router.xml.dist   [plain text]

<!-- Router configuration -->
  <!-- ID of the router on the network (default: router) -->

  <!-- The process ID file. Comment this out if you don't need to know
       the process ID from outside the process (eg for control scripts) -->

  <!-- Log configuration - type is "syslog", "file" or "stdout" -->
  <log type='syslog'>
    <!-- If logging to syslog, this is the log ident -->

    <!-- If logging to syslog, this is the log facility
         (local0 - local7, log_user)                        [default: local3] -->

    <!-- If logging to file, this is the filename of the logfile -->

  <!-- If enabled (set to "1"), this turns on message logging to a flat file. -->

  <!-- If message logging is enabled, what directory to log to -->

  <!-- If message logging is enabled, what filename to log to -->

  <!-- If message logging is enabled, how often to roll logs (days) (0 to disable) -->

  <!-- If message logging is enabled, roll logs if they get larger than this (megabytes) (0 to disable) -->

  <!-- If defined, any message sent from this component name will not
        be logged.  The purpose of this preference is to prevent router from logging multiple copies
        of messages sent to MUC chat rooms.  To prevent the logging of duplicates, this preference should
        match your MUC component's name.  Messages sent to MUC will still be logged.  -->

  <!-- Local network configuration -->
    <!-- IP address to bind to (default: -->

    <!-- Port to bind to (default: 5347) -->

    <!-- File containing the user table. This is where the router gets
         its component and secret information from for component

    <!-- Shared secret used to identify XEP-0114 components (that is,
         "jabber:component:accept" components that authenticate using
         the Jabber Component Protocol's "handshake", for example
         mu-conference). If this is commented out, support for XEP-0114
         components will be disabled. -->

    <!-- File containing an SSL certificate and private key for client
         connections. From SSL_CTX_use_certificate_chain_file(3):
         "The certificates must be in PEM format and must be sorted
         starting with the subject's certificate (actual client or
         server certificate), followed by intermediate CA certificates
         if applicable, and ending at the highest level (root) CA"
         (the latter one being optional).
         If this is commented out, connecting components will not be able
         to request an SSL-encrypted channel. -->

    <!-- Password for private key if key in pemfile is encrypted -->

  <!-- Timed checks -->
    <!-- Interval between checks.

         Checks will be run every n seconds.

         0 disables all checks.                       (default: 60) -->

    <!-- Keepalives.
         Connections that have not been used for longer than
         this many seconds will have a single whitespace character sent
         to them. This will force the TCP connection to be closed if
         they have disconnected without us knowing about it.
         0 disables keepalives.                       (default: 0) -->


  <!-- input/output settings -->
    <!-- Maximum number of file descriptors. Note that the number of
         possible connections will be slightly less than this, because
         the router itself can use up four on its own. If the supply of
         file descriptors is exhausted, new incoming connections will be

         These file descriptors are really only used when a component
         connects to the router. So unless you have a lot of components
         for some reason then you probably don't need to change this

         (default: 1024) -->

    <!-- Rate limiting -->
      <!-- Maximum bytes per second - if more than X bytes are sent in Y
           seconds, connection is throttled for Z seconds. The format

             <bytes seconds='Y' throttle='Z'>X</bytes>

           Default Y is 1, default Z is 5. set X to 0 to disable. -->

      <!-- Maximum connects per second - if more than X connects are
           attempted from a single IP in Y seconds, that IP is throttled
           for Z seconds. The format is:

             <connects seconds='Y' throttle='Z'>X</connects>

           Default Y is 5, default Z is 5. set X to 0 to disable. -->

    <!-- IP-based access controls. If a connection IP matches an allow
         rule, the connection will be accepted. If a connecting IP
         matches a deny rule, the connection will be refused. If the
         connecting IP does not match any rules, or it matches both an
         allow and a deny rule, the contents of the <order/> option
         determines what happens. -->
      <!-- Rule check order (default: allow,deny)

           allow,deny - Check allow rules, then check deny rules.
                        Allow by default.
           deny,allow - Check deny rules, then check allow rules.
                        Deny by default. -->

      <!-- Allow a network. If the mask isn't specified, it defaults to
  (ie allow onle the specified IP) -->
      <allow ip='' mask=''/>

      <!-- Allow a single host -->
      <allow ip=''/>

      <!-- Deny a network or a host -->
      <deny ip='' mask=''/>
      <deny ip=''/>

  <!-- Name aliases.

       Packets destined for the domain specified in the "name" attribute
       will be routed to the component that has currently bound the name
       in the "target" attribute (assuming it is online).

       This is usually only required for some kinds of legacy
       components (particularly jabberd 1.4 "uplink" components) -->
    <!-- Example for a MUC component running from a jabberd 1.4 uplink -->
    <alias name='' target='muclinker'/>

  <!-- Access control information -->
    <!-- The usernames listed here will get access to all restricted
         functions, regardless of restrictions further down -->
    <acl type='all'>

    <!-- These users can bind names other than their username -->
    <acl type='bind'>

    <!-- These users can bind a name as a default route -->
    <acl type='default-route'>

    <!-- These users can elect to receive all packets that pass through the router -->
    <acl type='log'>

    <!-- File containing packet filter rules.
         May be used for fine grained packet routing control. -->
    <!-- <filter>/private/etc/jabberd/router-filter.xml</filter> -->


  vim: syntax=xml