Commit a396448d authored by Ave's avatar Ave 🤔

Spam blocking, readme cleanup, config notes

Closes #3
parent 9ec4e2d1
......@@ -2,20 +2,36 @@
a3.pm is an ejabberd instance that intends to be up to date, with as many stock ejabberd features enabled as possible to give the best possible user experience.
This repo contains the config file with minimal differences (we don't commit passwords etc, see comments that say `lavatech` to find those) and the website files.
This repo contains the config file with minimal differences (we simply remove passwords etc) and the website files.
Please keep in mind that we often make use of features that are only available in the latest ejabberd version, so it might not be possible to run the config on anything before the latest release. Also, we use PostgreSQL, so you'll need to import at least [the base scheme](https://github.com/processone/ejabberd/blob/master/sql/pg.new.sql) to be able to run this properly.
If you're moving data from an existing instance to postgresql, you might be interested in [`ejd2sql:export(<<"hostname">>, sql)`](https://docs.ejabberd.im/admin/databases/mysql/#migrating-data-from-internal-database-to-mysql) (this is what I used as other one kept timing out) or [`ejabberdctl export2sql hostname filename`](https://docs.ejabberd.im/admin/guide/managing/#list-of-ejabberd-commands).
Feel free to base your own ejabberd config on this ours. Search for `# lavatech:` in `ejabberd.yml` to see which parts you'll need to modify.
For maximum compliance, you'll need to include equivalent dns records to those in `dns-records` file and include equivalents of the files under `website/.well-known` on a server hosted on your hostname.
---
## ejabberd version
Please keep in mind that we often make use of features that are only available in the latest ejabberd version, so it might not be possible to run the config on anything before the latest release.
Right now, a3.pm ejabberd runs a version of ejabberd we built ourselves with `make distclean && ./autogen.sh && ./configure --disable-elixir --enable-pgsql && make && sudo make install` (thanks a LOT to people on the ejabberd MUC for help with this), as ejabberd 18.12 has a bug with carbons.
Note: 18.12.1 is now officially packaged and released. We might move back to that in the future. You're encouraged to use that instead.
## PostgreSQL
We use PostgreSQL, so you'll need to import at least [the base scheme](https://github.com/processone/ejabberd/blob/master/sql/pg.new.sql) to be able to run this properly.
If you're moving data from an existing database (for ex. mnesia) to postgresql, you might be interested in [`ejd2sql:export(<<"hostname">>, sql)`](https://docs.ejabberd.im/admin/databases/mysql/#migrating-data-from-internal-database-to-mysql) (this is what I used as other one kept timing out) or [`ejabberdctl export2sql $hostname $filename`](https://docs.ejabberd.im/admin/guide/managing/#list-of-ejabberd-commands).
## S2S Blocks
We as a3.pm signed the ["The Jabber Spam Fighting Manifesto"](https://github.com/JabberSPAM/jabber-spam-fighting-manifesto) by jabberSPAM.
To provide the best experience to our users, we follow [jabberSPAM's server blacklist](https://github.com/JabberSPAM/blacklist) by disabling federation with those servers.
We recommend keeping said blocks enabled if you're basing your config on ours, but if you want to disable it, see `bad_servers` section in `ejabberd.yml`.
---
### Licenses
......
......@@ -99,7 +99,7 @@ hide_sensitive_log_data: true
## - "example.org"
##
hosts:
- "a3.pm"
- "a3.pm" # lavatech: set this to your host
##
## route_subdomains: Delegate subdomains to other XMPP servers.
......@@ -116,7 +116,7 @@ hosts:
## automatically by ejabberd.
##
certfiles:
- "/opt/ejabberd/xa3pm.pem"
- "/opt/ejabberd/xa3pm.pem" # lavatech: set this to your cert file
## - "/etc/letsencrypt/live/example.org/*.pem"
## - "/etc/letsencrypt/live/example.com/*.pem"
......@@ -308,7 +308,7 @@ s2s_use_starttls: optional
##
## Default s2s policy for undefined hosts.
##
## s2s_access: s2s
s2s_access: s2s
##
## Outgoing S2S options
......@@ -510,7 +510,7 @@ acl:
##
admin:
user:
- "a@a3.pm"
- "a@a3.pm" # lavatech: change these to your own admins
- "l@a3.pm"
##
......@@ -550,11 +550,11 @@ acl:
##
## Bad XMPP servers
## Based on https://github.com/JabberSPAM/blacklist
##
## bad_servers:
## server:
## - "xmpp.zombie.org"
## - "xmpp.spam.com"
bad_servers:
server:
- "otr.chat"
##
## Define specific ACLs in a virtual host.
......@@ -620,12 +620,10 @@ access_rules:
- allow: loopback
## Do not establish S2S connections with bad servers
## If you enable this you also have to uncomment "s2s_access: s2s"
## s2s:
## - deny:
## - ip: "XXX.XXX.XXX.XXX/32"
## - deny:
## - ip: "XXX.XXX.XXX.XXX/32"
## - allow
s2s:
- deny:
- acl: bad_servers
- allow
## ===============
## API PERMISSIONS
......@@ -716,7 +714,7 @@ captcha_cmd: "/opt/ejabberd/captcha.sh"
##
## Host for the URL and port where ejabberd listens for CAPTCHA requests.
##
captcha_host: "x.a3.pm:5281"
captcha_host: "x.a3.pm:5281" # lavatech: set this to your host
# We don't use %HOST% here as a3.pm is the host while x.a3.pm houses the server
# We could proxy stuff but eh
......@@ -746,7 +744,7 @@ acme:
## A contact mail that the ACME Certificate Authority can contact in case of
## an authorization issue, such as a server-initiated certificate revocation.
## It is not mandatory to provide an email address but it is highly suggested.
contact: "mailto:acmea3pm@ave.zone"
contact: "mailto:acmea3pm@ave.zone" # lavatech: set this to your email
## The ACME Certificate Authority URL.
......@@ -778,11 +776,11 @@ modules:
-
modules: all
name: "abuse-addresses"
urls: ["mailto:xmppabuse@ave.zone"]
urls: ["mailto:xmppabuse@ave.zone"] # lavatech: set this to your email
-
modules: all
name: "security-addresses"
urls: ["mailto:xmppsecurity@ave.zone"]
urls: ["mailto:xmppsecurity@ave.zone"] # lavatech: set this to your email
## mod_echo: {}
## mod_irc: {}
mod_bosh: {}
......@@ -791,7 +789,7 @@ modules:
## accesslog: "/opt/ejabberd-18.09/logs/access.log"
mod_http_upload:
docroot: "@HOME@/upload"
put_url: "https://x.a3.pm:5443"
put_url: "https://x.a3.pm:5443" # lavatech: set this to your host
thumbnail: false # otherwise needs ejabberd to be compiled with libgd support
mod_http_upload_quota:
max_days: 7
......@@ -871,7 +869,7 @@ modules:
## a message with this subject and body.
##
welcome_message:
subject: "Welcome to a3.pm XMPP!"
subject: "Welcome to a3.pm XMPP!" # lavatech: set these to your welcome messages
body: |-
Welcome to a3.pm/LavaTech XMPP service!
We hope you enjoy our service!
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment