<!-- Router configuration -->
<router>
<!-- ID of the router on the network (default: router) -->
<id>router</id>
<!-- The process ID file. comment this out if you don't need to know
to know the process ID from outside the process (eg for control
scripts) -->
<pidfile>/var/run/jabberd/router.pid</pidfile>
<!-- Log configuration - type is "syslog", "file" or "stdout" -->
<log type='syslog'>
<!-- If logging to syslog, this is the log ident -->
<ident>jabberd/router</ident>
<!-- If logging to syslog, this is the log facility
(local0 - local7) [default: local3] -->
<facility>local3</facility>
<!-- If logging to file, this is the filename of the logfile -->
<!--
<file>/usr/var/jabberd/log/router.log</file>
-->
</log>
<!-- If enabled (set to "1"), this turns on message logging to a flat file. -->
<message_logging_enabled>0</message_logging_enabled>
<!-- If message logging is enabled, what directory to log to -->
<message_logging_dir>/var/jabberd/message_archives</message_logging_dir>
<!-- If message logging is enabled, what filename to log to -->
<message_logging_file>jabberd_user_messages.log</message_logging_file>
<!-- If message logging is enabled, how often to roll logs (days) (0 to disable) -->
<message_logging_roll_days>7</message_logging_roll_days>
<!-- If message logging is enabled, roll logs if they get larger than this (megabytes) (0 to disable) -->
<message_logging_roll_megs>256</message_logging_roll_megs>
<!-- If enabled (set to "1"), and message_logging_enabled is enabled, include group chats in log -->
<log_group_chats>1</log_group_chats>
<!-- If defined, and log_group_chats is enabled, any message sent from this component name will not
be logged. The purpose of this preference is to prevent router from logging multiple copies
of messages sent to MUC chat rooms. To prevent the logging of duplicates, this preference should
match your MUC component's name. Messages sent to MUC will still be logged. -->
<filter_muc_messages_from>conference.@HOSTNAME@</filter_muc_messages_from>
<!-- Local network configuration -->
<local>
<!-- IP address to bind to (default: 0.0.0.0) -->
<ip>127.0.0.1</ip>
<!-- Port to bind to (default: 5347) -->
<port>5347</port>
<!-- File containing the user table. This is where the router gets
its component and secret information from for component
authentication.-->
<users>/private/etc/jabberd/router-users.xml</users>
<!-- Shared secret used to identify legacy components (that is,
"jabber:component:accept" components that authenticate using
the "handshake" method). If this is commented out, support for
legacy components will be disabled. -->
<secret>@ROUTERPASSWORD@</secret>
<!-- File containing a SSL certificate and private key for client
connections. If this is commented out, connecting components
will not be able to request a SSL-encrypted channel. -->
<pemfile>/etc/certificates/Default.crtkey</pemfile>
</local>
<!-- Timed checks -->
<check>
<!-- Interval between checks.
Checks will be run every n seconds.
0 disables all checks. (default: 60) -->
<interval>60</interval>
<!-- Keepalives.
Connections that have not been used for longer than
this many seconds will have a single whitespace character sent
to them. This will force the TCP connection to be closed if
they have disconnected without us knowing about it.
0 disables keepalives. (default: 0) -->
<keepalive>0</keepalive>
</check>
<!-- input/output settings -->
<io>
<!-- Maximum number of file descriptors. Note that the number of
possible connections will be slightly less than this, because
the router itself can use up four on its own. If the supply of
file descriptors is exhausted, new incoming connections will be
denied (default: 1024) -->
<max_fds>11000</max_fds>
<!-- Rate limiting -->
<limits>
<!-- Maximum bytes per second - if more than X bytes are sent in Y
seconds, connection is throttled for Z seconds. The format
is:
<bytes seconds='Y' throttle='Z'>X</bytes>
Default Y is 1, default Z is 5. set X to 0 to disable. -->
<bytes>0</bytes>
<!-- Maximum connects per second - if more than X connects are
attempted from a single IP in Y seconds, that IP is throttled
for Z seconds. The format is:
<connects seconds='Y' throttle='Z'>X</connects>
Default Y is 5, default Z is 5. set X to 0 to disable. -->
<connects>0</connects>
</limits>
<!-- IP-based access controls. If a connection IP matches an allow
rule, the connection will be accepted. If a connecting IP
matches a deny rule, the connection will be refused. If the
connecting IP does not match any rules, or it matches both an
allow and a deny rule, the contents of the <order/> option
determines what happens. -->
<access>
<!-- Rule check order (default: allow,deny)
allow,deny - Check allow rules, then check deny rules.
Allow by default.
deny,allow - Check deny rules, then check allow rules.
Deny by default. -->
<order>allow,deny</order>
<!-- Allow a network. If the mask isn't specified, it defaults to
255.255.255.255 (ie allow onle the specified IP) -->
<!--
<allow ip='127.0.0.0' mask='255.0.0.0'/>
-->
<!-- Allow a single host -->
<!--
<allow ip='12.34.56.78'/>
-->
<!-- Deny a network or a host -->
<!--
<deny ip='127.0.0.1' mask='255.0.0.0'/>
<deny ip='87.65.43.21'/>
-->
</access>
</io>
<!-- Name aliases.
Packets destined for the domain specified in the "name" attribute
will be routed to the component that has currently bound the name
in the "target" attribute (assuming it is online).
This is usually only required for some kinds of legacy
components (particularly jabberd 1.4 "uplink" components) -->
<aliases>
<!-- Example for a MUC component running from a jabberd 1.4 uplink -->
<!--
<alias name='conference.domain.com' target='muclinker'/>
-->
</aliases>
<!-- Access control information -->
<aci>
<!-- The usernames listed here will get access to all restricted
functions, regardless of restrictions further down -->
<acl type='all'>
<user>jabberd</user>
</acl>
<!-- These users can bind names other than their username -->
<!--
<acl type='bind'>
</acl>
-->
<!-- These users can bind a name as a default route -->
<!--
<acl type='default-route'>
<user>s2s</user>
</acl>
-->
<!-- These users can elect to receive all packets that pass through the router -->
<acl type='log'> <!-- DEBUG -->
<user>jabberd</user>
</acl>
</aci>
</router>