[Ejabberd] Require s2s TLS, enforce protocols and ciphers, move admin UI (WIP)

2021-02-14 10:47:50 +01:00 · 2021-02-14 10:47:50 +01:00 · 9febe4e86b
parent 38e5dc37d2
commit 9febe4e86b
1 changed files with 12 additions and 3 deletions
--- a/data/conf/ejabberd/ejabberd.yml
+++ b/data/conf/ejabberd/ejabberd.yml
@ -29,6 +29,12 @@ define_macro:
    - "cipher_server_preference"
    - "no_compression"

+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+s2s_use_starttls: required
+
 new_sql_schema: true
 sql_type: sqlite
 sql_database: /sqlite/sqlite.db
@ -66,8 +72,13 @@ listen:
    ip: "::"
    module: ejabberd_http
    request_handlers:
-      /admin: ejabberd_web_admin
      /api: mod_http_api
+  -
+    port: 5282
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      /xmpp: ejabberd_web_admin
  -
    module: ejabberd_http
    port: 5281
@ -79,8 +90,6 @@ listen:
    module: mod_mqtt
    backlog: 1000

-s2s_use_starttls: optional
-
 acme:
  auto: true