ShariX_Open
/
sharix-open-config


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307
							###
###              ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
###       https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### *******           !!! WARNING !!!               *******
### *******     YAML IS INDENTATION SENSITIVE       *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
###

hosts:
  - "REPLACE_HOST_SERVICE"
  - "10.0.2.10"
  - localhost

host_config:
  REPLACE_HOST_SERVICE:
    auth_method: [ldap]
    ldap_servers: ["ldap.sharix.ru"]
    ldap_port: 389
    ldap_rootdn: "cn=admin,dc=ldap,dc=sharix,dc=ru"
    ldap_password: "secret"
    ldap_filter: "(|(objectClass=handlerAccount)(objectClass=sharixAccount))"
    ldap_encrypt: none
    ldap_base: "dc=ldap,dc=sharix,dc=ru"

certfiles:
  - /etc/ejabberd/ssl/fullchain.pem
  - /etc/ejabberd/ssl/privkey.pem

loglevel: info

listen:
  -
    port: 5222
    ip: "::"
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    starttls_required: true
  -
    port: 5223
    ip: "::"
    tls: true
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    starttls_required: true
  -
    port: 5269
    ip: "::"
    module: ejabberd_s2s_in
    max_stanza_size: 524288
  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    tls: true
    request_handlers:
      /admin: ejabberd_web_admin
      /api: mod_http_api
      /bosh: mod_bosh
      /captcha: ejabberd_captcha
      /upload: mod_http_upload
      /ws: ejabberd_http_ws
      /pub/content: mod_http_fileserver
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      /bosh: mod_bosh
      /admin: ejabberd_web_admin
      /api: mod_http_api
      /upload: mod_http_upload
      /ws: ejabberd_http_ws
      /pub/content: mod_http_fileserver
      /.well-known/acme-challenge: ejabberd_acme
  -
    port: 3478
    ip: "::"
    transport: udp
    module: ejabberd_stun
    use_turn: true
    ## The server's public IPv4 address:
    # turn_ipv4_address: "203.0.113.3"
    ## The server's public IPv6 address:
    # turn_ipv6_address: "2001:db8::3"
  -
    port: 1883
    ip: "::"
    module: mod_mqtt
    backlog: 1000

s2s_use_starttls: optional

acme:
  auto: false
  ca_url: https://acme-v02.api.letsencrypt.org/directory

acl:
  admin:
    user: "django_tickets@REPLACE_HOST_SERVICE"
    #user: "admin@REPLACE_HOST_SERVICE"
  users:
    user: all

  local:
    user_regexp: ""
  loopback:
    ip:
      - 127.0.0.0/8
      - 10.0.2.10/24
      - ::1/128

access_rules:
  api_access:
    allow: user
  local:
    allow: local
  c2s:
    deny: blocked
    allow: all
  announce:
    allow: admin
  configure:
    allow: admin
  muc_create:
    allow: all
  pubsub_createnode:
    allow: local
  trusted_network:
#    allow: loopback
    allow: all

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who: all
#      access:
#        allow:
#          - acl: loopback
#          - acl: admin
#          - acl: all
#      oauth:
#        scope: "ejabberd:admin"
#        access:
#          allow:
#            - acl: loopback
#            - acl: admin
#            - acl: all
    what:
      - "*"
      - "!stop"
      - "!start"
      - send_message
  "public commands":
    who: all
#      ip: 127.0.0.1/8
#      ip: 10.0.2.10/24
    what:
      - "*"
      - "!stop"
      - "!start"
      - status
      - connected_users_number
      - send_message

shaper:
  normal:
    rate: 3000
    burst_size: 20000
  fast: 100000

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    5000: admin
    100: all
  c2s_shaper:
    none: admin
    normal: all
  s2s_shaper: fast

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_avatar: {}
  mod_blocking: {}
  mod_bosh: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_disco: {}
  mod_fail2ban: {}
  mod_http_api: {}
  mod_http_upload:
    access: all
    max_size: 5242880
    put_url: https://@HOST@:5443/upload
    custom_headers:
      "Access-Control-Allow-Origin": "https://@HOST@"
      "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
      "Access-Control-Allow-Headers": "Content-Type"
  mod_last: {}
  mod_mam:
    ## Mnesia is limited to 2GB, better to use an SQL backend
    ## For small servers SQLite is a good fit and is very easy
    ## to configure. Uncomment this when you have SQL configured:
    ## db_type: sql
    assume_mam_usage: true
    default: always
  mod_mqtt: {}
  mod_muc:
    # Service name    
    hosts:
      - "chat.REPLACE_HOST_SERVICE"
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    access_mam:
      - allow

    history_size: 1000
    default_room_options:

      mam: true
      persistent: true
      public: true
      members_only: false
      allow_visitor_nickchange: true
      allow_user_invites: true
      allow_subscription: true
      max_users: 1000
  
  mod_muc_admin: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_private: {}
  mod_proxy65:
    access: local
    max_connections: 5
  mod_pubsub:
    access_createnode: pubsub_createnode
    plugins:
      - flat
      - pep
    force_node_config:
      ## Avoid buggy clients to make their bookmarks public
      storage:bookmarks:
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    ## Only accept registration requests from the "trusted"
    ## network (see access_rules section above).
    ## Think twice before enabling registration from any
    ## address. See the Jabber SPAM Manifesto for details:
    ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
    ip_access: trusted_network
  mod_roster:
    versioning: true
  mod_s2s_dialback: {}
  mod_shared_roster: {}
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_stun_disco: {}
  mod_vcard: {}
  mod_vcard_xupdate: {}
  mod_version:
    show_os: false
  mod_http_fileserver:
    docroot: /var/www/webapps/jabber_data
    accesslog: /var/log/ejabberd/access.log
    content_types:
      .png: image/png
      .jpg: image/jpg
      .dng: image/dng
      .heic: image/heic
      .pdf: application/pdf
      .xml: application/xml
    default_content_type: image/jpg

### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8