS endpoints over HTTPS
|
||||
{ 5285, ejabberd_cowboy, [
|
||||
{num_acceptors, 10},
|
||||
{transport_options, [{max_connections, 1024}]},
|
||||
{ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]},
|
||||
{modules, [
|
||||
{"_", "/http-bind", mod_bosh},
|
||||
{"_", "/ws-xmpp", mod_websockets, [
|
||||
%% Uncomment to enable connection dropping or/and server-side pings
|
||||
%{timeout, 600000}, {ping_rate, 60000}
|
||||
]}
|
||||
%% Uncomment to serve static files
|
||||
%{"_", "/static/[...]", cowboy_static,
|
||||
% {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
|
||||
%},
|
||||
]}
|
||||
]},
|
||||
|
||||
%% MongooseIM HTTP API it's important to start it on localhost
|
||||
%% or some private interface only (not accessible from the outside)
|
||||
%% At least start it on different port which will be hidden behind firewall
|
||||
|
||||
{ {8088, "127.0.0.1"} , ejabberd_cowboy, [
|
||||
{num_acceptors, 10},
|
||||
{transport_options, [{max_connections, 1024}]},
|
||||
{modules, [
|
||||
{"localhost", "/api", mongoose_api_admin, []}
|
||||
]}
|
||||
]},
|
||||
|
||||
{ 8089 , ejabberd_cowboy, [
|
||||
{num_acceptors, 10},
|
||||
{transport_options, [{max_connections, 1024}]},
|
||||
{protocol_options, [{compress, true}]},
|
||||
{ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]},
|
||||
{modules, [
|
||||
{"_", "/api/sse", lasse_handler, [mongoose_client_api_sse]},
|
||||
{"_", "/api/messages/[:with]", mongoose_client_api_messages, []},
|
||||
{"_", "/api/contacts/[:jid]", mongoose_client_api_contacts, []},
|
||||
{"_", "/api/rooms/[:id]", mongoose_client_api_rooms, []},
|
||||
{"_", "/api/rooms/[:id]/config", mongoose_client_api_rooms_config, []},
|
||||
{"_", "/api/rooms/:id/users/[:user]", mongoose_client_api_rooms_users, []},
|
||||
{"_", "/api/rooms/[:id]/messages", mongoose_client_api_rooms_messages, []}
|
||||
]}
|
||||
]},
|
||||
|
||||
%% Following HTTP API is deprected, the new one abouve should be used instead
|
||||
|
||||
{ {5288, "127.0.0.1"} , ejabberd_cowboy, [
|
||||
{num_acceptors, 10},
|
||||
{transport_options, [{max_connections, 1024}]},
|
||||
{modules, [
|
||||
{"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics,
|
||||
mongoose_api_users]}]}
|
||||
]}
|
||||
]},
|
||||
|
||||
{ 5222, ejabberd_c2s, [
|
||||
|
||||
%%
|
||||
%% If TLS is compiled in and you installed a SSL
|
||||
%% certificate, specify the full path to the
|
||||
%% file and uncomment this line:
|
||||
%%
|
||||
{certfile, "priv/ssl/both.pem"}, starttls,
|
||||
|
||||
%%{zlib, 10000},
|
||||
%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
|
||||
%% {ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"},
|
||||
{access, c2s},
|
||||
{shaper, c2s_shaper},
|
||||
{max_stanza_size, 65536},
|
||||
{protocol_options, ["no_sslv3"]}
|
||||
|
||||
]},
|
||||
|
||||
|
||||
|
||||
%%
|
||||
%% To enable the old SSL connection method on port 5223:
|
||||
%%
|
||||
%%{5223, ejabberd_c2s, [
|
||||
%% {access, c2s},
|
||||
%% {shaper, c2s_shaper},
|
||||
%% {certfile, "/path/to/ssl.pem"}, tls,
|
||||
%% {max_stanza_size, 65536}
|
||||
%% ]},
|
||||
|
||||
{ 5269, ejabberd_s2s_in, [
|
||||
{shaper, s2s_shaper},
|
||||
{max_stanza_size, 131072},
|
||||
{protocol_options, ["no_sslv3"]}
|
||||
|
||||
]}
|
||||
|
||||
%%
|
||||
%% ejabberd_service: Interact with external components (transports, ...)
|
||||
%%
|
||||
,{8888, ejabberd_service, [
|
||||
{access, all},
|
||||
{shaper_rule, fast},
|
||||
{ip, {127, 0, 0, 1}},
|
||||
{password, "secret"}
|
||||
]}
|
||||
|
||||
%%
|
||||
%% ejabberd_stun: Handles STUN Binding requests
|
||||
%%
|
||||
%%{ {3478, udp}, ejabberd_stun, []}
|
||||
|
||||
]}.
|
||||
|
||||
%%
|
||||
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
|
||||
%% Allowed values are: false optional required required_trusted
|
||||
%% You must specify a certificate file.
|
||||
%%
|
||||
{s2s_use_starttls, optional}.
|
||||
%%
|
||||
%% s2s_certfile: Specify a certificate file.
|
||||
%%
|
||||
{s2s_certfile, "priv/ssl/both.pem"}.
|
||||
|
||||
%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
|
||||
%% {s2s_ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"}.
|
||||
|
||||
%%
|
||||
%% domain_certfile: Specify a different certificate for each served hostname.
|
||||
%%
|
||||
%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
|
||||
%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
|
||||
|
||||
%%
|
||||
%% S2S whitelist or blacklist
|
||||
%%
|
||||
%% Default s2s policy for undefined hosts.
|
||||
%%
|
||||
{s2s_default_policy, deny }.
|
||||
|
||||
%%
|
||||
%% Allow or deny communication with specific servers.
|
||||
%%
|
||||
%%{ {s2s_host, "goodhost.org"}, allow}.
|
||||
%%{ {s2s_host, "badhost.org"}, deny}.
|
||||
|
||||
{outgoing_s2s_port, 5269 }.
|
||||
|
||||
%%
|
||||
%% IP addresses predefined for specific hosts to skip DNS lookups.
|
||||
%% Ports defined here take precedence over outgoing_s2s_port.
|
||||
%% Examples:
|
||||
%%
|
||||
%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
|
||||
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
|
||||
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
|
||||
|
||||
%%
|
||||
%% Outgoing S2S options
|
||||
%%
|
||||
%% Preferred address families (which to try first) and connect timeout
|
||||
%% in milliseconds.
|
||||
%%
|
||||
%%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
|
||||
%%
|
||||
%%%. ==============
|
||||
%%%' SESSION BACKEND
|
||||
|
||||
%%{sm_backend, {mnesia, []}}.
|
||||
|
||||
%% Requires {redis, global, default, ..., ...} outgoing pool
|
||||
%%{sm_backend, {redis, []}}.
|
||||
|
||||
{sm_backend, {mnesia, []} }.
|
||||
|
||||
|
||||
%%%. ==============
|
||||
%%%' AUTHENTICATION
|
||||
|
||||
%% Advertised SASL mechanisms
|
||||
{sasl_mechanisms, [cyrsasl_plain]}.
|
||||
|
||||
%%
|
||||
%% auth_method: Method used to authenticate the users.
|
||||
%% The default method is the internal.
|
||||
%% If you want to use a different method,
|
||||
%% comment this line and enable the correct ones.
|
||||
%%
|
||||
%% {auth_method, internal }.
|
||||
{auth_method, http }.
|
||||
{auth_opts, [
|
||||
{http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]},
|
||||
{password_format, plain} % default
|
||||
%% {password_format, scram}
|
||||
|
||||
%% {scram_iterations, 4096} % default
|
||||
|
||||
%%
|
||||
%% For auth_http:
|
||||
%% {basic_auth, "user:password"}
|
||||
%% {path_prefix, "/"} % default
|
||||
%% auth_http requires {http, Host | global, auth, ..., ...} outgoing pool.
|
||||
%%
|
||||
%% For auth_external
|
||||
%%{extauth_program, "/path/to/authentication/script"}.
|
||||
%%
|
||||
%% For auth_jwt
|
||||
%% {jwt_secret_source, "/path/to/file"},
|
||||
%% {jwt_algorithm, "RS256"},
|
||||
%% {jwt_username_key, user}
|
||||
%% For cyrsasl_external
|
||||
%% {authenticate_with_cn, false}
|
||||
{cyrsasl_external, standard}
|
||||
]}.
|
||||
|
||||
%%
|
||||
%% Authentication using external script
|
||||
%% Make sure the script is executable by ejabberd.
|
||||
%%
|
||||
%%{auth_method, external}.
|
||||
|
||||
%%
|
||||
%% Authentication using RDBMS
|
||||
%% Remember to setup a database in the next section.
|
||||
%%
|
||||
%%{auth_method, rdbms}.
|
||||
|
||||
%%
|
||||
%% Authentication using LDAP
|
||||
%%
|
||||
%%{auth_method, ldap}.
|
||||
%%
|
||||
|
||||
%% List of LDAP servers:
|
||||
%%{ldap_servers, ["localhost"]}.
|
||||
%%
|
||||
%% Encryption of connection to LDAP servers:
|
||||
%%{ldap_encrypt, none}.
|
||||
%%{ldap_encrypt, tls}.
|
||||
%%
|
||||
%% Port to connect to on LDAP servers:
|
||||
%%{ldap_port, 389}.
|
||||
%%{ldap_port, 636}.
|
||||
%%
|
||||
%% LDAP manager:
|
||||
%%{ldap_rootdn, "dc=example,dc=com"}.
|
||||
%%
|
||||
%% Password of LDAP manager:
|
||||
%%{ldap_password, "******"}.
|
||||
%%
|
||||
%% Search base of LDAP directory:
|
||||
%%{ldap_base, "dc=example,dc=com"}.
|
||||
%%
|
||||
%% LDAP attribute that holds user ID:
|
||||
%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
|
||||
%%
|
||||
%% LDAP filter:
|
||||
%%{ldap_filter, "(objectClass=shadowAccount)"}.
|
||||
|
||||
%%
|
||||
%% Anonymous login support:
|
||||
%% auth_method: anonymous
|
||||
%% anonymous_protocol: sasl_anon | login_anon | both
|
||||
%% allow_multiple_connections: true | false
|
||||
%%
|
||||
%%{host_config, "public.example.org", [{auth_method, anonymous},
|
||||
%% {allow_multiple_connections, false},
|
||||
%% {anonymous_protocol, sasl_anon}]}.
|
||||
%%
|
||||
%% To use both anonymous and internal authentication:
|
||||
%%
|
||||
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
|
||||
|
||||
|
||||
%%%. ==============
|
||||
%%%' OUTGOING CONNECTIONS (e.g. DB)
|
||||
|
||||
%% Here you may configure all outgoing connections used by MongooseIM,
|
||||
%% e.g. to RDBMS (such as MySQL), Riak or external HTTP components.
|
||||
%% Default MongooseIM configuration uses only Mnesia (non-Mnesia extensions are disabled),
|
||||
%% so no options here are uncommented out of the box.
|
||||
%% This section includes configuration examples; for comprehensive guide
|
||||
%% please consult MongooseIM documentation, page "Outgoing connections":
|
||||
%% - doc/advanced-configuration/outgoing-connections.md
|
||||
%% - https://mongooseim.readthedocs.io/en/latest/advanced-configuration/outgoing-connections/
|
||||
|
||||
|
||||
{outgoing_pools, [
|
||||
% {riak, global, default, [{workers, 5}], [{address, "127.0.0.1"}, {port, 8087}]},
|
||||
% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
|
||||
{http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]}
|
||||
% {cassandra, global, default, [{workers, 100}], [{servers, [{"server1", 9042}]}, {keyspace, "big_mongooseim"}]},
|
||||
% {rdbms, global, default, [{workers, 10}], [{server, {mysql, "server", 3306, "database", "username", "password"}}]}
|
||||
]}.
|
||||
|
||||
%% More examples that may be added to outgoing_pools list:
|
||||
%%
|
||||
%% == MySQL ==
|
||||
%% {rdbms, global, default, [{workers, 10}],
|
||||
%% [{server, {mysql, "server", 3306, "database", "username", "password"}},
|
||||
%% {keepalive_interval, 10}]},
|
||||
%% keepalive_interval is optional
|
||||
|
||||
%% == PostgreSQL ==
|
||||
%% {rdbms, global, default, [{workers, 10}],
|
||||
%% [{server, {pgsql, "server", 5432, "database", "username", "password"}}]},
|
||||
|
||||
%% == ODBC (MSSQL) ==
|
||||
%% {rdbms, global, default, [{workers, 10}],
|
||||
%% [{server, "DSN=mongooseim;UID=mongooseim;PWD=mongooseim"}]},
|
||||
|
||||
%% == Elastic Search ==
|
||||
%% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
|
||||
|
||||
%% == Riak ==
|
||||
%% {riak, global, default, [{workers, 20}], [{address, "127.0.0.1"}, {port, 8087}]},
|
||||
|
||||
%% == HTTP ==
|
||||
%% {http, global, conn1, [{workers, 50}], [{server, "http://server:8080"}]},
|
||||
|
||||
%% == Cassandra ==
|
||||
%% {cassandra, global, default, [{workers, 100}],
|
||||
%% [
|
||||
%% {servers, [
|
||||
%% {"cassandra_server1.example.com", 9042},
|
||||
%% {"cassandra_server2.example.com", 9042},
|
||||
%% {"cassandra_server3.example.com", 9042},
|
||||
%% {"cassandra_server4.example.com", 9042}
|
||||
%% ]},
|
||||
%% {keyspace, "big_mongooseim"}
|
||||
%% ]}
|
||||
|
||||
%% == Extra options ==
|
||||
%%
|
||||
%% If you use PostgreSQL, have a large database, and need a
|
||||
%% faster but inexact replacement for "select count(*) from users"
|
||||
%%
|
||||
%%{pgsql_users_number_estimate, true}.
|
||||
%%
|
||||
%% rdbms_server_type specifies what database is used over the RDBMS layer
|
||||
%% Can take values mssql, pgsql, mysql
|
||||
%% In some cases (for example for MAM with pgsql) it is required to set proper value.
|
||||
%%
|
||||
%% {rdbms_server_type, pgsql}.
|
||||
|
||||
%%%. ===============
|
||||
%%%' TRAFFIC SHAPERS
|
||||
|
||||
%%
|
||||
%% The "normal" shaper limits traffic speed to 1000 B/s
|
||||
%%
|
||||
{shaper, normal, {maxrate, 1000}}.
|
||||
|
||||
%%
|
||||
%% The "fast" shaper limits traffic speed to 50000 B/s
|
||||
%%
|
||||
{shaper, fast, {maxrate, 50000}}.
|
||||
|
||||
%%
|
||||
%% This option specifies the maximum number of elements in the queue
|
||||
%% of the FSM. Refer to the documentation for details.
|
||||
%%
|
||||
{max_fsm_queue, 1000}.
|
||||
|
||||
%%%. ====================
|
||||
%%%' ACCESS CONTROL LISTS
|
||||
|
||||
%%
|
||||
%% The 'admin' ACL grants administrative privileges to XMPP accounts.
|
||||
%% You can put here as many accounts as you want.
|
||||
%%
|
||||
%{acl, admin, {user, "alice", "localhost"}}.
|
||||
%{acl, admin, {user, "a", "localhost"}}.
|
||||
|
||||
%%
|
||||
%% Blocked users
|
||||
%%
|
||||
%%{acl, blocked, {user, "baduser", "example.org"}}.
|
||||
%%{acl, blocked, {user, "test"}}.
|
||||
|
||||
%%
|
||||
%% Local users: don't modify this line.
|
||||
%%
|
||||
{acl, local, {user_regexp, ""}}.
|
||||
|
||||
%%
|
||||
%% More examples of ACLs
|
||||
%%
|
||||
%%{acl, jabberorg, {server, "jabber.org"}}.
|
||||
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
|
||||
%%{acl, test, {user_regexp, "^test"}}.
|
||||
%%{acl, test, {user_glob, "test*"}}.
|
||||
|
||||
%%
|
||||
%% Define specific ACLs in a virtual host.
|
||||
%%
|
||||
%%{host_config, "localhost",
|
||||
%% [
|
||||
%% {acl, admin, {user, "bob-local", "localhost"}}
|
||||
%% ]
|
||||
%%}.
|
||||
|
||||
%%%. ============
|
||||
%%%' ACCESS RULES
|
||||
|
||||
%% Maximum number of simultaneous sessions allowed for a single user:
|
||||
{access, max_user_sessions, [{10, all}]}.
|
||||
|
||||
%% Maximum number of offline messages that users can have:
|
||||
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
|
||||
|
||||
%% This rule allows access only for local users:
|
||||
{access, local, [{allow, local}]}.
|
||||
|
||||
%% Only non-blocked users can use c2s connections:
|
||||
{access, c2s, [{deny, blocked},
|
||||
{allow, all}]}.
|
||||
|
||||
%% For C2S connections, all users except admins use the "normal" shaper
|
||||
{access, c2s_shaper, [{none, admin},
|
||||
{normal, all}]}.
|
||||
|
||||
%% All S2S connections use the "fast" shaper
|
||||
{access, s2s_shaper, [{fast, all}]}.
|
||||
|
||||
%% Admins of this server are also admins of the MUC service:
|
||||
{access, muc_admin, [{allow, admin}]}.
|
||||
|
||||
%% Only accounts of the local ejabberd server can create rooms:
|
||||
{access, muc_create, [{allow, local}]}.
|
||||
|
||||
%% All users are allowed to use the MUC service:
|
||||
{access, muc, [{allow, all}]}.
|
||||
|
||||
%% In-band registration allows registration of any possible username.
|
||||
%% To disable in-band registration, replace 'allow' with 'deny'.
|
||||
{access, register, [{allow, all}]}.
|
||||
|
||||
%% By default the frequency of account registrations from the same IP
|
||||
%% is limited to 1 account every 10 minutes. To disable, specify: infinity
|
||||
{registration_timeout, infinity}.
|
||||
|
||||
%% Default settings for MAM.
|
||||
%% To set non-standard value, replace 'default' with 'allow' or 'deny'.
|
||||
%% Only user can access his/her archive by default.
|
||||
%% An online user can read room's archive by default.
|
||||
%% Only an owner can change settings and purge messages by default.
|
||||
%% Empty list (i.e. `[]`) means `[{deny, all}]`.
|
||||
{access, mam_set_prefs, [{default, all}]}.
|
||||
{access, mam_get_prefs, [{default, all}]}.
|
||||
{access, mam_lookup_messages, [{default, all}]}.
|
||||
{access, mam_purge_single_message, [{default, all}]}.
|
||||
{access, mam_purge_multiple_messages, [{default, all}]}.
|
||||
|
||||
%% 1 command of the specified type per second.
|
||||
{shaper, mam_shaper, {maxrate, 1}}.
|
||||
%% This shaper is primeraly for Mnesia overload protection during stress testing.
|
||||
%% The limit is 1000 operations of each type per second.
|
||||
{shaper, mam_global_shaper, {maxrate, 1000}}.
|
||||
|
||||
{access, mam_set_prefs_shaper, [{mam_shaper, all}]}.
|
||||
{access, mam_get_prefs_shaper, [{mam_shaper, all}]}.
|
||||
{access, mam_lookup_messages_shaper, [{mam_shaper, all}]}.
|
||||
{access, mam_purge_single_message_shaper, [{mam_shaper, all}]}.
|
||||
{access, mam_purge_multiple_messages_shaper, [{mam_shaper, all}]}.
|
||||
|
||||
{access, mam_set_prefs_global_shaper, [{mam_global_shaper, all}]}.
|
||||
{access, mam_get_prefs_global_shaper, [{mam_global_shaper, all}]}.
|
||||
{access, mam_lookup_messages_global_shaper, [{mam_global_shaper, all}]}.
|
||||
{access, mam_purge_single_message_global_shaper, [{mam_global_shaper, all}]}.
|
||||
{access, mam_purge_multiple_messages_global_shaper, [{mam_global_shaper, all}]}.
|
||||
|
||||
%%
|
||||
%% Define specific Access Rules in a virtual host.
|
||||
%%
|
||||
%%{host_config, "localhost",
|
||||
%% [
|
||||
%% {access, c2s, [{allow, admin}, {deny, all}]},
|
||||
%% {access, register, [{deny, all}]}
|
||||
%% ]
|
||||
%%}.
|
||||
|
||||
%%%. ================
|
||||
%%%' DEFAULT LANGUAGE
|
||||
|
||||
%%
|
||||
%% language: Default language used for server messages.
|
||||
%%
|
||||
{language, "en"}.
|
||||
|
||||
%%
|
||||
%% Set a different default language in a virtual host.
|
||||
%%
|
||||
%%{host_config, "localhost",
|
||||
%% [{language, "ru"}]
|
||||
%%}.
|
||||
|
||||
%%%. ================
|
||||
%%%' MISCELLANEOUS
|
||||
|
||||
{all_metrics_are_global, false }.
|
||||
|
||||
%%%. ========
|
||||
%%%' SERVICES
|
||||
|
||||
%% Unlike modules, services are started per node and provide either features which are not
|
||||
%% related to any particular host, or backend stuff which is used by modules.
|
||||
%% This is handled by `mongoose_service` module.
|
||||
|
||||
{services,
|
||||
[
|
||||
{service_admin_extra, [{submods, [node, accounts, sessions, vcard,
|
||||
roster, last, private, stanza, stats]}]}
|
||||
]
|
||||
}.
|
||||
|
||||
%%%. =======
|
||||
%%%' MODULES
|
||||
|
||||
%%
|
||||
%% Modules enabled in all mongooseim virtual hosts.
|
||||
%% For list of possible modules options, check documentation.
|
||||
%%
|
||||
{modules,
|
||||
[
|
||||
|
||||
%% The format for a single route is as follows:
|
||||
%% {Host, Path, Method, Upstream}
|
||||
%%
|
||||
%% "_" can be used as wildcard for Host, Path and Method
|
||||
%% Upstream can be either host (just http(s)://host:port) or uri
|
||||
%% The difference is that host upstreams append whole path while
|
||||
%% uri upstreams append only remainder that follows the matched Path
|
||||
%% (this behaviour is similar to nginx's proxy_pass rules)
|
||||
%%
|
||||
%% Bindings can be used to match certain parts of host or path.
|
||||
%% They will be later overlaid with parts of the upstream uri.
|
||||
%%
|
||||
%% {mod_revproxy,
|
||||
%% [{routes, [{"www.erlang-solutions.com", "/admin", "_",
|
||||
%% "https://www.erlang-solutions.com/"},
|
||||
%% {":var.com", "/:var", "_", "http://localhost:8080/"},
|
||||
%% {":domain.com", "/", "_", "http://localhost:8080/:domain"}]
|
||||
%% }]},
|
||||
|
||||
% {mod_http_upload, [
|
||||
%% Set max file size in bytes. Defaults to 10 MB.
|
||||
%% Disabled if value is `undefined`.
|
||||
% {max_file_size, 1024},
|
||||
%% Use S3 storage backend
|
||||
% {backend, s3},
|
||||
%% Set options for S3 backend
|
||||
% {s3, [
|
||||
% {bucket_url, "http://s3-eu-west-1.amazonaws.com/konbucket2"},
|
||||
% {region, "eu-west-1"},
|
||||
% {access_key_id, "AKIAIAOAONIULXQGMOUA"},
|
||||
% {secret_access_key, "dGhlcmUgYXJlIG5vIGVhc3RlciBlZ2dzIGhlcmVf"}
|
||||
% ]}
|
||||
% ]},
|
||||
|
||||
{mod_adhoc, []},
|
||||
|
||||
{mod_disco, [{users_can_see_hidden_services, false}]},
|
||||
{mod_commands, []},
|
||||
{mod_muc_commands, []},
|
||||
{mod_muc_light_commands, []},
|
||||
{mod_last, []},
|
||||
{mod_stream_management, [
|
||||
% default 100
|
||||
% size of a buffer of unacked messages
|
||||
% {buffer_max, 100}
|
||||
|
||||
% default 1 - server sends the ack request after each stanza
|
||||
% {ack_freq, 1}
|
||||
|
||||
% default: 600 seconds
|
||||
% {resume_timeout, 600}
|
||||
]},
|
||||
%% {mod_muc_light, [{host, "muclight.@HOST@"}]},
|
||||
%% {mod_muc, [{host, "muc.@HOST@"},
|
||||
%% {access, muc},
|
||||
%% {access_create, muc_create}
|
||||
%% ]},
|
||||
%% {mod_muc_log, [
|
||||
%% {outdir, "/tmp/muclogs"},
|
||||
%% {access_log, muc}
|
||||
%% ]},
|
||||
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
|
||||
{mod_privacy, []},
|
||||
{mod_blocking, []},
|
||||
{mod_private, []},
|
||||
% {mod_private, [{backend, mnesia}]},
|
||||
% {mod_private, [{backend, rdbms}]},
|
||||
% {mod_register, [
|
||||
% %%
|
||||
% %% Set the minimum informational entropy for passwords.
|
||||
% %%
|
||||
% %%{password_strength, 32},
|
||||
%
|
||||
% %%
|
||||
% %% After successful registration, the user receives
|
||||
% %% a message with this subject and body.
|
||||
% %%
|
||||
% {welcome_message, {""}},
|
||||
%
|
||||
% %%
|
||||
% %% When a user registers, send a notification to
|
||||
% %% these XMPP accounts.
|
||||
% %%
|
||||
%
|
||||
%
|
||||
% %%
|
||||
% %% Only clients in the server machine can register accounts
|
||||
% %%
|
||||
% {ip_access, [{allow, "127.0.0.0/8"},
|
||||
% {deny, "0.0.0.0/0"}]},
|
||||
%
|
||||
% %%
|
||||
% %% Local c2s or remote s2s users cannot register accounts
|
||||
% %%
|
||||
% %%{access_from, deny},
|
||||
%
|
||||
% {access, register}
|
||||
% ]},
|
||||
{mod_roster, []},
|
||||
{mod_sic, []},
|
||||
{mod_vcard, [%{matches, 1},
|
||||
%{search, true},
|
||||
%{ldap_search_operator, 'or'}, %% either 'or' or 'and'
|
||||
%{ldap_binary_search_fields, [<<"PHOTO">>]},
|
||||
%% list of binary search fields (as in vcard after mapping)
|
||||
{host, "vjud.@HOST@"}
|
||||
]},
|
||||
{mod_bosh, []},
|
||||
{mod_carboncopy, []}
|
||||
|
||||
%%
|
||||
%% Message Archive Management (MAM, XEP-0313) for registered users and
|
||||
%% Multi-User chats (MUCs).
|
||||
%%
|
||||
|
||||
% {mod_mam_meta, [
|
||||
%% Use RDBMS backend (default)
|
||||
% {backend, rdbms},
|
||||
|
||||
%% Do not store user preferences (default)
|
||||
% {user_prefs_store, false},
|
||||
%% Store user preferences in RDBMS
|
||||
% {user_prefs_store, rdbms},
|
||||
%% Store user preferences in Mnesia (recommended).
|
||||
%% The preferences store will be called each time, as a message is routed.
|
||||
%% That is why Mnesia is better suited for this job.
|
||||
% {user_prefs_store, mnesia},
|
||||
|
||||
%% Enables a pool of asynchronous writers. (default)
|
||||
%% Messages will be grouped together based on archive id.
|
||||
% {async_writer, true},
|
||||
|
||||
%% Cache information about users (default)
|
||||
% {cache_users, true},
|
||||
|
||||
%% Enable archivization for private messages (default)
|
||||
% {pm, [
|
||||
%% Top-level options can be overriden here if needed, for example:
|
||||
% {async_writer, false}
|
||||
% ]},
|
||||
|
||||
%%
|
||||
%% Message Archive Management (MAM) for multi-user chats (MUC).
|
||||
%% Enable XEP-0313 for "muc.@HOST@".
|
||||
%%
|
||||
% {muc, [
|
||||
% {host, "muc.@HOST@"}
|
||||
%% As with pm, top-level options can be overriden for MUC archive
|
||||
% ]},
|
||||
%
|
||||
%% Do not use a <stanza-id/> element (by default stanzaid is used)
|
||||
% no_stanzaid_element,
|
||||
% ]},
|
||||
|
||||
|
||||
%%
|
||||
%% MAM configuration examples
|
||||
%%
|
||||
|
||||
%% Only MUC, no user-defined preferences, good performance.
|
||||
% {mod_mam_meta, [
|
||||
% {backend, rdbms},
|
||||
% {pm, false},
|
||||
% {muc, [
|
||||
% {host, "muc.@HOST@"}
|
||||
% ]}
|
||||
% ]},
|
||||
|
||||
%% Only archives for c2c messages, good performance.
|
||||
% {mod_mam_meta, [
|
||||
% {backend, rdbms},
|
||||
% {pm, [
|
||||
% {user_prefs_store, mnesia}
|
||||
% ]}
|
||||
% ]},
|
||||
|
||||
%% Basic configuration for c2c messages, bad performance, easy to debug.
|
||||
% {mod_mam_meta, [
|
||||
% {backend, rdbms},
|
||||
% {async_writer, false},
|
||||
% {cache_users, false}
|
||||
% ]},
|
||||
|
||||
%% Cassandra archive for c2c and MUC conversations.
|
||||
%% No custom settings supported (always archive).
|
||||
% {mod_mam_meta, [
|
||||
% {backend, cassandra},
|
||||
% {user_prefs_store, cassandra},
|
||||
% {muc, [{host, "muc.@HOST@"}]}
|
||||
% ]}
|
||||
|
||||
% {mod_event_pusher, [
|
||||
% {backends, [
|
||||
% %%
|
||||
% %% Configuration for Amazon SNS notifications.
|
||||
% %%
|
||||
% {sns, [
|
||||
% %% AWS credentials, region and host configuration
|
||||
% {access_key_id, "AKIAJAZYHOIPY6A2PESA"},
|
||||
% {secret_access_key, "c3RvcCBsb29raW5nIGZvciBlYXN0ZXIgZWdncyxr"},
|
||||
% {region, "eu-west-1"},
|
||||
% {account_id, "251423380551"},
|
||||
% {region, "eu-west-1"},
|
||||
% {sns_host, "sns.eu-west-1.amazonaws.com"},
|
||||
%
|
||||
% %% Messages from this MUC host will be sent to the SNS topic
|
||||
% {muc_host, "muc.@HOST@"},
|
||||
%
|
||||
% %% Plugin module for defining custom message attributes and user identification
|
||||
% {plugin_module, mod_event_pusher_sns_defaults},
|
||||
%
|
||||
% %% Topic name configurations. Removing a topic will disable this specific SNS notification
|
||||
% {presence_updates_topic, "user_presence_updated-dev-1"}, %% For presence updates
|
||||
% {pm_messages_topic, "user_message_sent-dev-1"}, %% For private chat messages
|
||||
% {muc_messages_topic, "user_messagegroup_sent-dev-1"} %% For group chat messages
|
||||
%
|
||||
% %% Pool options
|
||||
% {pool_size, 100}, %% Worker pool size for publishing notifications
|
||||
% {publish_retry_count, 2}, %% Retry count in case of publish error
|
||||
% {publish_retry_time_ms, 50} %% Base exponential backoff time (in ms) for publish errors
|
||||
% ]}
|
||||
% ]}
|
||||
|
||||
]}.
|
||||
|
||||
|
||||
%%
|
||||
%% Enable modules with custom options in a specific virtual host
|
||||
%%
|
||||
%%{host_config, "localhost",
|
||||
%% [{ {add, modules},
|
||||
%% [
|
||||
%% {mod_some_module, []}
|
||||
%% ]
|
||||
%% }
|
||||
%% ]}.
|
||||
|
||||
%%%.
|
||||
%%%'
|
||||
|
||||
%%% $Id$
|
||||
|
||||
%%% Local Variables:
|
||||
%%% mode: erlang
|
||||
%%% End:
|
||||
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
|
||||
%%%.
|
Loading…
Reference in New Issue
Block a user