aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/ejabberd
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2021-09-15 20:45:57 +0000
committerterminaldweller <thabogre@gmail.com>2021-09-15 20:45:57 +0000
commit04b2675221972f2a3cf6d1c402f49406f16c6c25 (patch)
treeb296711e1a97ffac36676b5febf7ed445798ab06 /terminaldweller.com/ejabberd
parentleft-over (diff)
downloadscripts-04b2675221972f2a3cf6d1c402f49406f16c6c25.tar.gz
scripts-04b2675221972f2a3cf6d1c402f49406f16c6c25.zip
haproxy,jabber,bitlbee
Diffstat (limited to 'terminaldweller.com/ejabberd')
-rw-r--r--terminaldweller.com/ejabberd/docker-compose.yaml9
-rw-r--r--terminaldweller.com/ejabberd/ejabberd.yml42
2 files changed, 42 insertions, 9 deletions
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index cafe707..9b93896 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -5,14 +5,19 @@ services:
networks:
- ejabberdnet
ports:
+ - "80:80"
- "5222:5222"
- "127.0.0.1:5269:5269"
- "5280:5280"
- - "127.0.0.1:5443:5443"
+ - "5443:5443"
- "127.0.0.1:1883:1883"
- - "5080:5080"
+ - "127.0.0.1:5080:5080"
restart: unless-stopped
volumes:
- ./ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
+ - ./acme:/var/lib/ejabberd/acme
+ - ./dh:/usr/local/etc/ejabberd
networks:
ejabberdnet:
+# openssl dhparam -out dhparams.pem 4096
+# sudo certbot certonly --standalone --email devi@terminaldweller.com --non-interactive --agree-tos -d chat.terminaldweller.com --preferred-challenges http
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 6257515..87eb940 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -3,9 +3,26 @@ hosts:
loglevel: 4
log_rotate_size: 10485760
-log_rotate_date: ''
log_rotate_count: 1
-log_rate_limit: 100
+
+define_macro:
+ 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+ 'TLS_OPTIONS':
+ - "no_sslv2, no_sslv3, no_tlsv1"
+ - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+ - "no_compression"
+ 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096
+
+c2s_dhfile: 'DH_FILE'
+s2s_dhfile: 'DH_FILE'
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+certfiles:
+ - '/var/lib/ejabberd/acme/ejabberd.pem'
+
+auth_password_format: scram
listen:
- port: 5222
@@ -14,7 +31,13 @@ listen:
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
+ starttls: true
starttls_required: true
+ protocol_options: 'TLS_OPTIONS'
+ ciphers: 'TLS_CIPHERS'
+ dhfile: 'DH_FILE'
+ zlib: false
+ tls_compression: false
- port: 5269
ip: '::'
module: ejabberd_s2s_in
@@ -22,6 +45,10 @@ listen:
- port: 5443
ip: '::'
module: ejabberd_http
+ tls: true
+ protocol_options: 'TLS_OPTIONS'
+ ciphers: 'TLS_CIPHERS'
+ dhfile: 'DH_FILE'
request_handlers:
'/admin': ejabberd_web_admin
'/api': mod_http_api
@@ -45,7 +72,7 @@ listen:
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
- turn_ip: 0.0.0.0
+ turn_ipv4_address: 0.0.0.0
- port: 5349
transport: tcp
module: ejabberd_stun
@@ -54,8 +81,8 @@ listen:
turn_min_port: 49152
turn_max_port: 65535
ip: 0.0.0.0
- turn_ip: 0.0.0.0
- - port: 5280
+ turn_ipv4_address: 0.0.0.0
+ - port: 80
module: ejabberd_http
tls: false
request_handlers:
@@ -73,7 +100,7 @@ acl:
- ::FFFF:127.0.0.1/128
admin:
user:
- - 'admin@localhost'
+ - 'admin@chat.terminaldweller.com'
access_rules:
local:
@@ -152,8 +179,9 @@ shaper_rules:
max_fsm_queue: 10000
acme:
+ auto: false
contact: 'mailto:devi@terminaldweller.com'
- ca_url: 'https://acme-v01.api.letsencrypt.org'
+ ca_url: 'https://acme-staging-v02.api.letsencrypt.org'
oauth_expire: 31536000
oauth_access: all