aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/ejabberd
diff options
context:
space:
mode:
authorterminaldweller <thabogre@gmail.com>2023-01-22 17:36:07 +0000
committerterminaldweller <thabogre@gmail.com>2023-01-22 17:36:07 +0000
commitc836ea89a48f53ec1dd05c1dcdc606bb44c8b619 (patch)
tree22882efad0fdc677d353dec723d813825bbcb5d2 /terminaldweller.com/ejabberd
parentupdate (diff)
downloadscripts-c836ea89a48f53ec1dd05c1dcdc606bb44c8b619.tar.gz
scripts-c836ea89a48f53ec1dd05c1dcdc606bb44c8b619.zip
update
Diffstat (limited to 'terminaldweller.com/ejabberd')
-rw-r--r--terminaldweller.com/ejabberd/docker-compose.yaml4
-rw-r--r--terminaldweller.com/ejabberd/ejabberd.yml23
2 files changed, 18 insertions, 9 deletions
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index a4ddaeb..f01085d 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -1,7 +1,7 @@
version: "3.4"
services:
ejabberd:
- image: ejabberd/ecs:21.07
+ image: ejabberd/ecs:23.01
networks:
- ejabberdnet
ports:
@@ -33,5 +33,5 @@ volumes:
mnesia_db:
vault:
# openssl dhparam -out dhparams.pem 4096
-# certbot certonly --standalone -d chat.terminaldweller.com -m devi@terminaldweller.com --agree-tos --noninteractive --dryrun
+# certbot certonly --standlone -d chat.terminaldweller.com -e devi@terminaldweller.com --agree-tos --noninteractive
# docker exec -it 6eebd16a2385 bin/ejabberdctl register admin chat.terminaldweller.com password
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 815d702..fb5a6a9 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -1,13 +1,14 @@
hosts:
- jabber.terminaldweller.com
-auth_method: internal
+auth_method: internal
auth_password_format: scram # pragma: allowlist secret
# anonymous_protocol: both
allow_multiple_connections: true
loglevel: 5
log_rotate_size: 10485760
log_rotate_count: 1
+default_db: mnesia
define_macro:
'TLS_CIPHERS': "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA"
@@ -45,9 +46,9 @@ listen:
access: c2s
starttls: true
starttls_required: true
- #protocol_options: 'TLS_OPTIONS'
- #ciphers: 'TLS_CIPHERS'
- #dhfile: 'DH_FILE'
+ protocol_options: 'TLS_OPTIONS'
+ ciphers: 'TLS_CIPHERS'
+ dhfile: 'DH_FILE'
zlib: false
tls_compression: false
- port: 5223
@@ -56,6 +57,9 @@ listen:
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
+ protocol_options: 'TLS_OPTIONS'
+ ciphers: 'TLS_CIPHERS'
+ dhfile: 'DH_FILE'
tls: true
tls_compression: false
- port: 5269
@@ -77,6 +81,8 @@ listen:
'/upload': mod_http_upload
'/ws': ejabberd_http_ws
'/oauth': ejabberd_oauth
+ '/.well-known/host-meta': mod_host_meta
+ '/.well-known/host-meta.json': mod_host_meta
- port: 5080
ip: '0.0.0.0'
module: ejabberd_http
@@ -133,9 +139,9 @@ access_rules:
configure:
allow: admin
muc_create:
- allow: local
+ allow: admin
pubsub_createnode:
- allow: local
+ allow: admin
trusted_network:
allow: loopback
@@ -201,7 +207,7 @@ max_fsm_queue: 10000
acme:
# for auto ACME requests, we need this to be true
auto: false
- contact:
+ contact:
- mailto:devi@terminaldweller.com
ca_url: https://acme-v02.api.letsencrypt.org/directory
@@ -298,3 +304,6 @@ modules:
mod_vcard_xupdate: {}
mod_version:
show_os: false
+ mod_host_meta:
+ bosh_service_url: "https://@HOST@:5443/bosh"
+ websocket_url: "wss://@HOST@:5443/ws"