diff options
Diffstat (limited to 'terminaldweller.com/ejabberd')
-rw-r--r-- | terminaldweller.com/ejabberd/docker-compose.yaml | 9 | ||||
-rw-r--r-- | terminaldweller.com/ejabberd/ejabberd.yml | 42 |
2 files changed, 42 insertions, 9 deletions
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml index cafe707..9b93896 100644 --- a/terminaldweller.com/ejabberd/docker-compose.yaml +++ b/terminaldweller.com/ejabberd/docker-compose.yaml @@ -5,14 +5,19 @@ services: networks: - ejabberdnet ports: + - "80:80" - "5222:5222" - "127.0.0.1:5269:5269" - "5280:5280" - - "127.0.0.1:5443:5443" + - "5443:5443" - "127.0.0.1:1883:1883" - - "5080:5080" + - "127.0.0.1:5080:5080" restart: unless-stopped volumes: - ./ejabberd.yml:/home/ejabberd/conf/ejabberd.yml + - ./acme:/var/lib/ejabberd/acme + - ./dh:/usr/local/etc/ejabberd networks: ejabberdnet: +# openssl dhparam -out dhparams.pem 4096 +# sudo certbot certonly --standalone --email devi@terminaldweller.com --non-interactive --agree-tos -d chat.terminaldweller.com --preferred-challenges http diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml index 6257515..87eb940 100644 --- a/terminaldweller.com/ejabberd/ejabberd.yml +++ b/terminaldweller.com/ejabberd/ejabberd.yml @@ -3,9 +3,26 @@ hosts: loglevel: 4 log_rotate_size: 10485760 -log_rotate_date: '' log_rotate_count: 1 -log_rate_limit: 100 + +define_macro: + 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" + 'TLS_OPTIONS': + - "no_sslv2, no_sslv3, no_tlsv1" + - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" + - "no_compression" + 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096 + +c2s_dhfile: 'DH_FILE' +s2s_dhfile: 'DH_FILE' +c2s_ciphers: 'TLS_CIPHERS' +s2s_ciphers: 'TLS_CIPHERS' +c2s_protocol_options: 'TLS_OPTIONS' +s2s_protocol_options: 'TLS_OPTIONS' +certfiles: + - '/var/lib/ejabberd/acme/ejabberd.pem' + +auth_password_format: scram listen: - port: 5222 @@ -14,7 +31,13 @@ listen: max_stanza_size: 262144 shaper: c2s_shaper access: c2s + starttls: true starttls_required: true + protocol_options: 'TLS_OPTIONS' + ciphers: 'TLS_CIPHERS' + dhfile: 'DH_FILE' + zlib: false + tls_compression: false - port: 5269 ip: '::' module: ejabberd_s2s_in @@ -22,6 +45,10 @@ listen: - port: 5443 ip: '::' module: ejabberd_http + tls: true + protocol_options: 'TLS_OPTIONS' + ciphers: 'TLS_CIPHERS' + dhfile: 'DH_FILE' request_handlers: '/admin': ejabberd_web_admin '/api': mod_http_api @@ -45,7 +72,7 @@ listen: use_turn: true turn_min_port: 49152 turn_max_port: 65535 - turn_ip: 0.0.0.0 + turn_ipv4_address: 0.0.0.0 - port: 5349 transport: tcp module: ejabberd_stun @@ -54,8 +81,8 @@ listen: turn_min_port: 49152 turn_max_port: 65535 ip: 0.0.0.0 - turn_ip: 0.0.0.0 - - port: 5280 + turn_ipv4_address: 0.0.0.0 + - port: 80 module: ejabberd_http tls: false request_handlers: @@ -73,7 +100,7 @@ acl: - ::FFFF:127.0.0.1/128 admin: user: - - 'admin@localhost' + - 'admin@chat.terminaldweller.com' access_rules: local: @@ -152,8 +179,9 @@ shaper_rules: max_fsm_queue: 10000 acme: + auto: false contact: 'mailto:devi@terminaldweller.com' - ca_url: 'https://acme-v01.api.letsencrypt.org' + ca_url: 'https://acme-staging-v02.api.letsencrypt.org' oauth_expire: 31536000 oauth_access: all |