DJabberd::Config − Configuration options in djabberd.conf


The following describes the format and allowed options of djabberd.conf. djabberd.conf is formatted similarly to Apache configuration files; that is:

# Lines beginning with '#' are comments
SomeGlobalOption on
# Options herein apply only to this vhost

Configuration directives are not case sensitive. Directives which take a "boolean" value can be passed any commonly-understood expression of a boolean; 1, "y", "yes", "true", "t", "on", "enable", or "enabled" for truth, or 0, "n", "no", "false", "f", "off", "disable", or "disabled" for false.


DeclareMonitor "IP address"
Declares that a given IP address is used only for checking connectivity to the server, and should not be logged or assigned an internal ID. Useful if you have a "nagios" host.

SSLCertificateKeyFile "/path/to/key.pem"
Sets the path to the private key file for the server. This key should be in PEM format and only readable by the server, and is used to encrypt traffic to clients to ask for TLS. If it is not set, the server will not support TLS.

SSLCertificateFile "/path/to/cert.pem"
Sets the path to the certificate file for the server. This certificate should be in PEM format, and will be presented to the clients who ask for TLS. If it is not set, the server will not support TLS.

SSLCertificateChainFile "/path/to/cert−chain.pem"
Sets the path to the certificate chain file for the server. This is needed if the server certificate is signed by an intermediate certificate from a certificate authority. This file should be in PEM format. It must contain the server’s certificate, followed by the intermediate certificates, then finally the root certificate. "SSLCertificateKeyFile" and "SSLCertificateFile" are required when using this option.

OldSSL "boolean"
Defaults to off; if set, the server will also listen on port 5223, and immediately attempt TLS negotiation on all opened connections. As the name implies, this is deprecated, and "StartTLS" stanzas are now the preferred method to enable TLS communication with clients.

UnixDomainSocket "/path/to/socket"
Defaults to unset; if set, specifies the absolute path to a UNIX domain socket to listen on, in addition to any TCP ports (set by "ClientPort" and "ServerPort").

ClientPort "port"
Sets the port to listen for client-to-server connections on; defaults to 5222. May also specify an IP address to bind to, in addition to a port, such as "".

ServerPort "port"
Sets the port to listen for server-to-server connection on; defaults to 5269. If explicitly set to 0, disables server-to-server listening for all virtual hosts. May also specify an IP address to bind to, in addition to a port, such as "".

AdminPort "port"
Sets the port to listen for administrative connections on; defaults to off. For security reasons, you will most certainly want to bind this to a specific IP address, to prevent access by unauthorized users. See DJabberd::Connection::Admin.

IntraDomainListen "port"
Sets the port to listen for inter-cluster messages; defaults to off. Clustering support is still in development.

PidFile "/path/to/pidfile"
If set, writes the server’s PID to the given file.

CaseSensitive "boolean"
If set to a true value, Jabber IDs will be treated as entirely case-sensitive; defaults to off. This setting exists purely for backwards compatibility, as previous versions incorrectly treated Jabber IDs as case-sensitive.

ShareParsers "boolean"
Defaults to on; controls whether DJabberd::XMLParser objects are held onto between stanzas.


Each virtual host is configured with a block which declares the name of the virtual host:

# Configuration for

Virtual hosts can effectively be nested, using the Subdomain block:

# Configuration for
<Subdomain muc>
# Configuration for

QuirksMode "boolean"
Enables or disables "quirks mode"; defaults to on. See doc/quirks−mode.txt for a list of workaround this enables.

S2S "boolean"
Enables or disables server-to-server communication, or "federation." Defaults to off; note that "/ServerPort" being set to 0 will override this configuration.

InBandReg "boolean"
If set, enables in-band registration of new users; defaults to off.

ChildService "JID" "description"
Adds a mapping between a JID on this server, and the given description; this is used for client service auto-discovery.

RequireSSL "boolean"
If set, requires that clients have negotiated a TLS before authentication information is sent.


Plugins can only be configured on a per virtual host basis. Each plugin defines its own configuration parameters. Plugins bundled with the base DJabberd server include:

Delivery through a JEP−0114 component connection.


Delivery to local users; implicitly added by default.


Delivery via server-to-server connection; implicitly added if "S2S" is enabled.


Delivery to locally configured virtual hosts; implicitly added between a virtual host and all of its configured subdomains.


Store rosters in memory only. See DJabberd::RosterStorage::SQLite for a common, more persistent, alternative.


Only allow the given users to connect.


Set a static password for all users.


Store users’ correct passwords (set on in-band registration, for instance) in memory only.


Provides an alternative interface to DJabberd::Connection::Admin for certain users.

DJabberd::SASL and subclasses

Enables a particular type of SASL negotiation.