Volte para o diretorio superio cd ..
e crie o seguinte arquivo:
ejabberd.yml
### ### ejabberd configuration file ### ### The parameters used in this configuration file are explained at ### ### https://docs.ejabberd.im/admin/configuration ### ### The configuration file is written in YAML. ### ******************************************************* ### ******* !!! WARNING !!! ******* ### ******* YAML IS INDENTATION SENSITIVE ******* ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* ### ******************************************************* ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. ### ## Substitua todos os dominio.tld no arquivo com o se dominio. No total são 6 vezes que ele aparece aqui. ## Na seção Certfiles, aponte para as pastas corretas de acordo com a sua organização dos subdiretorios que foi passado na variavel ${CERT_DIRECTORY} no docker. Todos os certificados e chaves do dominio principal e dos subdominios precisa estar disponivel. ## Se você mudar a senha do banco, substitua também no final desse arquivo hosts: - dominio.tld host_config: dominio.tld: auth_method: [external] extauth_program: "/opt/ejabberd/auth/mastodon.py" auth_use_cache: true # 1h/3600s default loglevel: info define_macro: ## TLS configuration TLS_CIPHERS: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 TLS_OPTIONS: - no_sslv3 - no_tlsv1 - no_tlsv1_1 - cipher_server_preference - no_compression c2s_ciphers: TLS_CIPHERS s2s_ciphers: TLS_CIPHERS c2s_protocol_options: TLS_OPTIONS s2s_protocol_options: TLS_OPTIONS s2s_use_starttls: required ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text ## password storage (see auth_password_format option). disable_sasl_mechanisms: - digest-md5 - X-OAUTH2 ## Store the plain passwords or hashed for SCRAM: #auth_password_format: scram #auth_scram_hash: sha512 ## If you already have certificates, list them here certfiles: # Certs - /etc/ssl/certificates/<pasta_com_certificados>/*.crt # Keys - /etc/ssl/certificates/<pasta_com_chaves>/*.key listen: - port: 5222 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true protocol_options: TLS_OPTIONS - port: 5223 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s tls: true protocol_options: TLS_OPTIONS - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 shaper: s2s_shaper - port: 5270 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 shaper: s2s_shaper tls: true protocol_options: TLS_OPTIONS - port: 5443 ip: "::" module: ejabberd_http tls: true protocol_options: TLS_OPTIONS request_handlers: /admin: ejabberd_web_admin /api: mod_http_api /http-bind: mod_bosh /captcha: ejabberd_captcha /upload: mod_http_upload /ws: ejabberd_http_ws - port: 5280 ip: "::" module: ejabberd_http request_handlers: # /admin: ejabberd_web_admin /.well-known/acme-challenge: ejabberd_acme - port: 3478 ip: "::" transport: udp module: ejabberd_stun use_turn: true ## The server's public IPv4 address: # turn_ipv4_address: "203.0.113.3" ## The server's public IPv6 address: # turn_ipv6_address: "2001:db8::3" # - # port: 1883 # ip: "::" # module: mod_mqtt # backlog: 1000 acme: auto: false ## Staging environment ca_url: https://acme-staging-v02.api.letsencrypt.org/directory ## Production environment (the default): # ca_url: https://acme-v02.api.letsencrypt.org/directory acl: local: user_regexp: "" loopback: ip: - 127.0.0.0/8 - ::1/128 admin: user: admin access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: local pubsub_createnode: allow: local trusted_network: allow: loopback api_permissions: "console commands": from: ejabberd_ctl who: all what: "*" "webadmin commands": from: ejabberd_web_admin who: admin what: "*" "admin access": who: access: allow: - acl: loopback - acl: admin oauth: scope: "ejabberd:admin" access: allow: - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - status - connected_users_number shaper: normal: rate: 3000 burst_size: 20000 fast: 100000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: server_info: - modules: all name: abuse-addresses urls: - mailto:xmpp@dominio.tld - modules: all name: support-addresses urls: - mailto:xmpp@dominio.tld - modules: all name: admin-addresses urls: - mailto:xmpp@dominio.tld mod_fail2ban: {} mod_host_meta: bosh_service_url: "https://xmpp.@HOST@/http-bind" websocket_url: "wss://xmpp.@HOST@/ws" mod_http_api: {} mod_http_upload: # put_url: https://upload.@HOST@ put_url: https://xmpp.@HOST@/upload # put_url: https://@HOST@:5443/upload # hosts: # - xmpp.@HOST@ # docroot: /var/www/upload custom_headers: "Access-Control-Allow-Origin": "*" "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" "Access-Control-Allow-Headers": "Content-Type" mod_last: {} mod_mam: ## Mnesia is limited to 2GB, better to use an SQL backend ## For small servers SQLite is a good fit and is very easy ## to configure. Uncomment this when you have SQL configured: db_type: sql assume_mam_usage: true default: always # mod_mqtt: {} mod_muc: host: chat.dominio.tld access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: mam: true mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_proxy65: access: local max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode plugins: - flat - pep force_node_config: ## Avoid buggy clients to make their bookmarks public storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: ## Only accept registration requests from the "trusted" ## network (see access_rules section above). ## Think twice before enabling registration from any ## address. See the Jabber SPAM Manifesto for details: ## https://github.com/ge0rg/jabber-spam-fighting-manifesto ip_access: trusted_network mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_stun_disco: {} mod_vcard: {} mod_vcard_xupdate: {} mod_version: show_os: false sql_type: pgsql sql_server: "postgres" sql_database: "ejabberd" sql_username: "ejabberd" sql_password: "ejabberdpassword" default_db: sql ### Local Variables: ### mode: yaml ### End: ### vim: set filetype=yaml tabstop=8