NAME
DJabberd::Config - Configuration options in djabberd.conf
DESCRIPTION
The following describes the format and allowed options of djabberd.conf. djabberd.conf is formatted similarly to Apache configuration files; that is:
# Lines beginning with '#' are comments
SomeGlobalOption on
<VHost vhost.example.com>
# Options herein apply only to this vhost
</VHost>
Configuration directives are not case sensitive. Directives which take a "boolean" value can be passed any commonly-understood expression of a boolean; 1
, y
, yes
, true
, t
, on
, enable
, or enabled
for truth, or 0
, n
, no
, false
, f
, off
, disable
, or disabled
for false.
GLOBAL CONFIGURATION
DeclareMonitor IP address
Declares that a given IP address is used only for checking connectivity to the server, and should not be logged or assigned an internal ID. Useful if you have a nagios
host.
SSLCertificateKeyFile /path/to/key.pem
Sets the path to the private key file for the server. This key should be in PEM format and only readable by the server, and is used to encrypt traffic to clients to ask for TLS. If it is not set, the server will not support TLS.
SSLCertificateFile /path/to/cert.pem
Sets the path to the certificate file for the server. This certificate should be in PEM format, and will be presented to the clients who ask for TLS. If it is not set, the server will not support TLS.
SSLCertificateChainFile /path/to/cert-chain.pem
Sets the path to the certificate chain file for the server. This is needed if the server certificate is signed by an intermediate certificate from a certificate authority. This file should be in PEM format. It must contain the server's certificate, followed by the intermediate certificates, then finally the root certificate. SSLCertificateKeyFile
and SSLCertificateFile
are required when using this option.
OldSSL boolean
Defaults to off; if set, the server will also listen on port 5223, and immediately attempt TLS negotiation on all opened connections. As the name implies, this is deprecated, and StartTLS
stanzas are now the preferred method to enable TLS communication with clients.
UnixDomainSocket /path/to/socket
Defaults to unset; if set, specifies the absolute path to a UNIX domain socket to listen on, in addition to any TCP ports (set by "ClientPort" and "ServerPort").
ClientPort port
Sets the port to listen for client-to-server connections on; defaults to 5222. May also specify an IP address to bind to, in addition to a port, such as 127.0.0.1:5222
.
ServerPort port
Sets the port to listen for server-to-server connection on; defaults to 5269. If explicitly set to 0, disables server-to-server listening for all virtual hosts. May also specify an IP address to bind to, in addition to a port, such as 127.0.0.1:5222
.
AdminPort port
Sets the port to listen for administrative connections on; defaults to off. For security reasons, you will most certainly want to bind this to a specific IP address, to prevent access by unauthorized users. See DJabberd::Connection::Admin.
IntraDomainListen port
Sets the port to listen for inter-cluster messages; defaults to off. Clustering support is still in development.
PidFile /path/to/pidfile
If set, writes the server's PID to the given file.
CaseSensitive boolean
If set to a true value, Jabber IDs will be treated as entirely case-sensitive; defaults to off. This setting exists purely for backwards compatibility, as previous versions incorrectly treated Jabber IDs as case-sensitive.
ShareParsers boolean
Defaults to on; controls whether DJabberd::XMLParser objects are held onto between stanzas.
VIRTUAL HOST CONFIGURATION
Each virtual host is configured with a block which declares the name of the virtual host:
<VHost jabber.example.com>
# Configuration for jabber.example.com
</VHost>
Virtual hosts can effectively be nested, using the Subdomain block:
<VHost jabber.example.com>
# Configuration for jabber.example.com
<Subdomain muc>
# Configuration for muc.jabber.example.com
</Subdomain>
</VHost>
QuirksMode boolean
Enables or disables "quirks mode"; defaults to on. See doc/quirks-mode.txt for a list of workaround this enables.
S2S boolean
Enables or disables server-to-server communication, or "federation." Defaults to off; note that /ServerPort
being set to 0 will override this configuration.
InBandReg boolean
If set, enables in-band registration of new users; defaults to off.
ChildService JID
description
Adds a mapping between a JID on this server, and the given description; this is used for client service auto-discovery.
RequireSSL boolean
If set, requires that clients have negotiated a TLS before authentication information is sent.
PLUGIN CONFIGURATION
Plugins can only be configured on a per virtual host basis. Each plugin defines its own configuration parameters. Plugins bundled with the base DJabberd server include:
- DJabberd::Delivery::ComponentConnection
-
Delivery through a JEP-0114 component connection.
- DJabberd::Delivery::Local
-
Delivery to local users; implicitly added by default.
- DJabberd::Delivery::S2S
-
Delivery via server-to-server connection; implicitly added if "S2S" is enabled.
- DJabberd::Delivery::LocalVHosts
-
Delivery to locally configured virtual hosts; implicitly added between a virtual host and all of its configured subdomains.
- DJabberd::RosterStorage::InMemoryOnly
-
Store rosters in memory only. See DJabberd::RosterStorage::SQLite for a common, more persistent, alternative.
- DJabberd::Authen::AllowedUsers
-
Only allow the given users to connect.
- DJabberd::Authen::StaticPassword
-
Set a static password for all users.
- DJabberd::Authen::InMemoryOnly
-
Store users' correct passwords (set on in-band registration, for instance) in memory only.
- DJabberd::Bot::Admin
-
Provides an alternative interface to DJabberd::Connection::Admin for certain users.
- DJabberd::SASL and subclasses
-
Enables a particular type of SASL negotiation.