From 9febe4e86bd27e1ff3dd00c577265d8612c4d009 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 14 Feb 2021 10:47:50 +0100
Subject: [PATCH] [Ejabberd] Require s2s TLS, enforce protocols and ciphers,
 move admin UI (WIP)

---
 data/conf/ejabberd/ejabberd.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/data/conf/ejabberd/ejabberd.yml b/data/conf/ejabberd/ejabberd.yml
index b53afeba..8ed5a668 100644
--- a/data/conf/ejabberd/ejabberd.yml
+++ b/data/conf/ejabberd/ejabberd.yml
@@ -29,6 +29,12 @@ define_macro:
     - "cipher_server_preference"
     - "no_compression"
 
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+s2s_use_starttls: required
+
 new_sql_schema: true
 sql_type: sqlite
 sql_database: /sqlite/sqlite.db
@@ -66,8 +72,13 @@ listen:
     ip: "::"
     module: ejabberd_http
     request_handlers:
-      /admin: ejabberd_web_admin
       /api: mod_http_api
+  -
+    port: 5282
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      /xmpp: ejabberd_web_admin
   -
     module: ejabberd_http
     port: 5281
@@ -79,8 +90,6 @@ listen:
     module: mod_mqtt
     backlog: 1000
 
-s2s_use_starttls: optional
-
 acme:
   auto: true