216 lines
6.9 KiB
Plaintext
216 lines
6.9 KiB
Plaintext
|
<!-- Router configuration -->
|
||
|
<router>
|
||
|
<!-- ID of the router on the network (default: router) -->
|
||
|
<id>router</id>
|
||
|
|
||
|
<!-- The process ID file. Comment this out if you don't need to know
|
||
|
the process ID from outside the process (eg for control scripts) -->
|
||
|
<pidfile>/var/run/jabber/jabberd2-router.pid</pidfile>
|
||
|
|
||
|
<!-- Log configuration - type is "syslog", "file" or "stdout" -->
|
||
|
<log type='syslog'>
|
||
|
<!-- If logging to syslog, this is the log ident -->
|
||
|
<ident>jabberd/router</ident>
|
||
|
|
||
|
<!-- If logging to syslog, this is the log facility
|
||
|
(local0 - local7) [default: local3] -->
|
||
|
<facility>local3</facility>
|
||
|
|
||
|
<!-- If logging to file, this is the filename of the logfile -->
|
||
|
<!--
|
||
|
<file>/var/log/jabber/router.log</file>
|
||
|
-->
|
||
|
|
||
|
<!-- Filename of the debug logfile -->
|
||
|
<!--
|
||
|
<debug>/var/log/jabber/debug-${id}.log</debug>
|
||
|
-->
|
||
|
</log>
|
||
|
|
||
|
<!-- Local network configuration -->
|
||
|
<local>
|
||
|
<!-- IP address to bind to (default: 0.0.0.0) -->
|
||
|
<ip>0.0.0.0</ip>
|
||
|
|
||
|
<!-- Port to bind to (default: 5347) -->
|
||
|
<port>5347</port>
|
||
|
|
||
|
<!-- File containing the user table. This is where the router gets
|
||
|
its component and secret information from for component
|
||
|
authentication.-->
|
||
|
<users>/etc/jabber/router-users.xml</users>
|
||
|
|
||
|
<!-- Shared secret used to identify XEP-0114 components (that is,
|
||
|
"jabber:component:accept" components that authenticate using
|
||
|
the Jabber Component Protocol's "handshake", for example
|
||
|
mu-conference). If this is commented out, support for XEP-0114
|
||
|
components will be disabled. -->
|
||
|
<secret>secret</secret>
|
||
|
|
||
|
<!-- File containing an SSL certificate and private key for client
|
||
|
connections. From SSL_CTX_use_certificate_chain_file(3):
|
||
|
"The certificates must be in PEM format and must be sorted
|
||
|
starting with the subject's certificate (actual client or
|
||
|
server certificate), followed by intermediate CA certificates
|
||
|
if applicable, and ending at the highest level (root) CA"
|
||
|
(the latter one being optional).
|
||
|
If this is commented out, connecting components will not be able
|
||
|
to request an SSL-encrypted channel. -->
|
||
|
<!--
|
||
|
<pemfile>/etc/jabber/server.pem</pemfile>
|
||
|
-->
|
||
|
</local>
|
||
|
|
||
|
<!-- Timed checks -->
|
||
|
<check>
|
||
|
<!-- Interval between checks.
|
||
|
|
||
|
Checks will be run every n seconds.
|
||
|
|
||
|
0 disables all checks. (default: 60) -->
|
||
|
<interval>60</interval>
|
||
|
|
||
|
<!-- Keepalives.
|
||
|
Connections that have not been used for longer than
|
||
|
this many seconds will have a single whitespace character sent
|
||
|
to them. This will force the TCP connection to be closed if
|
||
|
they have disconnected without us knowing about it.
|
||
|
0 disables keepalives. (default: 0) -->
|
||
|
<keepalive>0</keepalive>
|
||
|
|
||
|
</check>
|
||
|
|
||
|
<!-- input/output settings -->
|
||
|
<io>
|
||
|
<!-- Maximum number of file descriptors. Note that the number of
|
||
|
possible connections will be slightly less than this, because
|
||
|
the router itself can use up four on its own. If the supply of
|
||
|
file descriptors is exhausted, new incoming connections will be
|
||
|
denied.
|
||
|
|
||
|
These file descriptors are really only used when a component
|
||
|
connects to the router. So unless you have a lot of components
|
||
|
for some reason then you probably don't need to change this
|
||
|
value.
|
||
|
|
||
|
(default: 1024) -->
|
||
|
<max_fds>1024</max_fds>
|
||
|
|
||
|
<!-- Rate limiting -->
|
||
|
<limits>
|
||
|
<!-- Maximum bytes per second - if more than X bytes are sent in Y
|
||
|
seconds, connection is throttled for Z seconds. The format
|
||
|
is:
|
||
|
|
||
|
<bytes seconds='Y' throttle='Z'>X</bytes>
|
||
|
|
||
|
Default Y is 1, default Z is 5. set X to 0 to disable. -->
|
||
|
<bytes>0</bytes>
|
||
|
|
||
|
<!-- Maximum connects per second - if more than X connects are
|
||
|
attempted from a single IP in Y seconds, that IP is throttled
|
||
|
for Z seconds. The format is:
|
||
|
|
||
|
<connects seconds='Y' throttle='Z'>X</connects>
|
||
|
|
||
|
Default Y is 5, default Z is 5. set X to 0 to disable. -->
|
||
|
<connects>0</connects>
|
||
|
</limits>
|
||
|
|
||
|
<!-- IP-based access controls. If a connection IP matches an allow
|
||
|
rule, the connection will be accepted. If a connecting IP
|
||
|
matches a deny rule, the connection will be refused. If the
|
||
|
connecting IP does not match any rules, or it matches both an
|
||
|
allow and a deny rule, the contents of the <order/> option
|
||
|
determines what happens. -->
|
||
|
<access>
|
||
|
<!-- Rule check order (default: allow,deny)
|
||
|
|
||
|
allow,deny - Check allow rules, then check deny rules.
|
||
|
Allow by default.
|
||
|
deny,allow - Check deny rules, then check allow rules.
|
||
|
Deny by default. -->
|
||
|
<order>allow,deny</order>
|
||
|
|
||
|
<!-- Allow a network. If the mask isn't specified, it defaults to
|
||
|
255.255.255.255 (ie allow onle the specified IP) -->
|
||
|
<!--
|
||
|
<allow ip='127.0.0.0' mask='255.0.0.0'/>
|
||
|
-->
|
||
|
|
||
|
<!-- Allow a single host -->
|
||
|
<!--
|
||
|
<allow ip='12.34.56.78'/>
|
||
|
-->
|
||
|
|
||
|
<!-- Deny a network or a host -->
|
||
|
<!--
|
||
|
<deny ip='127.0.0.1' mask='255.0.0.0'/>
|
||
|
<deny ip='87.65.43.21'/>
|
||
|
-->
|
||
|
</access>
|
||
|
</io>
|
||
|
|
||
|
<!-- Name aliases.
|
||
|
|
||
|
Packets destined for the domain specified in the "name" attribute
|
||
|
will be routed to the component that has currently bound the name
|
||
|
in the "target" attribute (assuming it is online).
|
||
|
|
||
|
This is usually only required for some kinds of legacy
|
||
|
components (particularly jabberd 1.4 "uplink" components) -->
|
||
|
<aliases>
|
||
|
<!-- Example for a MUC component running from a jabberd 1.4 uplink -->
|
||
|
<!--
|
||
|
<alias name='conference.domain.com' target='muclinker'/>
|
||
|
-->
|
||
|
</aliases>
|
||
|
|
||
|
<!-- Access control information -->
|
||
|
<aci>
|
||
|
<!-- The usernames listed here will get access to all restricted
|
||
|
functions, regardless of restrictions further down -->
|
||
|
<acl type='all'>
|
||
|
<user>jabberd</user>
|
||
|
</acl>
|
||
|
|
||
|
<!-- These users can bind names other than their username -->
|
||
|
<!--
|
||
|
<acl type='bind'>
|
||
|
</acl>
|
||
|
-->
|
||
|
|
||
|
<!-- These users can bind a name as a default route -->
|
||
|
<!--
|
||
|
<acl type='default-route'>
|
||
|
<user>s2s</user>
|
||
|
</acl>
|
||
|
-->
|
||
|
|
||
|
<!-- These users can elect to receive all packets that pass through the router -->
|
||
|
<!--
|
||
|
<acl type='log'>
|
||
|
<user>msglog</user>
|
||
|
</acl>
|
||
|
-->
|
||
|
|
||
|
<!-- File containing packet filter rules.
|
||
|
May be used for fine grained packet routing control. -->
|
||
|
<filter>/etc/jabber/router-filter.xml</filter>
|
||
|
|
||
|
</aci>
|
||
|
|
||
|
<!-- Simple message logging to flat file
|
||
|
Remove <enabled/> tag to disable logging -->
|
||
|
<!--
|
||
|
<message_logging>
|
||
|
<enabled/>
|
||
|
<file>filename</file>
|
||
|
</message_logging>
|
||
|
-->
|
||
|
|
||
|
</router>
|
||
|
<!--
|
||
|
vim: syntax=xml
|
||
|
-->
|