|
|
|
@ -26,6 +26,7 @@
|
|
|
|
|
### and a Montague?
|
|
|
|
|
###
|
|
|
|
|
|
|
|
|
|
language: "en"
|
|
|
|
|
hosts:
|
|
|
|
|
- "localhost"
|
|
|
|
|
|
|
|
|
@ -42,24 +43,6 @@ certfiles:
|
|
|
|
|
|
|
|
|
|
ca_file: "/home/ejabberd/conf/cacert.pem"
|
|
|
|
|
|
|
|
|
|
define_macro:
|
|
|
|
|
# TLS options for client not being able to use modern ciphers (Windows XP+, Android 3.0+)
|
|
|
|
|
CIPHERS_INTERMEDIATE: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
|
|
|
|
|
PROTOCOL_OPTIONS_INTERMEDIATE:
|
|
|
|
|
- "no_sslv2"
|
|
|
|
|
- "no_sslv3"
|
|
|
|
|
|
|
|
|
|
# TLS options for client able to use modern ciphers (Windows 7+, Android 5.0+)
|
|
|
|
|
CIPHERS_MODERN: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
|
|
|
|
PROTOCOL_OPTIONS_MODERN:
|
|
|
|
|
- "no_sslv2"
|
|
|
|
|
- "no_sslv3"
|
|
|
|
|
- "no_tlsv1"
|
|
|
|
|
- "no_tlsv1_1"
|
|
|
|
|
|
|
|
|
|
c2s_ciphers: CIPHERS_INTERMEDIATE
|
|
|
|
|
c2s_protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
|
|
|
|
|
|
|
|
|
|
listen:
|
|
|
|
|
-
|
|
|
|
|
port: 5222
|
|
|
|
@ -78,22 +61,21 @@ listen:
|
|
|
|
|
port: 5443
|
|
|
|
|
ip: "::"
|
|
|
|
|
module: ejabberd_http
|
|
|
|
|
tls: true
|
|
|
|
|
request_handlers:
|
|
|
|
|
"/admin": ejabberd_web_admin
|
|
|
|
|
"/api": mod_http_api
|
|
|
|
|
"/bosh": mod_bosh
|
|
|
|
|
"/captcha": ejabberd_captcha
|
|
|
|
|
"/upload": mod_http_upload
|
|
|
|
|
"/ws": ejabberd_http_ws
|
|
|
|
|
"/oauth": ejabberd_oauth
|
|
|
|
|
web_admin: true
|
|
|
|
|
captcha: false
|
|
|
|
|
ciphers: CIPHERS_INTERMEDIATE
|
|
|
|
|
protocol_options: PROTOCOL_OPTIONS_INTERMEDIATE
|
|
|
|
|
tls: true
|
|
|
|
|
-
|
|
|
|
|
port: 5280
|
|
|
|
|
ip: "::"
|
|
|
|
|
module: ejabberd_http
|
|
|
|
|
web_admin: true
|
|
|
|
|
request_handlers:
|
|
|
|
|
"/admin": ejabberd_web_admin
|
|
|
|
|
-
|
|
|
|
|
port: 1883
|
|
|
|
|
ip: "::"
|
|
|
|
@ -109,6 +91,10 @@ acl:
|
|
|
|
|
ip:
|
|
|
|
|
- "127.0.0.0/8"
|
|
|
|
|
- "::1/128"
|
|
|
|
|
- "::FFFF:127.0.0.1/128"
|
|
|
|
|
admin:
|
|
|
|
|
user:
|
|
|
|
|
- "admin@localhost"
|
|
|
|
|
|
|
|
|
|
access_rules:
|
|
|
|
|
local:
|
|
|
|
@ -229,10 +215,6 @@ modules:
|
|
|
|
|
- "flat"
|
|
|
|
|
- "pep"
|
|
|
|
|
force_node_config:
|
|
|
|
|
## Change from "whitelist" to "open" to enable OMEMO support
|
|
|
|
|
## See https://github.com/processone/ejabberd/issues/2425
|
|
|
|
|
"eu.siacs.conversations.axolotl.*":
|
|
|
|
|
access_model: whitelist
|
|
|
|
|
## Avoid buggy clients to make their bookmarks public
|
|
|
|
|
"storage:bookmarks":
|
|
|
|
|
access_model: whitelist
|
|
|
|
|