aboutsummaryrefslogtreecommitdiffstats
path: root/terminaldweller.com/ejabberd/ejabberd.yml
diff options
context:
space:
mode:
Diffstat (limited to 'terminaldweller.com/ejabberd/ejabberd.yml')
-rw-r--r--terminaldweller.com/ejabberd/ejabberd.yml42
1 files changed, 35 insertions, 7 deletions
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 6257515..87eb940 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -3,9 +3,26 @@ hosts:
loglevel: 4
log_rotate_size: 10485760
-log_rotate_date: ''
log_rotate_count: 1
-log_rate_limit: 100
+
+define_macro:
+ 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+ 'TLS_OPTIONS':
+ - "no_sslv2, no_sslv3, no_tlsv1"
+ - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+ - "no_compression"
+ 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096
+
+c2s_dhfile: 'DH_FILE'
+s2s_dhfile: 'DH_FILE'
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+certfiles:
+ - '/var/lib/ejabberd/acme/ejabberd.pem'
+
+auth_password_format: scram
listen:
- port: 5222
@@ -14,7 +31,13 @@ listen:
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
+ starttls: true
starttls_required: true
+ protocol_options: 'TLS_OPTIONS'
+ ciphers: 'TLS_CIPHERS'
+ dhfile: 'DH_FILE'
+ zlib: false
+ tls_compression: false
- port: 5269
ip: '::'
module: ejabberd_s2s_in
@@ -22,6 +45,10 @@ listen:
- port: 5443
ip: '::'
module: ejabberd_http
+ tls: true
+ protocol_options: 'TLS_OPTIONS'
+ ciphers: 'TLS_CIPHERS'
+ dhfile: 'DH_FILE'
request_handlers:
'/admin': ejabberd_web_admin
'/api': mod_http_api
@@ -45,7 +72,7 @@ listen:
use_turn: true
turn_min_port: 49152
turn_max_port: 65535
- turn_ip: 0.0.0.0
+ turn_ipv4_address: 0.0.0.0
- port: 5349
transport: tcp
module: ejabberd_stun
@@ -54,8 +81,8 @@ listen:
turn_min_port: 49152
turn_max_port: 65535
ip: 0.0.0.0
- turn_ip: 0.0.0.0
- - port: 5280
+ turn_ipv4_address: 0.0.0.0
+ - port: 80
module: ejabberd_http
tls: false
request_handlers:
@@ -73,7 +100,7 @@ acl:
- ::FFFF:127.0.0.1/128
admin:
user:
- - 'admin@localhost'
+ - 'admin@chat.terminaldweller.com'
access_rules:
local:
@@ -152,8 +179,9 @@ shaper_rules:
max_fsm_queue: 10000
acme:
+ auto: false
contact: 'mailto:devi@terminaldweller.com'
- ca_url: 'https://acme-v01.api.letsencrypt.org'
+ ca_url: 'https://acme-staging-v02.api.letsencrypt.org'
oauth_expire: 31536000
oauth_access: all