commit: f8d4c02431aa634dc74074b93d1cb522e47056ce
parent: 3415962d608399db942c841775b4b3358d98989d
Author: feld <feld@feld.me>
Date: Fri, 31 May 2019 20:36:33 +0000
Merge branch 'doc/mongoose-im-config' into 'develop'
Sample Mongoose IM config
See merge request pleroma/pleroma!1226
Diffstat:
1 file changed, 932 insertions(+), 0 deletions(-)
diff --git a/installation/pleroma-mongooseim.cfg b/installation/pleroma-mongooseim.cfg
@@ -0,0 +1,932 @@
+%%%
+%%% ejabberd configuration file
+%%%
+%%%'
+
+%%% The parameters used in this configuration file are explained in more detail
+%%% in the ejabberd Installation and Operation Guide.
+%%% Please consult the Guide in case of doubts, it is included with
+%%% your copy of ejabberd, and is also available online at
+%%% http://www.process-one.net/en/ejabberd/docs/
+
+%%% This configuration file contains Erlang terms.
+%%% In case you want to understand the syntax, here are the concepts:
+%%%
+%%% - The character to comment a line is %
+%%%
+%%% - Each term ends in a dot, for example:
+%%% override_global.
+%%%
+%%% - A tuple has a fixed definition, its elements are
+%%% enclosed in {}, and separated with commas:
+%%% {loglevel, 4}.
+%%%
+%%% - A list can have as many elements as you want,
+%%% and is enclosed in [], for example:
+%%% [http_poll, web_admin, tls]
+%%%
+%%% Pay attention that list elements are delimited with commas,
+%%% but no comma is allowed after the last list element. This will
+%%% give a syntax error unlike in more lenient languages (e.g. Python).
+%%%
+%%% - A keyword of ejabberd is a word in lowercase.
+%%% Strings are enclosed in "" and can contain spaces, dots, ...
+%%% {language, "en"}.
+%%% {ldap_rootdn, "dc=example,dc=com"}.
+%%%
+%%% - This term includes a tuple, a keyword, a list, and two strings:
+%%% {hosts, ["jabber.example.net", "im.example.com"]}.
+%%%
+%%% - This config is preprocessed during release generation by a tool which
+%%% interprets double curly braces as substitution markers, so avoid this
+%%% syntax in this file (though it's valid Erlang).
+%%%
+%%% So this is OK (though arguably looks quite ugly):
+%%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
+%%%
+%%% And I can't give an example of what's not OK exactly because
+%%% of this rule.
+%%%
+
+
+%%%. =======================
+%%%' OVERRIDE STORED OPTIONS
+
+%%
+%% Override the old values stored in the database.
+%%
+
+%%
+%% Override global options (shared by all ejabberd nodes in a cluster).
+%%
+%%override_global.
+
+%%
+%% Override local options (specific for this particular ejabberd node).
+%%
+%%override_local.
+
+%%
+%% Remove the Access Control Lists before new ones are added.
+%%
+%%override_acls.
+
+
+%%%. =========
+%%%' DEBUGGING
+
+%%
+%% loglevel: Verbosity of log files generated by ejabberd.
+%% 0: No ejabberd log at all (not recommended)
+%% 1: Critical
+%% 2: Error
+%% 3: Warning
+%% 4: Info
+%% 5: Debug
+%%
+{loglevel, 3}.
+
+%%%. ================
+%%%' SERVED HOSTNAMES
+
+%%
+%% hosts: Domains served by ejabberd.
+%% You can define one or several, for example:
+%% {hosts, ["example.net", "example.com", "example.org"]}.
+%%
+{hosts, ["pleroma.soykaf.com"] }.
+
+%%
+%% route_subdomains: Delegate subdomains to other XMPP servers.
+%% For example, if this ejabberd serves example.org and you want
+%% to allow communication with an XMPP server called im.example.org.
+%%
+%%{route_subdomains, s2s}.
+
+
+%%%. ===============
+%%%' LISTENING PORTS
+
+%%
+%% listen: The ports ejabberd will listen on, which service each is handled
+%% by and what options to start it with.
+%%
+{listen,
+ [
+ %% BOSH and WS endpoints over HTTP
+ { 5280, ejabberd_cowboy, [
+ {num_acceptors, 10},
+ {transport_options, [{max_connections, 1024}]},
+ {modules, [
+
+ {"_", "/http-bind", mod_bosh},
+ {"_", "/ws-xmpp", mod_websockets, [{ejabberd_service, [
+ {access, all},
+ {shaper_rule, fast},
+ {ip, {127, 0, 0, 1}},
+ {password, "secret"}]}
+ %% Uncomment to enable connection dropping or/and server-side pings
+ %{timeout, 600000}, {ping_rate, 2000}
+ ]}
+ %% Uncomment to serve static files
+ %{"_", "/static/[...]", cowboy_static,
+ % {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
+ %},
+
+ %% Example usage of mod_revproxy
+
+ %% {"_", "/[...]", mod_revproxy, [{timeout, 5000},
+ %% % time limit for upstream to respond
+ %% {body_length, 8000000},
+ %% % maximum body size (may be infinity)
+ %% {custom_headers, [{<<"header">>,<<"value">>}]}
+ %% % list of extra headers that are send to upstream
+ %% ]}
+
+ %% Example usage of mod_cowboy
+
+ %% {"_", "/[...]", mod_cowboy, [{http, mod_revproxy,
+ %% [{timeout, 5000},
+ %% % time limit for upstream to respond
+ %% {body_length, 8000000},
+ %% % maximum body size (may be infinity)
+ %% {custom_headers, [{<<"header">>,<<"value">>}]}
+ %% % list of extra headers that are send to upstream
+ %% ]},
+ %% {ws, xmpp, mod_websockets}
+ %% ]}
+ ]}
+ ]},
+
+ %% BOSH and WS endpoints over HTTPS
+ { 5285, ejabberd_cowboy, [
+ {num_acceptors, 10},
+ {transport_options, [{max_connections, 1024}]},
+ {ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]},
+ {modules, [
+ {"_", "/http-bind", mod_bosh},
+ {"_", "/ws-xmpp", mod_websockets, [
+ %% Uncomment to enable connection dropping or/and server-side pings
+ %{timeout, 600000}, {ping_rate, 60000}
+ ]}
+ %% Uncomment to serve static files
+ %{"_", "/static/[...]", cowboy_static,
+ % {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
+ %},
+ ]}
+ ]},
+
+ %% MongooseIM HTTP API it's important to start it on localhost
+ %% or some private interface only (not accessible from the outside)
+ %% At least start it on different port which will be hidden behind firewall
+
+ { {8088, "127.0.0.1"} , ejabberd_cowboy, [
+ {num_acceptors, 10},
+ {transport_options, [{max_connections, 1024}]},
+ {modules, [
+ {"localhost", "/api", mongoose_api_admin, []}
+ ]}
+ ]},
+
+ { 8089 , ejabberd_cowboy, [
+ {num_acceptors, 10},
+ {transport_options, [{max_connections, 1024}]},
+ {protocol_options, [{compress, true}]},
+ {ssl, [{certfile, "priv/ssl/fullchain.pem"}, {keyfile, "priv/ssl/privkey.pem"}, {password, ""}]},
+ {modules, [
+ {"_", "/api/sse", lasse_handler, [mongoose_client_api_sse]},
+ {"_", "/api/messages/[:with]", mongoose_client_api_messages, []},
+ {"_", "/api/contacts/[:jid]", mongoose_client_api_contacts, []},
+ {"_", "/api/rooms/[:id]", mongoose_client_api_rooms, []},
+ {"_", "/api/rooms/[:id]/config", mongoose_client_api_rooms_config, []},
+ {"_", "/api/rooms/:id/users/[:user]", mongoose_client_api_rooms_users, []},
+ {"_", "/api/rooms/[:id]/messages", mongoose_client_api_rooms_messages, []}
+ ]}
+ ]},
+
+ %% Following HTTP API is deprected, the new one abouve should be used instead
+
+ { {5288, "127.0.0.1"} , ejabberd_cowboy, [
+ {num_acceptors, 10},
+ {transport_options, [{max_connections, 1024}]},
+ {modules, [
+ {"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics,
+ mongoose_api_users]}]}
+ ]}
+ ]},
+
+ { 5222, ejabberd_c2s, [
+
+ %%
+ %% If TLS is compiled in and you installed a SSL
+ %% certificate, specify the full path to the
+ %% file and uncomment this line:
+ %%
+ {certfile, "priv/ssl/both.pem"}, starttls,
+
+ %%{zlib, 10000},
+ %% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+ %% {ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"},
+ {access, c2s},
+ {shaper, c2s_shaper},
+ {max_stanza_size, 65536},
+ {protocol_options, ["no_sslv3"]}
+
+ ]},
+
+
+
+ %%
+ %% To enable the old SSL connection method on port 5223:
+ %%
+ %%{5223, ejabberd_c2s, [
+ %% {access, c2s},
+ %% {shaper, c2s_shaper},
+ %% {certfile, "/path/to/ssl.pem"}, tls,
+ %% {max_stanza_size, 65536}
+ %% ]},
+
+ { 5269, ejabberd_s2s_in, [
+ {shaper, s2s_shaper},
+ {max_stanza_size, 131072},
+ {protocol_options, ["no_sslv3"]}
+
+ ]}
+
+ %%
+ %% ejabberd_service: Interact with external components (transports, ...)
+ %%
+ ,{8888, ejabberd_service, [
+ {access, all},
+ {shaper_rule, fast},
+ {ip, {127, 0, 0, 1}},
+ {password, "secret"}
+ ]}
+
+ %%
+ %% ejabberd_stun: Handles STUN Binding requests
+ %%
+ %%{ {3478, udp}, ejabberd_stun, []}
+
+ ]}.
+
+%%
+%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
+%% Allowed values are: false optional required required_trusted
+%% You must specify a certificate file.
+%%
+{s2s_use_starttls, optional}.
+%%
+%% s2s_certfile: Specify a certificate file.
+%%
+{s2s_certfile, "priv/ssl/both.pem"}.
+
+%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+%% {s2s_ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"}.
+
+%%
+%% domain_certfile: Specify a different certificate for each served hostname.
+%%
+%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
+%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
+
+%%
+%% S2S whitelist or blacklist
+%%
+%% Default s2s policy for undefined hosts.
+%%
+{s2s_default_policy, deny }.
+
+%%
+%% Allow or deny communication with specific servers.
+%%
+%%{ {s2s_host, "goodhost.org"}, allow}.
+%%{ {s2s_host, "badhost.org"}, deny}.
+
+{outgoing_s2s_port, 5269 }.
+
+%%
+%% IP addresses predefined for specific hosts to skip DNS lookups.
+%% Ports defined here take precedence over outgoing_s2s_port.
+%% Examples:
+%%
+%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
+%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
+%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
+
+%%
+%% Outgoing S2S options
+%%
+%% Preferred address families (which to try first) and connect timeout
+%% in milliseconds.
+%%
+%%{outgoing_s2s_options, [ipv4, ipv6], 10000}.
+%%
+%%%. ==============
+%%%' SESSION BACKEND
+
+%%{sm_backend, {mnesia, []}}.
+
+%% Requires {redis, global, default, ..., ...} outgoing pool
+%%{sm_backend, {redis, []}}.
+
+{sm_backend, {mnesia, []} }.
+
+
+%%%. ==============
+%%%' AUTHENTICATION
+
+%% Advertised SASL mechanisms
+{sasl_mechanisms, [cyrsasl_plain]}.
+
+%%
+%% auth_method: Method used to authenticate the users.
+%% The default method is the internal.
+%% If you want to use a different method,
+%% comment this line and enable the correct ones.
+%%
+%% {auth_method, internal }.
+{auth_method, http }.
+{auth_opts, [
+ {http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]},
+ {password_format, plain} % default
+ %% {password_format, scram}
+
+ %% {scram_iterations, 4096} % default
+
+ %%
+ %% For auth_http:
+ %% {basic_auth, "user:password"}
+ %% {path_prefix, "/"} % default
+ %% auth_http requires {http, Host | global, auth, ..., ...} outgoing pool.
+ %%
+ %% For auth_external
+ %%{extauth_program, "/path/to/authentication/script"}.
+ %%
+ %% For auth_jwt
+ %% {jwt_secret_source, "/path/to/file"},
+ %% {jwt_algorithm, "RS256"},
+ %% {jwt_username_key, user}
+ %% For cyrsasl_external
+ %% {authenticate_with_cn, false}
+ {cyrsasl_external, standard}
+ ]}.
+
+%%
+%% Authentication using external script
+%% Make sure the script is executable by ejabberd.
+%%
+%%{auth_method, external}.
+
+%%
+%% Authentication using RDBMS
+%% Remember to setup a database in the next section.
+%%
+%%{auth_method, rdbms}.
+
+%%
+%% Authentication using LDAP
+%%
+%%{auth_method, ldap}.
+%%
+
+%% List of LDAP servers:
+%%{ldap_servers, ["localhost"]}.
+%%
+%% Encryption of connection to LDAP servers:
+%%{ldap_encrypt, none}.
+%%{ldap_encrypt, tls}.
+%%
+%% Port to connect to on LDAP servers:
+%%{ldap_port, 389}.
+%%{ldap_port, 636}.
+%%
+%% LDAP manager:
+%%{ldap_rootdn, "dc=example,dc=com"}.
+%%
+%% Password of LDAP manager:
+%%{ldap_password, "******"}.
+%%
+%% Search base of LDAP directory:
+%%{ldap_base, "dc=example,dc=com"}.
+%%
+%% LDAP attribute that holds user ID:
+%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
+%%
+%% LDAP filter:
+%%{ldap_filter, "(objectClass=shadowAccount)"}.
+
+%%
+%% Anonymous login support:
+%% auth_method: anonymous
+%% anonymous_protocol: sasl_anon | login_anon | both
+%% allow_multiple_connections: true | false
+%%
+%%{host_config, "public.example.org", [{auth_method, anonymous},
+%% {allow_multiple_connections, false},
+%% {anonymous_protocol, sasl_anon}]}.
+%%
+%% To use both anonymous and internal authentication:
+%%
+%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
+
+
+%%%. ==============
+%%%' OUTGOING CONNECTIONS (e.g. DB)
+
+%% Here you may configure all outgoing connections used by MongooseIM,
+%% e.g. to RDBMS (such as MySQL), Riak or external HTTP components.
+%% Default MongooseIM configuration uses only Mnesia (non-Mnesia extensions are disabled),
+%% so no options here are uncommented out of the box.
+%% This section includes configuration examples; for comprehensive guide
+%% please consult MongooseIM documentation, page "Outgoing connections":
+%% - doc/advanced-configuration/outgoing-connections.md
+%% - https://mongooseim.readthedocs.io/en/latest/advanced-configuration/outgoing-connections/
+
+
+{outgoing_pools, [
+% {riak, global, default, [{workers, 5}], [{address, "127.0.0.1"}, {port, 8087}]},
+% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
+ {http, global, auth, [{workers, 50}], [{server, "https://pleroma.soykaf.com"}]}
+% {cassandra, global, default, [{workers, 100}], [{servers, [{"server1", 9042}]}, {keyspace, "big_mongooseim"}]},
+% {rdbms, global, default, [{workers, 10}], [{server, {mysql, "server", 3306, "database", "username", "password"}}]}
+]}.
+
+%% More examples that may be added to outgoing_pools list:
+%%
+%% == MySQL ==
+%% {rdbms, global, default, [{workers, 10}],
+%% [{server, {mysql, "server", 3306, "database", "username", "password"}},
+%% {keepalive_interval, 10}]},
+%% keepalive_interval is optional
+
+%% == PostgreSQL ==
+%% {rdbms, global, default, [{workers, 10}],
+%% [{server, {pgsql, "server", 5432, "database", "username", "password"}}]},
+
+%% == ODBC (MSSQL) ==
+%% {rdbms, global, default, [{workers, 10}],
+%% [{server, "DSN=mongooseim;UID=mongooseim;PWD=mongooseim"}]},
+
+%% == Elastic Search ==
+%% {elastic, global, default, [], [{host, "elastic.host.com"}, {port, 9042}]},
+
+%% == Riak ==
+%% {riak, global, default, [{workers, 20}], [{address, "127.0.0.1"}, {port, 8087}]},
+
+%% == HTTP ==
+%% {http, global, conn1, [{workers, 50}], [{server, "http://server:8080"}]},
+
+%% == Cassandra ==
+%% {cassandra, global, default, [{workers, 100}],
+%% [
+%% {servers, [
+%% {"cassandra_server1.example.com", 9042},
+%% {"cassandra_server2.example.com", 9042},
+%% {"cassandra_server3.example.com", 9042},
+%% {"cassandra_server4.example.com", 9042}
+%% ]},
+%% {keyspace, "big_mongooseim"}
+%% ]}
+
+%% == Extra options ==
+%%
+%% If you use PostgreSQL, have a large database, and need a
+%% faster but inexact replacement for "select count(*) from users"
+%%
+%%{pgsql_users_number_estimate, true}.
+%%
+%% rdbms_server_type specifies what database is used over the RDBMS layer
+%% Can take values mssql, pgsql, mysql
+%% In some cases (for example for MAM with pgsql) it is required to set proper value.
+%%
+%% {rdbms_server_type, pgsql}.
+
+%%%. ===============
+%%%' TRAFFIC SHAPERS
+
+%%
+%% The "normal" shaper limits traffic speed to 1000 B/s
+%%
+{shaper, normal, {maxrate, 1000}}.
+
+%%
+%% The "fast" shaper limits traffic speed to 50000 B/s
+%%
+{shaper, fast, {maxrate, 50000}}.
+
+%%
+%% This option specifies the maximum number of elements in the queue
+%% of the FSM. Refer to the documentation for details.
+%%
+{max_fsm_queue, 1000}.
+
+%%%. ====================
+%%%' ACCESS CONTROL LISTS
+
+%%
+%% The 'admin' ACL grants administrative privileges to XMPP accounts.
+%% You can put here as many accounts as you want.
+%%
+%{acl, admin, {user, "alice", "localhost"}}.
+%{acl, admin, {user, "a", "localhost"}}.
+
+%%
+%% Blocked users
+%%
+%%{acl, blocked, {user, "baduser", "example.org"}}.
+%%{acl, blocked, {user, "test"}}.
+
+%%
+%% Local users: don't modify this line.
+%%
+{acl, local, {user_regexp, ""}}.
+
+%%
+%% More examples of ACLs
+%%
+%%{acl, jabberorg, {server, "jabber.org"}}.
+%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
+%%{acl, test, {user_regexp, "^test"}}.
+%%{acl, test, {user_glob, "test*"}}.
+
+%%
+%% Define specific ACLs in a virtual host.
+%%
+%%{host_config, "localhost",
+%% [
+%% {acl, admin, {user, "bob-local", "localhost"}}
+%% ]
+%%}.
+
+%%%. ============
+%%%' ACCESS RULES
+
+%% Maximum number of simultaneous sessions allowed for a single user:
+{access, max_user_sessions, [{10, all}]}.
+
+%% Maximum number of offline messages that users can have:
+{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
+
+%% This rule allows access only for local users:
+{access, local, [{allow, local}]}.
+
+%% Only non-blocked users can use c2s connections:
+{access, c2s, [{deny, blocked},
+ {allow, all}]}.
+
+%% For C2S connections, all users except admins use the "normal" shaper
+{access, c2s_shaper, [{none, admin},
+ {normal, all}]}.
+
+%% All S2S connections use the "fast" shaper
+{access, s2s_shaper, [{fast, all}]}.
+
+%% Admins of this server are also admins of the MUC service:
+{access, muc_admin, [{allow, admin}]}.
+
+%% Only accounts of the local ejabberd server can create rooms:
+{access, muc_create, [{allow, local}]}.
+
+%% All users are allowed to use the MUC service:
+{access, muc, [{allow, all}]}.
+
+%% In-band registration allows registration of any possible username.
+%% To disable in-band registration, replace 'allow' with 'deny'.
+{access, register, [{allow, all}]}.
+
+%% By default the frequency of account registrations from the same IP
+%% is limited to 1 account every 10 minutes. To disable, specify: infinity
+{registration_timeout, infinity}.
+
+%% Default settings for MAM.
+%% To set non-standard value, replace 'default' with 'allow' or 'deny'.
+%% Only user can access his/her archive by default.
+%% An online user can read room's archive by default.
+%% Only an owner can change settings and purge messages by default.
+%% Empty list (i.e. `[]`) means `[{deny, all}]`.
+{access, mam_set_prefs, [{default, all}]}.
+{access, mam_get_prefs, [{default, all}]}.
+{access, mam_lookup_messages, [{default, all}]}.
+{access, mam_purge_single_message, [{default, all}]}.
+{access, mam_purge_multiple_messages, [{default, all}]}.
+
+%% 1 command of the specified type per second.
+{shaper, mam_shaper, {maxrate, 1}}.
+%% This shaper is primeraly for Mnesia overload protection during stress testing.
+%% The limit is 1000 operations of each type per second.
+{shaper, mam_global_shaper, {maxrate, 1000}}.
+
+{access, mam_set_prefs_shaper, [{mam_shaper, all}]}.
+{access, mam_get_prefs_shaper, [{mam_shaper, all}]}.
+{access, mam_lookup_messages_shaper, [{mam_shaper, all}]}.
+{access, mam_purge_single_message_shaper, [{mam_shaper, all}]}.
+{access, mam_purge_multiple_messages_shaper, [{mam_shaper, all}]}.
+
+{access, mam_set_prefs_global_shaper, [{mam_global_shaper, all}]}.
+{access, mam_get_prefs_global_shaper, [{mam_global_shaper, all}]}.
+{access, mam_lookup_messages_global_shaper, [{mam_global_shaper, all}]}.
+{access, mam_purge_single_message_global_shaper, [{mam_global_shaper, all}]}.
+{access, mam_purge_multiple_messages_global_shaper, [{mam_global_shaper, all}]}.
+
+%%
+%% Define specific Access Rules in a virtual host.
+%%
+%%{host_config, "localhost",
+%% [
+%% {access, c2s, [{allow, admin}, {deny, all}]},
+%% {access, register, [{deny, all}]}
+%% ]
+%%}.
+
+%%%. ================
+%%%' DEFAULT LANGUAGE
+
+%%
+%% language: Default language used for server messages.
+%%
+{language, "en"}.
+
+%%
+%% Set a different default language in a virtual host.
+%%
+%%{host_config, "localhost",
+%% [{language, "ru"}]
+%%}.
+
+%%%. ================
+%%%' MISCELLANEOUS
+
+{all_metrics_are_global, false }.
+
+%%%. ========
+%%%' SERVICES
+
+%% Unlike modules, services are started per node and provide either features which are not
+%% related to any particular host, or backend stuff which is used by modules.
+%% This is handled by `mongoose_service` module.
+
+{services,
+ [
+ {service_admin_extra, [{submods, [node, accounts, sessions, vcard,
+ roster, last, private, stanza, stats]}]}
+ ]
+}.
+
+%%%. =======
+%%%' MODULES
+
+%%
+%% Modules enabled in all mongooseim virtual hosts.
+%% For list of possible modules options, check documentation.
+%%
+{modules,
+ [
+
+ %% The format for a single route is as follows:
+ %% {Host, Path, Method, Upstream}
+ %%
+ %% "_" can be used as wildcard for Host, Path and Method
+ %% Upstream can be either host (just http(s)://host:port) or uri
+ %% The difference is that host upstreams append whole path while
+ %% uri upstreams append only remainder that follows the matched Path
+ %% (this behaviour is similar to nginx's proxy_pass rules)
+ %%
+ %% Bindings can be used to match certain parts of host or path.
+ %% They will be later overlaid with parts of the upstream uri.
+ %%
+ %% {mod_revproxy,
+ %% [{routes, [{"www.erlang-solutions.com", "/admin", "_",
+ %% "https://www.erlang-solutions.com/"},
+ %% {":var.com", "/:var", "_", "http://localhost:8080/"},
+ %% {":domain.com", "/", "_", "http://localhost:8080/:domain"}]
+ %% }]},
+
+% {mod_http_upload, [
+ %% Set max file size in bytes. Defaults to 10 MB.
+ %% Disabled if value is `undefined`.
+% {max_file_size, 1024},
+ %% Use S3 storage backend
+% {backend, s3},
+ %% Set options for S3 backend
+% {s3, [
+% {bucket_url, "http://s3-eu-west-1.amazonaws.com/konbucket2"},
+% {region, "eu-west-1"},
+% {access_key_id, "AKIAIAOAONIULXQGMOUA"},
+% {secret_access_key, "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"}
+% ]}
+% ]},
+
+ {mod_adhoc, []},
+
+ {mod_disco, [{users_can_see_hidden_services, false}]},
+ {mod_commands, []},
+ {mod_muc_commands, []},
+ {mod_muc_light_commands, []},
+ {mod_last, []},
+ {mod_stream_management, [
+ % default 100
+ % size of a buffer of unacked messages
+ % {buffer_max, 100}
+
+ % default 1 - server sends the ack request after each stanza
+ % {ack_freq, 1}
+
+ % default: 600 seconds
+ % {resume_timeout, 600}
+ ]},
+ %% {mod_muc_light, [{host, "muclight.@HOST@"}]},
+ %% {mod_muc, [{host, "muc.@HOST@"},
+ %% {access, muc},
+ %% {access_create, muc_create}
+ %% ]},
+ %% {mod_muc_log, [
+ %% {outdir, "/tmp/muclogs"},
+ %% {access_log, muc}
+ %% ]},
+ {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
+ {mod_privacy, []},
+ {mod_blocking, []},
+ {mod_private, []},
+% {mod_private, [{backend, mnesia}]},
+% {mod_private, [{backend, rdbms}]},
+% {mod_register, [
+% %%
+% %% Set the minimum informational entropy for passwords.
+% %%
+% %%{password_strength, 32},
+%
+% %%
+% %% After successful registration, the user receives
+% %% a message with this subject and body.
+% %%
+% {welcome_message, {""}},
+%
+% %%
+% %% When a user registers, send a notification to
+% %% these XMPP accounts.
+% %%
+%
+%
+% %%
+% %% Only clients in the server machine can register accounts
+% %%
+% {ip_access, [{allow, "127.0.0.0/8"},
+% {deny, "0.0.0.0/0"}]},
+%
+% %%
+% %% Local c2s or remote s2s users cannot register accounts
+% %%
+% %%{access_from, deny},
+%
+% {access, register}
+% ]},
+ {mod_roster, []},
+ {mod_sic, []},
+ {mod_vcard, [%{matches, 1},
+%{search, true},
+%{ldap_search_operator, 'or'}, %% either 'or' or 'and'
+%{ldap_binary_search_fields, [<<"PHOTO">>]},
+%% list of binary search fields (as in vcard after mapping)
+{host, "vjud.@HOST@"}
+]},
+ {mod_bosh, []},
+ {mod_carboncopy, []}
+
+ %%
+ %% Message Archive Management (MAM, XEP-0313) for registered users and
+ %% Multi-User chats (MUCs).
+ %%
+
+% {mod_mam_meta, [
+ %% Use RDBMS backend (default)
+% {backend, rdbms},
+
+ %% Do not store user preferences (default)
+% {user_prefs_store, false},
+ %% Store user preferences in RDBMS
+% {user_prefs_store, rdbms},
+ %% Store user preferences in Mnesia (recommended).
+ %% The preferences store will be called each time, as a message is routed.
+ %% That is why Mnesia is better suited for this job.
+% {user_prefs_store, mnesia},
+
+ %% Enables a pool of asynchronous writers. (default)
+ %% Messages will be grouped together based on archive id.
+% {async_writer, true},
+
+ %% Cache information about users (default)
+% {cache_users, true},
+
+ %% Enable archivization for private messages (default)
+% {pm, [
+ %% Top-level options can be overriden here if needed, for example:
+% {async_writer, false}
+% ]},
+
+ %%
+ %% Message Archive Management (MAM) for multi-user chats (MUC).
+ %% Enable XEP-0313 for "muc.@HOST@".
+ %%
+% {muc, [
+% {host, "muc.@HOST@"}
+ %% As with pm, top-level options can be overriden for MUC archive
+% ]},
+%
+ %% Do not use a <stanza-id/> element (by default stanzaid is used)
+% no_stanzaid_element,
+% ]},
+
+
+ %%
+ %% MAM configuration examples
+ %%
+
+ %% Only MUC, no user-defined preferences, good performance.
+% {mod_mam_meta, [
+% {backend, rdbms},
+% {pm, false},
+% {muc, [
+% {host, "muc.@HOST@"}
+% ]}
+% ]},
+
+ %% Only archives for c2c messages, good performance.
+% {mod_mam_meta, [
+% {backend, rdbms},
+% {pm, [
+% {user_prefs_store, mnesia}
+% ]}
+% ]},
+
+ %% Basic configuration for c2c messages, bad performance, easy to debug.
+% {mod_mam_meta, [
+% {backend, rdbms},
+% {async_writer, false},
+% {cache_users, false}
+% ]},
+
+ %% Cassandra archive for c2c and MUC conversations.
+ %% No custom settings supported (always archive).
+% {mod_mam_meta, [
+% {backend, cassandra},
+% {user_prefs_store, cassandra},
+% {muc, [{host, "muc.@HOST@"}]}
+% ]}
+
+% {mod_event_pusher, [
+% {backends, [
+% %%
+% %% Configuration for Amazon SNS notifications.
+% %%
+% {sns, [
+% %% AWS credentials, region and host configuration
+% {access_key_id, "AKIAJAZYHOIPY6A2PESA"},
+% {secret_access_key, "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"},
+% {region, "eu-west-1"},
+% {account_id, "251423380551"},
+% {region, "eu-west-1"},
+% {sns_host, "sns.eu-west-1.amazonaws.com"},
+%
+% %% Messages from this MUC host will be sent to the SNS topic
+% {muc_host, "muc.@HOST@"},
+%
+% %% Plugin module for defining custom message attributes and user identification
+% {plugin_module, mod_event_pusher_sns_defaults},
+%
+% %% Topic name configurations. Removing a topic will disable this specific SNS notification
+% {presence_updates_topic, "user_presence_updated-dev-1"}, %% For presence updates
+% {pm_messages_topic, "user_message_sent-dev-1"}, %% For private chat messages
+% {muc_messages_topic, "user_messagegroup_sent-dev-1"} %% For group chat messages
+%
+% %% Pool options
+% {pool_size, 100}, %% Worker pool size for publishing notifications
+% {publish_retry_count, 2}, %% Retry count in case of publish error
+% {publish_retry_time_ms, 50} %% Base exponential backoff time (in ms) for publish errors
+% ]}
+% ]}
+
+]}.
+
+
+%%
+%% Enable modules with custom options in a specific virtual host
+%%
+%%{host_config, "localhost",
+%% [{ {add, modules},
+%% [
+%% {mod_some_module, []}
+%% ]
+%% }
+%% ]}.
+
+%%%.
+%%%'
+
+%%% $Id$
+
+%%% Local Variables:
+%%% mode: erlang
+%%% End:
+%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
+%%%.
