Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop
[akkoma] / installation / pleroma-mongooseim.cfg
1 %%%
2 %%% ejabberd configuration file
3 %%%
4 %%%'
5
6 %%% The parameters used in this configuration file are explained in more detail
7 %%% in the ejabberd Installation and Operation Guide.
8 %%% Please consult the Guide in case of doubts, it is included with
9 %%% your copy of ejabberd, and is also available online at
10 %%% http://www.process-one.net/en/ejabberd/docs/
11
12 %%% This configuration file contains Erlang terms.
13 %%% In case you want to understand the syntax, here are the concepts:
14 %%%
15 %%% - The character to comment a line is %
16 %%%
17 %%% - Each term ends in a dot, for example:
18 %%% override_global.
19 %%%
20 %%% - A tuple has a fixed definition, its elements are
21 %%% enclosed in {}, and separated with commas:
22 %%% {loglevel, 4}.
23 %%%
24 %%% - A list can have as many elements as you want,
25 %%% and is enclosed in [], for example:
26 %%% [http_poll, web_admin, tls]
27 %%%
28 %%% Pay attention that list elements are delimited with commas,
29 %%% but no comma is allowed after the last list element. This will
30 %%% give a syntax error unlike in more lenient languages (e.g. Python).
31 %%%
32 %%% - A keyword of ejabberd is a word in lowercase.
33 %%% Strings are enclosed in "" and can contain spaces, dots, ...
34 %%% {language, "en"}.
35 %%% {ldap_rootdn, "dc=example,dc=com"}.
36 %%%
37 %%% - This term includes a tuple, a keyword, a list, and two strings:
38 %%% {hosts, ["jabber.example.net", "im.example.com"]}.
39 %%%
40 %%% - This config is preprocessed during release generation by a tool which
41 %%% interprets double curly braces as substitution markers, so avoid this
42 %%% syntax in this file (though it's valid Erlang).
43 %%%
44 %%% So this is OK (though arguably looks quite ugly):
45 %%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
46 %%%
47 %%% And I can't give an example of what's not OK exactly because
48 %%% of this rule.
49 %%%
50
51
52 %%%. =======================
53 %%%' OVERRIDE STORED OPTIONS
54
55 %%
56 %% Override the old values stored in the database.
57 %%
58
59 %%
60 %% Override global options (shared by all ejabberd nodes in a cluster).
61 %%
62 %%override_global.
63
64 %%
65 %% Override local options (specific for this particular ejabberd node).
66 %%
67 %%override_local.
68
69 %%
70 %% Remove the Access Control Lists before new ones are added.
71 %%
72 %%override_acls.
73
74
75 %%%. =========
76 %%%' DEBUGGING
77
78 %%
79 %% loglevel: Verbosity of log files generated by ejabberd.
80 %% 0: No ejabberd log at all (not recommended)
81 %% 1: Critical
82 %% 2: Error
83 %% 3: Warning
84 %% 4: Info
85 %% 5: Debug
86 %%
87 {loglevel, 3}.
88
89 %%%. ================
90 %%%' SERVED HOSTNAMES
91
92 %%
93 %% hosts: Domains served by ejabberd.
94 %% You can define one or several, for example:
95 %% {hosts, ["example.net", "example.com", "example.org"]}.
96 %%
97 {hosts, ["pleroma.soykaf.com"] }.
98
99 %%
100 %% route_subdomains: Delegate subdomains to other XMPP servers.
101 %% For example, if this ejabberd serves example.org and you want
102 %% to allow communication with an XMPP server called im.example.org.
103 %%
104 %%{route_subdomains, s2s}.
105
106
107 %%%. ===============
108 %%%' LISTENING PORTS
109
110 %%
111 %% listen: The ports ejabberd will listen on, which service each is handled
112 %% by and what options to start it with.
113 %%
114 {listen,
115 [
116 %% BOSH and WS endpoints over HTTP
117 { 5280, ejabberd_cowboy, [
118 {num_acceptors, 10},
119 {transport_options, [{max_connections, 1024}]},
120 {modules, [
121
122 {"_", "/http-bind", mod_bosh},
123 {"_", "/ws-xmpp", mod_websockets, [{ejabberd_service, [
124 {access, all},
125 {shaper_rule, fast},
126 {ip, {127, 0, 0, 1}},
127 {password, "secret"}]}
128 %% Uncomment to enable connection dropping or/and server-side pings
129 %{timeout, 600000}, {ping_rate, 2000}
130 ]}
131 %% Uncomment to serve static files
132 %{"_", "/static/[...]", cowboy_static,
133 % {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
134 %},
135
136 %% Example usage of mod_revproxy
137
138 %% {"_", "/[...]", mod_revproxy, [{timeout, 5000},
139 %% % time limit for upstream to respond
140 %% {body_length, 8000000},
141 %% % maximum body size (may be infinity)
142 %% {custom_headers, [{<<"header">>,<<"value">>}]}
143 %% % list of extra headers that are send to upstream
144 %% ]}
145
146 %% Example usage of mod_cowboy
147
148 %% {"_", "/[...]", mod_cowboy, [{http, mod_revproxy,
149 %% [{timeout, 5000},
150 %% % time limit for upstream to respond
151 %% {body_length, 8000000},
152 %% % maximum body size (may be infinity)
153 %% {custom_headers, [{<<"header">>,<<"value">>}]}
154 %% % list of extra headers that are send to upstream
155 %% ]},
156 %% {ws, xmpp, mod_websockets}
157 %% ]}
158 ]}
159 ]},
160
161 %% BOSH and WS endpoints over HTTPS
162 { 5285, ejabberd_cowboy, [
163 {num_acceptors, 10},
164 {transport_options, [{max_connections, 1024}]},
165 {ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]},
166 {modules, [
167 {"_", "/http-bind", mod_bosh},
168 {"_", "/ws-xmpp", mod_websockets, [
169 %% Uncomment to enable connection dropping or/and server-side pings
170 %{timeout, 600000}, {ping_rate, 60000}
171 ]}
172 %% Uncomment to serve static files
173 %{"_", "/static/[...]", cowboy_static,
174 % {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
175 %},
176 ]}
177 ]},
178
179 %% MongooseIM HTTP API it's important to start it on localhost
180 %% or some private interface only (not accessible from the outside)
181 %% At least start it on different port which will be hidden behind firewall
182
183 { {8088, "127.0.0.1"} , ejabberd_cowboy, [
184 {num_acceptors, 10},
185 {transport_options, [{max_connections, 1024}]},
186 {modules, [
187 {"localhost", "/api", mongoose_api_admin, []}
188 ]}
189 ]},
190
191 { 8089 , ejabberd_cowboy, [
192 {num_acceptors, 10},
193 {transport_options, [{max_connections, 1024}]},
194 {protocol_options, [{compress, true}]},
195 {ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]},
196 {modules, [
197 {"_", "/api/sse", lasse_handler, [mongoose_client_api_sse]},
198 {"_", "/api/messages/[:with]", mongoose_client_api_messages, []},
199 {"_", "/api/contacts/[:jid]", mongoose_client_api_contacts, []},
200 {"_", "/api/rooms/[:id]", mongoose_client_api_rooms, []},
201 {"_", "/api/rooms/[:id]/config", mongoose_client_api_rooms_config, []},
202 {"_", "/api/rooms/:id/users/[:user]", mongoose_client_api_rooms_users, []},
203 {"_", "/api/rooms/[:id]/messages", mongoose_client_api_rooms_messages, []}
204 ]}
205 ]},
206
207 %% Following HTTP API is deprected, the new one abouve should be used instead
208
209 { {5288, "127.0.0.1"} , ejabberd_cowboy, [
210 {num_acceptors, 10},
211 {transport_options, [{max_connections, 1024}]},
212 {modules, [
213 {"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics,
214 mongoose_api_users]}]}
215 ]}
216 ]},
217
218 %% If you want dual stack, you have to clone this entire config stanza
219 %% and change the bind to "::"
220 { {5222, "0.0.0.0"}, ejabberd_c2s, [
221
222 %%
223 %% If TLS is compiled in and you installed a SSL
224 %% certificate, specify the full path to the
225 %% file and uncomment this line:
226 %%
227 {certfile, "priv/ssl/both.pem"}, starttls,
228
229 %%{zlib, 10000},
230 %% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
231 %% {ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"},
232 {access, c2s},
233 {shaper, c2s_shaper},
234 {max_stanza_size, 65536},
235 {protocol_options, ["no_sslv3"]}
236
237 ]},
238
239
240
241 %%
242 %% To enable the old SSL connection method on port 5223:
243 %%
244 %%{5223, ejabberd_c2s, [
245 %% {access, c2s},
246 %% {shaper, c2s_shaper},
247 %% {certfile, "/path/to/ssl.pem"}, tls,
248 %% {max_stanza_size, 65536}
249 %% ]},
250
251 %% If you want dual stack, you have to clone this entire config stanza
252 %% and change the bind to "::"
253 { {5269, "0.0.0.0"}, ejabberd_s2s_in, [
254 {shaper, s2s_shaper},
255 {max_stanza_size, 131072},
256 {protocol_options, ["no_sslv3"]}
257
258 ]}
259
260 %%
261 %% ejabberd_service: Interact with external components (transports, ...)
262 %%
263 ,{8888, ejabberd_service, [
264 {access, all},
265 {shaper_rule, fast},
266 {ip, {127, 0, 0, 1}},
267 {password, "secret"}
268 ]}
269
270 %%
271 %% ejabberd_stun: Handles STUN Binding requests
272 %%
273 %%{ {3478, udp}, ejabberd_stun, []}
274
275 ]}.
276
277 %%
278 %% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
279 %% Allowed values are: false optional required required_trusted
280 %% You must specify a certificate file.
281 %%
282 {s2s_use_starttls, optional}.
283 %%
284 %% s2s_certfile: Specify a certificate file.
285 %%
286 {s2s_certfile, "priv/ssl/both.pem"}.
287
288 %% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
289 %% {s2s_ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"}.
290
291 %%
292 %% domain_certfile: Specify a different certificate for each served hostname.
293 %%
294 %%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
295 %%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
296
297 %%
298 %% S2S whitelist or blacklist
299 %%
300 %% Default s2s policy for undefined hosts.
301 %%
302 {s2s_default_policy, deny }.
303
304 %%
305 %% Allow or deny communication with specific servers.
306 %%
307 %%{ {s2s_host, "goodhost.org"}, allow}.
308 %%{ {s2s_host, "badhost.org"}, deny}.
309
310 {outgoing_s2s_port, 5269 }.
311
312 %%
313 %% IP addresses predefined for specific hosts to skip DNS lookups.
314 %% Ports defined here take precedence over outgoing_s2s_port.
315 %% Examples:
316 %%
317 %% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
318 %% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
319 %% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
320
321 %%
322 %% Outgoing S2S options
323 %%
324 %% Preferred address families (which to try first) and connect timeout
325 %% in milliseconds.
326 %%
327 %%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
328 %%
329 %%%. ==============
330 %%%' SESSION BACKEND
331
332 %%{sm_backend, {mnesia, []}}.
333
334 %% Requires {redis, global, default, ..., ...} outgoing pool
335 %%{sm_backend, {redis, []}}.
336
337 {sm_backend, {mnesia, []} }.
338
339
340 %%%. ==============
341 %%%' AUTHENTICATION
342
343 %% Advertised SASL mechanisms
344 {sasl_mechanisms, [cyrsasl_plain]}.
345
346 %%
347 %% auth_method: Method used to authenticate the users.
348 %% The default method is the internal.
349 %% If you want to use a different method,
350 %% comment this line and enable the correct ones.
351 %%
352 %% {auth_method, internal }.
353 {auth_method, http }.
354 {auth_opts, [
355 {http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]},
356 {password_format, plain} % default
357 %% {password_format, scram}
358
359 %% {scram_iterations, 4096} % default
360
361 %%
362 %% For auth_http:
363 %% {basic_auth, "user:password"}
364 %% {path_prefix, "/"} % default
365 %% auth_http requires {http, Host | global, auth, ..., ...} outgoing pool.
366 %%
367 %% For auth_external
368 %%{extauth_program, "/path/to/authentication/script"}.
369 %%
370 %% For auth_jwt
371 %% {jwt_secret_source, "/path/to/file"},
372 %% {jwt_algorithm, "RS256"},
373 %% {jwt_username_key, user}
374 %% For cyrsasl_external
375 %% {authenticate_with_cn, false}
376 {cyrsasl_external, standard}
377 ]}.
378
379 %%
380 %% Authentication using external script
381 %% Make sure the script is executable by ejabberd.
382 %%
383 %%{auth_method, external}.
384
385 %%
386 %% Authentication using RDBMS
387 %% Remember to setup a database in the next section.
388 %%
389 %%{auth_method, rdbms}.
390
391 %%
392 %% Authentication using LDAP
393 %%
394 %%{auth_method, ldap}.
395 %%
396
397 %% List of LDAP servers:
398 %%{ldap_servers, ["localhost"]}.
399 %%
400 %% Encryption of connection to LDAP servers:
401 %%{ldap_encrypt, none}.
402 %%{ldap_encrypt, tls}.
403 %%
404 %% Port to connect to on LDAP servers:
405 %%{ldap_port, 389}.
406 %%{ldap_port, 636}.
407 %%
408 %% LDAP manager:
409 %%{ldap_rootdn, "dc=example,dc=com"}.
410 %%
411 %% Password of LDAP manager:
412 %%{ldap_password, "******"}.
413 %%
414 %% Search base of LDAP directory:
415 %%{ldap_base, "dc=example,dc=com"}.
416 %%
417 %% LDAP attribute that holds user ID:
418 %%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
419 %%
420 %% LDAP filter:
421 %%{ldap_filter, "(objectClass=shadowAccount)"}.
422
423 %%
424 %% Anonymous login support:
425 %% auth_method: anonymous
426 %% anonymous_protocol: sasl_anon | login_anon | both
427 %% allow_multiple_connections: true | false
428 %%
429 %%{host_config, "public.example.org", [{auth_method, anonymous},
430 %% {allow_multiple_connections, false},
431 %% {anonymous_protocol, sasl_anon}]}.
432 %%
433 %% To use both anonymous and internal authentication:
434 %%
435 %%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
436
437
438 %%%. ==============
439 %%%' OUTGOING CONNECTIONS (e.g. DB)
440
441 %% Here you may configure all outgoing connections used by MongooseIM,
442 %% e.g. to RDBMS (such as MySQL), Riak or external HTTP components.
443 %% Default MongooseIM configuration uses only Mnesia (non-Mnesia extensions are disabled),
444 %% so no options here are uncommented out of the box.
445 %% This section includes configuration examples; for comprehensive guide
446 %% please consult MongooseIM documentation, page "Outgoing connections":
447 %% - doc/advanced-configuration/outgoing-connections.md
448 %% - https://mongooseim.readthedocs.io/en/latest/advanced-configuration/outgoing-connections/
449
450
451 {outgoing_pools, [
452 % {riak, global, default, [{workers, 5}], [{address, "127.0.0.1"}, {port, 8087}]},
453 % {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
454 {http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]}
455 % {cassandra, global, default, [{workers, 100}], [{servers, [{"server1", 9042}]}, {keyspace, "big_mongooseim"}]},
456 % {rdbms, global, default, [{workers, 10}], [{server, {mysql, "server", 3306, "database", "username", "password"}}]}
457 ]}.
458
459 %% More examples that may be added to outgoing_pools list:
460 %%
461 %% == MySQL ==
462 %% {rdbms, global, default, [{workers, 10}],
463 %% [{server, {mysql, "server", 3306, "database", "username", "password"}},
464 %% {keepalive_interval, 10}]},
465 %% keepalive_interval is optional
466
467 %% == PostgreSQL ==
468 %% {rdbms, global, default, [{workers, 10}],
469 %% [{server, {pgsql, "server", 5432, "database", "username", "password"}}]},
470
471 %% == ODBC (MSSQL) ==
472 %% {rdbms, global, default, [{workers, 10}],
473 %% [{server, "DSN=mongooseim;UID=mongooseim;PWD=mongooseim"}]},
474
475 %% == Elastic Search ==
476 %% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
477
478 %% == Riak ==
479 %% {riak, global, default, [{workers, 20}], [{address, "127.0.0.1"}, {port, 8087}]},
480
481 %% == HTTP ==
482 %% {http, global, conn1, [{workers, 50}], [{server, "http://server:8080"}]},
483
484 %% == Cassandra ==
485 %% {cassandra, global, default, [{workers, 100}],
486 %% [
487 %% {servers, [
488 %% {"cassandra_server1.example.com", 9042},
489 %% {"cassandra_server2.example.com", 9042},
490 %% {"cassandra_server3.example.com", 9042},
491 %% {"cassandra_server4.example.com", 9042}
492 %% ]},
493 %% {keyspace, "big_mongooseim"}
494 %% ]}
495
496 %% == Extra options ==
497 %%
498 %% If you use PostgreSQL, have a large database, and need a
499 %% faster but inexact replacement for "select count(*) from users"
500 %%
501 %%{pgsql_users_number_estimate, true}.
502 %%
503 %% rdbms_server_type specifies what database is used over the RDBMS layer
504 %% Can take values mssql, pgsql, mysql
505 %% In some cases (for example for MAM with pgsql) it is required to set proper value.
506 %%
507 %% {rdbms_server_type, pgsql}.
508
509 %%%. ===============
510 %%%' TRAFFIC SHAPERS
511
512 %%
513 %% The "normal" shaper limits traffic speed to 1000 B/s
514 %%
515 {shaper, normal, {maxrate, 1000}}.
516
517 %%
518 %% The "fast" shaper limits traffic speed to 50000 B/s
519 %%
520 {shaper, fast, {maxrate, 50000}}.
521
522 %%
523 %% This option specifies the maximum number of elements in the queue
524 %% of the FSM. Refer to the documentation for details.
525 %%
526 {max_fsm_queue, 1000}.
527
528 %%%. ====================
529 %%%' ACCESS CONTROL LISTS
530
531 %%
532 %% The 'admin' ACL grants administrative privileges to XMPP accounts.
533 %% You can put here as many accounts as you want.
534 %%
535 %{acl, admin, {user, "alice", "localhost"}}.
536 %{acl, admin, {user, "a", "localhost"}}.
537
538 %%
539 %% Blocked users
540 %%
541 %%{acl, blocked, {user, "baduser", "example.org"}}.
542 %%{acl, blocked, {user, "test"}}.
543
544 %%
545 %% Local users: don't modify this line.
546 %%
547 {acl, local, {user_regexp, ""}}.
548
549 %%
550 %% More examples of ACLs
551 %%
552 %%{acl, jabberorg, {server, "jabber.org"}}.
553 %%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
554 %%{acl, test, {user_regexp, "^test"}}.
555 %%{acl, test, {user_glob, "test*"}}.
556
557 %%
558 %% Define specific ACLs in a virtual host.
559 %%
560 %%{host_config, "localhost",
561 %% [
562 %% {acl, admin, {user, "bob-local", "localhost"}}
563 %% ]
564 %%}.
565
566 %%%. ============
567 %%%' ACCESS RULES
568
569 %% Maximum number of simultaneous sessions allowed for a single user:
570 {access, max_user_sessions, [{10, all}]}.
571
572 %% Maximum number of offline messages that users can have:
573 {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
574
575 %% This rule allows access only for local users:
576 {access, local, [{allow, local}]}.
577
578 %% Only non-blocked users can use c2s connections:
579 {access, c2s, [{deny, blocked},
580 {allow, all}]}.
581
582 %% For C2S connections, all users except admins use the "normal" shaper
583 {access, c2s_shaper, [{none, admin},
584 {normal, all}]}.
585
586 %% All S2S connections use the "fast" shaper
587 {access, s2s_shaper, [{fast, all}]}.
588
589 %% Admins of this server are also admins of the MUC service:
590 {access, muc_admin, [{allow, admin}]}.
591
592 %% Only accounts of the local ejabberd server can create rooms:
593 {access, muc_create, [{allow, local}]}.
594
595 %% All users are allowed to use the MUC service:
596 {access, muc, [{allow, all}]}.
597
598 %% In-band registration allows registration of any possible username.
599 %% To disable in-band registration, replace 'allow' with 'deny'.
600 {access, register, [{allow, all}]}.
601
602 %% By default the frequency of account registrations from the same IP
603 %% is limited to 1 account every 10 minutes. To disable, specify: infinity
604 {registration_timeout, infinity}.
605
606 %% Default settings for MAM.
607 %% To set non-standard value, replace 'default' with 'allow' or 'deny'.
608 %% Only user can access his/her archive by default.
609 %% An online user can read room's archive by default.
610 %% Only an owner can change settings and purge messages by default.
611 %% Empty list (i.e. `[]`) means `[{deny, all}]`.
612 {access, mam_set_prefs, [{default, all}]}.
613 {access, mam_get_prefs, [{default, all}]}.
614 {access, mam_lookup_messages, [{default, all}]}.
615 {access, mam_purge_single_message, [{default, all}]}.
616 {access, mam_purge_multiple_messages, [{default, all}]}.
617
618 %% 1 command of the specified type per second.
619 {shaper, mam_shaper, {maxrate, 1}}.
620 %% This shaper is primeraly for Mnesia overload protection during stress testing.
621 %% The limit is 1000 operations of each type per second.
622 {shaper, mam_global_shaper, {maxrate, 1000}}.
623
624 {access, mam_set_prefs_shaper, [{mam_shaper, all}]}.
625 {access, mam_get_prefs_shaper, [{mam_shaper, all}]}.
626 {access, mam_lookup_messages_shaper, [{mam_shaper, all}]}.
627 {access, mam_purge_single_message_shaper, [{mam_shaper, all}]}.
628 {access, mam_purge_multiple_messages_shaper, [{mam_shaper, all}]}.
629
630 {access, mam_set_prefs_global_shaper, [{mam_global_shaper, all}]}.
631 {access, mam_get_prefs_global_shaper, [{mam_global_shaper, all}]}.
632 {access, mam_lookup_messages_global_shaper, [{mam_global_shaper, all}]}.
633 {access, mam_purge_single_message_global_shaper, [{mam_global_shaper, all}]}.
634 {access, mam_purge_multiple_messages_global_shaper, [{mam_global_shaper, all}]}.
635
636 %%
637 %% Define specific Access Rules in a virtual host.
638 %%
639 %%{host_config, "localhost",
640 %% [
641 %% {access, c2s, [{allow, admin}, {deny, all}]},
642 %% {access, register, [{deny, all}]}
643 %% ]
644 %%}.
645
646 %%%. ================
647 %%%' DEFAULT LANGUAGE
648
649 %%
650 %% language: Default language used for server messages.
651 %%
652 {language, "en"}.
653
654 %%
655 %% Set a different default language in a virtual host.
656 %%
657 %%{host_config, "localhost",
658 %% [{language, "ru"}]
659 %%}.
660
661 %%%. ================
662 %%%' MISCELLANEOUS
663
664 {all_metrics_are_global, false }.
665
666 %%%. ========
667 %%%' SERVICES
668
669 %% Unlike modules, services are started per node and provide either features which are not
670 %% related to any particular host, or backend stuff which is used by modules.
671 %% This is handled by `mongoose_service` module.
672
673 {services,
674 [
675 {service_admin_extra, [{submods, [node, accounts, sessions, vcard,
676 roster, last, private, stanza, stats]}]}
677 ]
678 }.
679
680 %%%. =======
681 %%%' MODULES
682
683 %%
684 %% Modules enabled in all mongooseim virtual hosts.
685 %% For list of possible modules options, check documentation.
686 %%
687 {modules,
688 [
689
690 %% The format for a single route is as follows:
691 %% {Host, Path, Method, Upstream}
692 %%
693 %% "_" can be used as wildcard for Host, Path and Method
694 %% Upstream can be either host (just http(s)://host:port) or uri
695 %% The difference is that host upstreams append whole path while
696 %% uri upstreams append only remainder that follows the matched Path
697 %% (this behaviour is similar to nginx's proxy_pass rules)
698 %%
699 %% Bindings can be used to match certain parts of host or path.
700 %% They will be later overlaid with parts of the upstream uri.
701 %%
702 %% {mod_revproxy,
703 %% [{routes, [{"www.erlang-solutions.com", "/admin", "_",
704 %% "https://www.erlang-solutions.com/"},
705 %% {":var.com", "/:var", "_", "http://localhost:8080/"},
706 %% {":domain.com", "/", "_", "http://localhost:8080/:domain"}]
707 %% }]},
708
709 % {mod_http_upload, [
710 %% Set max file size in bytes. Defaults to 10 MB.
711 %% Disabled if value is `undefined`.
712 % {max_file_size, 1024},
713 %% Use S3 storage backend
714 % {backend, s3},
715 %% Set options for S3 backend
716 % {s3, [
717 % {bucket_url, "http://s3-eu-west-1.amazonaws.com/konbucket2"},
718 % {region, "eu-west-1"},
719 % {access_key_id, "AKIAIAOAONIULXQGMOUA"},
720 % {secret_access_key, "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"}
721 % ]}
722 % ]},
723
724 {mod_adhoc, []},
725
726 {mod_disco, [{users_can_see_hidden_services, false}]},
727 {mod_commands, []},
728 {mod_muc_commands, []},
729 {mod_muc_light_commands, []},
730 {mod_last, []},
731 {mod_stream_management, [
732 % default 100
733 % size of a buffer of unacked messages
734 % {buffer_max, 100}
735
736 % default 1 - server sends the ack request after each stanza
737 % {ack_freq, 1}
738
739 % default: 600 seconds
740 % {resume_timeout, 600}
741 ]},
742 %% {mod_muc_light, [{host, "muclight.@HOST@"}]},
743 %% {mod_muc, [{host, "muc.@HOST@"},
744 %% {access, muc},
745 %% {access_create, muc_create}
746 %% ]},
747 %% {mod_muc_log, [
748 %% {outdir, "/tmp/muclogs"},
749 %% {access_log, muc}
750 %% ]},
751 {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
752 {mod_privacy, []},
753 {mod_blocking, []},
754 {mod_private, []},
755 % {mod_private, [{backend, mnesia}]},
756 % {mod_private, [{backend, rdbms}]},
757 % {mod_register, [
758 % %%
759 % %% Set the minimum informational entropy for passwords.
760 % %%
761 % %%{password_strength, 32},
762 %
763 % %%
764 % %% After successful registration, the user receives
765 % %% a message with this subject and body.
766 % %%
767 % {welcome_message, {""}},
768 %
769 % %%
770 % %% When a user registers, send a notification to
771 % %% these XMPP accounts.
772 % %%
773 %
774 %
775 % %%
776 % %% Only clients in the server machine can register accounts
777 % %%
778 % {ip_access, [{allow, "127.0.0.0/8"},
779 % {deny, "0.0.0.0/0"}]},
780 %
781 % %%
782 % %% Local c2s or remote s2s users cannot register accounts
783 % %%
784 % %%{access_from, deny},
785 %
786 % {access, register}
787 % ]},
788 {mod_roster, []},
789 {mod_sic, []},
790 {mod_vcard, [%{matches, 1},
791 %{search, true},
792 %{ldap_search_operator, 'or'}, %% either 'or' or 'and'
793 %{ldap_binary_search_fields, [<<"PHOTO">>]},
794 %% list of binary search fields (as in vcard after mapping)
795 {host, "vjud.@HOST@"}
796 ]},
797 {mod_bosh, []},
798 {mod_carboncopy, []}
799
800 %%
801 %% Message Archive Management (MAM, XEP-0313) for registered users and
802 %% Multi-User chats (MUCs).
803 %%
804
805 % {mod_mam_meta, [
806 %% Use RDBMS backend (default)
807 % {backend, rdbms},
808
809 %% Do not store user preferences (default)
810 % {user_prefs_store, false},
811 %% Store user preferences in RDBMS
812 % {user_prefs_store, rdbms},
813 %% Store user preferences in Mnesia (recommended).
814 %% The preferences store will be called each time, as a message is routed.
815 %% That is why Mnesia is better suited for this job.
816 % {user_prefs_store, mnesia},
817
818 %% Enables a pool of asynchronous writers. (default)
819 %% Messages will be grouped together based on archive id.
820 % {async_writer, true},
821
822 %% Cache information about users (default)
823 % {cache_users, true},
824
825 %% Enable archivization for private messages (default)
826 % {pm, [
827 %% Top-level options can be overriden here if needed, for example:
828 % {async_writer, false}
829 % ]},
830
831 %%
832 %% Message Archive Management (MAM) for multi-user chats (MUC).
833 %% Enable XEP-0313 for "muc.@HOST@".
834 %%
835 % {muc, [
836 % {host, "muc.@HOST@"}
837 %% As with pm, top-level options can be overriden for MUC archive
838 % ]},
839 %
840 %% Do not use a <stanza-id/> element (by default stanzaid is used)
841 % no_stanzaid_element,
842 % ]},
843
844
845 %%
846 %% MAM configuration examples
847 %%
848
849 %% Only MUC, no user-defined preferences, good performance.
850 % {mod_mam_meta, [
851 % {backend, rdbms},
852 % {pm, false},
853 % {muc, [
854 % {host, "muc.@HOST@"}
855 % ]}
856 % ]},
857
858 %% Only archives for c2c messages, good performance.
859 % {mod_mam_meta, [
860 % {backend, rdbms},
861 % {pm, [
862 % {user_prefs_store, mnesia}
863 % ]}
864 % ]},
865
866 %% Basic configuration for c2c messages, bad performance, easy to debug.
867 % {mod_mam_meta, [
868 % {backend, rdbms},
869 % {async_writer, false},
870 % {cache_users, false}
871 % ]},
872
873 %% Cassandra archive for c2c and MUC conversations.
874 %% No custom settings supported (always archive).
875 % {mod_mam_meta, [
876 % {backend, cassandra},
877 % {user_prefs_store, cassandra},
878 % {muc, [{host, "muc.@HOST@"}]}
879 % ]}
880
881 % {mod_event_pusher, [
882 % {backends, [
883 % %%
884 % %% Configuration for Amazon SNS notifications.
885 % %%
886 % {sns, [
887 % %% AWS credentials, region and host configuration
888 % {access_key_id, "AKIAJAZYHOIPY6A2PESA"},
889 % {secret_access_key, "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"},
890 % {region, "eu-west-1"},
891 % {account_id, "251423380551"},
892 % {region, "eu-west-1"},
893 % {sns_host, "sns.eu-west-1.amazonaws.com"},
894 %
895 % %% Messages from this MUC host will be sent to the SNS topic
896 % {muc_host, "muc.@HOST@"},
897 %
898 % %% Plugin module for defining custom message attributes and user identification
899 % {plugin_module, mod_event_pusher_sns_defaults},
900 %
901 % %% Topic name configurations. Removing a topic will disable this specific SNS notification
902 % {presence_updates_topic, "user_presence_updated-dev-1"}, %% For presence updates
903 % {pm_messages_topic, "user_message_sent-dev-1"}, %% For private chat messages
904 % {muc_messages_topic, "user_messagegroup_sent-dev-1"} %% For group chat messages
905 %
906 % %% Pool options
907 % {pool_size, 100}, %% Worker pool size for publishing notifications
908 % {publish_retry_count, 2}, %% Retry count in case of publish error
909 % {publish_retry_time_ms, 50} %% Base exponential backoff time (in ms) for publish errors
910 % ]}
911 % ]}
912
913 ]}.
914
915
916 %%
917 %% Enable modules with custom options in a specific virtual host
918 %%
919 %%{host_config, "localhost",
920 %% [{ {add, modules},
921 %% [
922 %% {mod_some_module, []}
923 %% ]
924 %% }
925 %% ]}.
926
927 %%%.
928 %%%'
929
930 %%% $Id$
931
932 %%% Local Variables:
933 %%% mode: erlang
934 %%% End:
935 %%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
936 %%%.