# -*- coding: utf-8; mode: python -*- info["owner"] = "ejabberd" info["group"] = "ejabberd" info["mode"] = 0640 include("secrets") comment_start = "%%%" header("Configuration du serveur xmpp du crans") @%%% @%%% Debian ejabberd configuration file @%%% This config must be in UTF-8 encoding @%%% @%%% The parameters used in this configuration file are explained in more detail @%%% in the ejabberd Installation and Operation Guide. @%%% Please consult the Guide in case of doubts, it is available at @%%% /usr/share/doc/ejabberd/guide.html @ @%%% =================================== @%%% OVERRIDE OPTIONS STORED IN DATABASE @ @%% @%% Override global options (shared by all ejabberd nodes in a cluster). @%% @%%override_global. @ @%% @%% Override local options (specific for this particular ejabberd node). @%% @%%override_local. @ @%% @%% Remove the Access Control Lists before new ones are added. @%% @%%override_acls. @ @ @%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @%% Options which are set by Debconf and managed by ucf @ @%% Admin user @{acl, admin, {user, "regala", "crans.org"}}. @{acl, admin, {user, "regala", "jabber.crans.org"}}. @{acl, admin, {user, "huber", "crans.org"}}. @{acl, admin, {user, "huber", "jabber.crans.org"}}. @{acl, admin, {user, "olasd", "crans.org"}}. @{acl, admin, {user, "nicolasd", "jabber.crans.org"}}. @{acl, admin, {user, "legallic", "crans.org"}}. @{acl, admin, {user, "legallic", "jabber.crans.org"}}. @ @ @ @ @%% Hostname @{hosts, ["xmpp.crans.org", "jabber.crans.org", "crans.org"]}. @ @%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @ @%%% This configuration file contains Erlang terms. @%%% In case you want to understand the syntax, here are the concepts: @%%% @%%% - The character to comment a line is % @%%% @%%% - Each term ends in a dot, for example: @%%% override_global. @%%% @%%% - A tuple has a fixed definition, its elements are @%%% enclosed in {}, and separated with commas: @%%% {loglevel, 4}. @%%% @%%% - A list can have as many elements as you want, @%%% and is enclosed in [], for example: @%%% [http_poll, web_admin, tls] @%%% @%%% - A keyword of ejabberd is a word in lowercase. @%%% The strings are enclosed in "" and can have spaces, dots... @%%% {language, "en"}. @%%% {ldap_rootdn, "dc=example,dc=com"}. @%%% @%%% - This term includes a tuple, a keyword, a list and two strings: @%%% {hosts, ["jabber.example.net", "im.example.com"]}. @%%% @ @ @%%% ========= @%%% DEBUGGING @ @%% @%% loglevel: Verbosity of log files generated by ejabberd. @%% 0: No ejabberd log at all (not recommended) @%% 1: Critical @%% 2: Error @%% 3: Warning @%% 4: Info @%% 5: Debug @%% @{loglevel, 3}. @ @%% @%% watchdog_admins: If an ejabberd process consumes too much memory, @%% send live notifications to those Jabber accounts. @%% @{watchdog_admins, ["huber@jabber.crans.org"]}. @ @ @%%% ================ @%%% SERVED HOSTNAMES @ @%% @%% hosts: Domains served by ejabberd. @%% You can define one or several, for example: @%% {hosts, ["example.net", "example.com", "example.org"]}. @%% @%% (This option is defined by debconf earlier) @%% {hosts, ["localhost"]}. @ @%% @%% route_subdomains: Delegate subdomains to other Jabber server. @%% For example, if this ejabberd serves example.org and you want @%% to allow communication with a Jabber server called im.example.org. @%% @%%{route_subdomains, s2s}. @ @ @%%% =============== @%%% LISTENING PORTS @ @%% @%% listen: Which ports will ejabberd listen, which service handles it @%% and what options to start it with. @%% @{listen, @ [ @ {5222, ejabberd_c2s, [ @ inet6, @ {access, c2s}, @ {shaper, c2s_shaper}, @ {max_stanza_size, 65536}, @ starttls_required, @ starttls, {certfile, "/etc/ejabberd/ssl/jabber.pem"} @ ]}, @ @ %% @ %% To enable the old SSL connection method (deprecated) in port 5223: @ %% @ {5223, ejabberd_c2s, [ @ inet6, @ {access, c2s}, @ {shaper, c2s_shaper}, @ {max_stanza_size, 65536}, @ tls, {certfile, "/etc/ejabberd/ssl/jabber.pem"} @ ]}, @ @ {5269, ejabberd_s2s_in, [ @ {shaper, s2s_shaper}, @ {max_stanza_size, 131072} @ ]}, @ @ %% External MUC jabber-muc (but internal mod_muc is better :)) @ %%{5554, ejabberd_service, [ @ %% {ip, {127, 0, 0, 1}}, @ %% {access, all}, @ %% {shaper_rule, fast}, @ %% {host, "muc.localhost", [{password, "secret"}]} @ %% ]}, @ @ %% Jabber ICQ Transport @% {5555, ejabberd_service, [ @% {ip, {127, 0, 0, 1}}, @% {access, all}, @% {shaper_rule, fast}, @% {hosts, ["icq.crans.org", "sms.crans.org"], @% [{password, "B2kOQ9Fd28"}]} @% ]}, @ @ %% AIM Transport @% {5556, ejabberd_service, [ @% {ip, {127, 0, 0, 1}}, @% {access, all}, @% {shaper_rule, fast}, @% {host, "aim.crans.org", [{password, "B2kOQ9Fd28"}]} @% ]}, @ @ %% MSN Transport @ {5560, ejabberd_service, [ @ {ip, {127, 0, 0, 1}}, @ {access, all}, @ {shaper_rule, fast}, @ {host, "msn2.crans.org", [{password, "ZJ4SXSIiSOUPU"}]} @ ]}, @ @ %% Yahoo! Transport @ {5558, ejabberd_service, [ @ {ip, {127, 0, 0, 1}}, @ {access, all}, @ {shaper_rule, fast}, @ {host, ["yahoo.crans.org", "chat.yahoo.crans.org"], @ [{password, "secretoupas"}]} @ ]}, @ @ %% External JUD (internal is more powerful, @ %% but doesn't allow to register users from other servers) @ %%{5559, ejabberd_service, [ @ %% {ip, {127, 0, 0, 1}}, @ %% {access, all}, @ %% {shaper_rule, fast}, @ %% {host, "jud.localhost", [{password, "secret"}]} @ %% ]}, @%% Pour le http_poll pas de tls @ {5280, ejabberd_http, [ @ http_poll]}, @ @%% un peu plus sécurisé @ {5282, ejabberd_http, [ @ web_admin, @ tls, {certfile, "/etc/ejabberd/ssl/jabber.pem"} @ ]} @ @ ]}. @ @%% @%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. @%% Allowed values are: true or false. @%% You must specify a certificate file. @%% @{s2s_use_starttls, true}. @ @%% @%% s2s_certfile: Specify a certificate file. @%% @{s2s_certfile, "/etc/ejabberd/ssl/jabber.pem"}. @ @%% @%% domain_certfile: Specify a different certificate for each served hostname. @%% @%%{domain_certfile, "example.org", "/path/to/example_org.pem"}. @%%{domain_certfile, "example.com", "/path/to/example_com.pem"}. @ @%% @%% S2S whitelist or blacklist @%% @%% Default s2s policy for undefined hosts. @%% @%%{s2s_default_policy, allow}. @ @%% @%% Allow or deny communication with specific servers. @%% @%%{{s2s_host, "goodhost.org"}, allow}. @%%{{s2s_host, "badhost.org"}, deny}. @ @ @%%% ============== @%%% AUTHENTICATION @ @%% @%% auth_method: Method used to authenticate the users. @%% The default method is the internal. @%% If you want to use a different method, @%% comment this line and enable the correct ones. @%% @%%{auth_method, internal}. @ @%% @%% Authentication using external script @%% Make sure the script is executable by ejabberd. @%% @%%{auth_method, external}. @%%{extauth_program, "/path/to/authentication/script"}. @ @%% @%% Authentication using ODBC @%% Remember to setup a database in the next section. @%% @%%{auth_method, odbc}. @ @%% @%% Authentication using PAM @%% @%%{auth_method, pam}. @%%{pam_service, "pamservicename"}. @ @%% @%% Authentication using LDAP @%% @{auth_method, ldap}. @%% @%% List of LDAP servers: @{ldap_servers, ["ldap.adm.crans.org"]}. @%% @%% Encryption of connection to LDAP servers (LDAPS): @%%{ldap_encrypt, tls}. @%% @%% Port connect to LDAP server: @%%{ldap_port, 636}. @%% @%% LDAP manager: out("""{ldap_rootdn, "%s"}.""" % (secrets.ldap_readonly_auth_dn,)) @%% @%% Password to LDAP manager: out("""{ldap_password, "%s"}.""" % (secrets.ldap_readonly_password,)) @%% @%% Search base of LDAP directory: @{ldap_base, "dc=crans,dc=org"}. @%% @%% LDAP attribute that holds user ID: @{ldap_uids, [{"uid", "%u"}, {"mailAlias","%u@crans.org"}]}. @%% @%% LDAP filter: @{ldap_filter, "(objectClass=cransAccount)"}. @ @%% @%% Anonymous login support: @%% auth_method: anonymous @%% anonymous_protocol: sasl_anon | login_anon | both @%% allow_multiple_connections: true | false @%% @%%{host_config, "public.example.org", [{auth_method, anonymous}, @%% {allow_multiple_connections, false}, @%% {anonymous_protocol, sasl_anon}]}. @%% @%% To use both anonymous and internal authentication: @%% @%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}. @{host_config, "crans.org", [{auth_method, ldap}]}. @{host_config, "jabber.crans.org", [{auth_method, internal}]}. @ @ @%%% ============== @%%% DATABASE SETUP @ @%% ejabberd uses by default the internal Mnesia database, @%% so you can avoid this section. @%% This section provides configuration examples in case @%% you want to use other database backends. @%% Please consult the ejabberd Guide for details about database creation. @ @%% @%% MySQL server: @%% @%%{odbc_server, {mysql, "server", "database", "username", "password"}}. @%% @%% If you want to specify the port: @%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}. @ @%% @%% PostgreSQL server: @%% @%%{odbc_server, {pgsql, "server", "database", "username", "password"}}. @%% @%% If you want to specify the port: @%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}. @%% @%% If you use PostgreSQL, have a large database, and need a @%% faster but inexact replacement for "select count(*) from users" @%% @%%{pgsql_users_number_estimate, true}. @ @%% @%% ODBC compatible or MSSQL server: @%% @%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}. @ @%% @%% Number of connections to open to the database for each virtual host @%% @%%{odbc_pool_size, 10}. @ @%% @%% Interval to make a dummy SQL request to keep alive the connections @%% to the database. Specify in seconds: for example 28800 means 8 hours @%% @%%{odbc_keepalive_interval, undefined}. @ @ @%%% =============== @%%% TRAFFIC SHAPERS @ @%% @%% The "normal" shaper limits traffic speed to 1.000 B/s @%% @{shaper, normal, {maxrate, 1000}}. @ @%% @%% The "fast" shaper limits traffic speed to 50.000 B/s @%% @{shaper, fast, {maxrate, 50000}}. @ @ @%%% ==================== @%%% ACCESS CONTROL LISTS @ @%% @%% The 'admin' ACL grants administrative privileges to Jabber accounts. @%% You can put as many accounts as you want. @%% @%%{acl, admin, {user, "aleksey", "localhost"}}. @%%{acl, admin, {user, "ermine", "example.org"}}. @ @%% @%% Blocked users @%% @%%{acl, blocked, {user, "baduser", "example.org"}}. @%%{acl, blocked, {user, "test"}}. @ @%% @%% Local users: don't modify this line. @%% @{acl, local, {user_regexp, ""}}. @ @%% @%% More examples of ACLs @%% @%%{acl, jabberorg, {server, "jabber.org"}}. @%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. @%%{acl, test, {user_regexp, "^test"}}. @%%{acl, test, {user_glob, "test*"}}. @ @ @%%% ============ @%%% ACCESS RULES @ @%% Define the maximum number of time a single user is allowed to connect: @{access, max_user_sessions, [{10, all}]}. @ @%% This rule allows access only for local users: @{access, local, [{allow, local}]}. @ @%% Only non-blocked users can use c2s connections: @{access, c2s, [{deny, blocked}, @ {allow, all}]}. @ @%% For all users except admins used "normal" shaper @{access, c2s_shaper, [{none, admin}, @ {normal, all}]}. @ @%% For all S2S connections used "fast" shaper @{access, s2s_shaper, [{fast, all}]}. @ @%% Only admins can send announcement messages: @{access, announce, [{allow, admin}]}. @ @%% Only admins can use configuration interface: @{access, configure, [{allow, admin}]}. @ @%% Admins of this server are also admins of MUC service: @{access, muc_admin, [{allow, admin}]}. @ @%% All users are allowed to use MUC service: @{access, muc, [{allow, all}]}. @ @%% No username can be registered via in-band registration: @%% To enable in-band registration, replace 'deny' with 'allow' @% (note that if you remove mod_register from modules list then users will not @% be able to change their password as well as register). @% This setting is default because it's more safe. @{access, register, [{deny, all}]}. @ @%% Everybody can create pubsub nodes @{access, pubsub_createnode, [{allow, all}]}. @ @ @%%% ================ @%%% DEFAULT LANGUAGE @ @%% @%% language: Default language used for server messages. @%% @{language, "en"}. @ @ @%%% ======= @%%% MODULES @ @%% @%% Modules enabled in all ejabberd virtual hosts. @%% @{modules, @ [ @ {mod_adhoc, []}, @ {mod_announce, [{access, announce}]}, % requires mod_adhoc @ {mod_caps, []}, @ {mod_configure,[]}, % requires mod_adhoc @%% Attention, n'existe plus avec ejabberd >= 2.1.x @%% Ceci est remplacé par mod_admin_extra @ {mod_admin_extra, []}, @ {mod_disco, [ @ {extra_domains, ["icq.crans.org", @ "msn2.crans.org" @ ]}]}, @ %%{mod_echo, [{host, "echo.localhost"}]}, @ % À mettre seulement sur un serveur @ {mod_irc, []}, @ {mod_last, []}, @ {mod_muc, [ @ %%{host, "conference.@HOST@"}, @ {access, muc}, @ {access_create, muc}, @ {access_persistent, muc}, @ {access_admin, muc_admin}, @ {max_users, 500} @ ]}, @ %%{mod_muc_log,[]}, @ {mod_offline, []}, @ {mod_privacy, []}, @ {mod_private, []}, @ % À mettre seulement sur un serveur @ {mod_proxy65, [ @ {access, local}, @ {shaper, c2s_shaper} @ ]}, @ {mod_pubsub, [ % requires mod_caps @ {access_createnode, pubsub_createnode}, @ {plugins, ["default", "pep"]} @ ]}, @ {mod_register, [ @ %% @ %% After successful registration, the user receives @ %% a message with this subject and body. @ %% @ {welcome_message, {"Welcome!", @ "Welcome to a Jabber service powered by Debian. " @ "For information about Jabber visit " @ "http://www.jabber.org"}}, @ %% Replace it with 'none' if you don't want to send such message: @ %%{welcome_message, none}, @ @ %% @ %% When a user registers, send a notification to @ %% these Jabber accounts. @ %% @ %%{registration_watchers, ["admin1@example.org"]}, @ @ {access, register} @ ]}, @ {mod_roster, []}, @ %%{mod_service_log,[]}, @ %%{mod_shared_roster,[]}, @ {mod_stats, []}, @ {mod_time, []}, @ {mod_vcard, []}, @ {mod_version, []} @ ]}. @ @ @%%% $Id: ejabberd.cfg.example 1178 2008-02-08 18:28:36Z badlop $ @ @%%% Local Variables: @%%% mode: erlang @%%% End: @%%% vim: set filetype=erlang tabstop=8: