solus-hq · April 30, 2019 07:36 · Apr 13, 2018 · Apr 13, 2018 · Apr 13, 2018 · Apr 13, 2018
diff --git a/prosody-to-ejabberd-migration.md b/prosody-to-ejabberd-migration.md
@@ -422,4 +422,9 @@ $ chown root:ejabberd -R /var/lib/prosody/
 `$ ejabberdctl import_prosody /var/lib/prosody/`
 
 ### Differences
-Prosody's module `mod_mam`, is enabling archive by default. On Ejabberd, it has to be explicitely configured.
+Prosody's module `mod_mam`, is enabling archive by default. On Ejabberd, it has to be explicitely configured:
+
+```yaml
+  mod_mam:
+    default: always
+```
diff --git a/prosody-to-ejabberd-migration.md b/prosody-to-ejabberd-migration.md
@@ -4,7 +4,7 @@ After some time with Prosody 0.10 on Debian 9, I wanted to test Ejabberd. You'll
 
 ## Steps
 ### Packages installation
-The most recent (early March 2018) version can be found in Stretch's backports repository:
+The most recent version can be found in Stretch's backports repository:
 ```bash
 cat <<EOF | sudo tee /etc/apt/sources.list.d/backports.list
 deb http://ftp.debian.org/debian stretch-backports main

diff --git a/prosody-to-ejabberd-migration.md b/prosody-to-ejabberd-migration.md
@@ -1,8 +1,10 @@
-Souhaitant tester Ejabberd dont le développement est très actif depuis l'année dernière, je me suis décidé à migrer mon instance Jabber actuellement gérée par Prosody. La procédure a été suivie sur une Debian Stretch (9.3) avec Prosody 0.10.
+*First redacted on early March 2018.*
+
+After some time with Prosody 0.10 on Debian 9, I wanted to test Ejabberd. You'll find below steps for doing such migration.
 
 ## Steps
 ### Packages installation
-The most recent (January 2018) version can be found in Stretch's backports repository:
+The most recent (early March 2018) version can be found in Stretch's backports repository:
 ```bash
 cat <<EOF | sudo tee /etc/apt/sources.list.d/backports.list
 deb http://ftp.debian.org/debian stretch-backports main
@@ -179,15 +181,15 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
 ```
 
 ```diff
---- ejabberd.yml.bak    2018-03-12 13:14:31.444628397 +0100
-+++ ejabberd.yml        2018-03-15 23:00:05.612048546 +0100
+--- ejabberd.yml.bak	2018-03-12 13:14:31.444628397 +0100
++++ ejabberd.yml	2018-04-06 19:36:33.246492387 +0200
 @@ -81,7 +81,8 @@
  ##   - "example.org"
  ##
  hosts:
 -  - "localhost"
 +  - "example.com"
-+  - "example.net"
++  - "example.org"
 
  ##
  ## route_subdomains: Delegate subdomains to other XMPP servers.
@@ -197,9 +199,9 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
  certfiles:
 -  - "/etc/ejabberd/ejabberd.pem"
 +  - "/etc/ejabberd/xmpp.example.com.key"
-+  - "/etc/ejabberd/xmpp.example.net.key"
++  - "/etc/ejabberd/xmpp.example.org.key"
 +  - "/etc/letsencrypt/pem/xmpp.example.com.pem"
-+  - "/etc/letsencrypt/pem/xmpp.example.net.pem"
++  - "/etc/letsencrypt/pem/xmpp.example.org.pem"
 
  ## If your system provides only a single CA file (CentOS/FreeBSD):
  ## ca_file: "/etc/ssl/certs/ca-bundle.pem"
@@ -212,7 +214,27 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
 
  ## c2s_dhfile: 'DH_FILE'
  ## s2s_dhfile: 'DH_FILE'
-@@ -149,7 +153,7 @@
+@@ -143,13 +147,27 @@
+     max_stanza_size: 65536
+     shaper: c2s_shaper
+     access: c2s
++  ##
++  ## Direct-TLS for C2S (XEP-0368). A good practice is to forward
++  ## traffic from port 443 to this port, possibly multiplexing it
++  ## with HTTP using e.g. sslh [https://wiki.xmpp.org/web/Tech_pages/XEP-0368],
++  ## so modern clients can bypass restrictive firewalls (in airports, hotels, etc.).
++  ##
++  -
++    port: 5223
++    ip: "::"
++    module: ejabberd_c2s
++    tls: true
++    max_stanza_size: 65536
++    shaper: c2s_shaper
++    access: c2s
+   -
+     port: 5269
+     ip: "::"
      module: ejabberd_s2s_in
    -
      port: 5280
@@ -221,7 +243,7 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
      module: ejabberd_http
      request_handlers:
        "/ws": ejabberd_http_ws
-@@ -157,9 +161,9 @@
+@@ -157,9 +175,9 @@
        "/api": mod_http_api
      ##  "/pub/archive": mod_http_fileserver
      web_admin: true
@@ -234,7 +256,7 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
      protocol_options: 'TLS_OPTIONS'
 
    ##
-@@ -212,16 +216,16 @@
+@@ -212,16 +230,16 @@
    ##
    ## To enable secure http upload
    ##
@@ -261,12 +283,12 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
 
  ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
  ## password storage (see auth_password_format option).
-@@ -436,8 +440,12 @@
+@@ -436,8 +454,12 @@
    ##
    admin:
       user:
 -       - ""
-+       - "theadmin": "example.com"
++       - "user1": "example.com"
 
 +  shortname:
 +    user_glob:
@@ -275,7 +297,7 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
    ##
    ## Blocked users
    ##
-@@ -533,7 +541,8 @@
+@@ -533,7 +555,8 @@
    ## In-band registration allows registration of any possible username.
    ## To disable in-band registration, replace 'allow' with 'deny'.
    register:
@@ -285,7 +307,7 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
    ## Only allow to register from localhost
    trusted_network:
      - allow: loopback
-@@ -595,7 +604,7 @@
+@@ -595,7 +618,7 @@
 
  ## By default the frequency of account registrations from the same IP
  ## is limited to 1 account every 10 minutes. To disable, specify: infinity
@@ -294,7 +316,7 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
 
  ##
  ## Define specific Access Rules in a virtual host.
-@@ -630,12 +639,13 @@
+@@ -630,12 +653,13 @@
  ##
  ## Full path to a script that generates the image.
  ##
@@ -305,11 +327,11 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
  ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
  ##
  ## captcha_host: "example.org:5280"
-+captcha_host: "https://xmpp.example.net:443"
++captcha_host: "https://xmpp.example.com:443"
 
  ##
  ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
-@@ -691,22 +701,25 @@
+@@ -691,22 +715,25 @@
    ## mod_delegation: {}   # for xep0356
    mod_disco: {}
    mod_echo: {}
@@ -341,11 +363,11 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
    mod_muc:
      ## host: "conference.@HOST@"
      access:
-@@ -715,6 +728,12 @@
+@@ -715,6 +742,12 @@
        - allow: admin
      access_create: muc_create
      access_persistent: muc_create
-+    max_user_conferences: 25
++    max_user_conferences: 75
 +    default_room_options:
 +      mam: true
 +      persistent: true
@@ -354,7 +376,7 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
    mod_muc_admin: {}
    ## mod_muc_log: {}
    ## mod_multicast: {}
-@@ -740,11 +759,11 @@
+@@ -740,11 +773,11 @@
        - "pep"   # pep requires mod_caps
    mod_push: {}
    mod_push_keepalive: {}
@@ -368,18 +390,18 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
    ##
    ## Set the minimum informational entropy for passwords.
    ##
-@@ -762,8 +781,8 @@
+@@ -762,8 +795,8 @@
    ## When a user registers, send a notification to
    ## these XMPP accounts.
    ##
 -  ##   registration_watchers:
 -  ##     - "[email protected]"
 +    registration_watchers:
-+      - "theadmin@example.com"
++      - "user1@example.com"
    ##
    ## Only clients in the server machine can register accounts
    ##
-@@ -773,6 +792,8 @@
+@@ -773,6 +806,8 @@
    ##
    ##   access_from: deny
    ##   access: register

diff --git a/prosody-to-ejabberd-migration.md b/prosody-to-ejabberd-migration.md
@@ -1,14 +1,14 @@
 Souhaitant tester Ejabberd dont le développement est très actif depuis l'année dernière, je me suis décidé à migrer mon instance Jabber actuellement gérée par Prosody. La procédure a été suivie sur une Debian Stretch (9.3) avec Prosody 0.10.
 
-## Étapes
-### Installation paquets
-La version la plus récente est disponible dans les dépôts backports de Stretch :
+## Steps
+### Packages installation
+The most recent (January 2018) version can be found in Stretch's backports repository:
 ```bash
 cat <<EOF | sudo tee /etc/apt/sources.list.d/backports.list
 deb http://ftp.debian.org/debian stretch-backports main
 EOF
 ```
-On vérifie :
+Ensuring package is available:
 ```bash
 $ apt update
 $ apt-cache policy ejabberd
@@ -21,13 +21,13 @@ ejabberd:
      16.09-4 500
         500 http://mirrors.online.net/debian stretch/main amd64 Packages
 ```
-et on installe :
+and installation:
 ```bash
 $ apt -t stretch-backports install ejabberd
-$ apt install erlang-luerl  # pour migrer les données
+$ apt install erlang-luerl  # for data migration
 ```
 
-### Configuration des entrées DNS
+### DNS entries
 ```
 conference.example.com IN CNAME
 echo.example.com IN CNAME
@@ -47,8 +47,8 @@ _xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com.
 _xmpp-server._tcp.conference.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com.
 ```
 
-### Utilisation nginx comme proxy inverse
-Plutôt que d'exposer le serveur web d'ejabberd directement, on va utiliser nginx en terminaison TLS pour les différents services HTTP.
+### Using Nginx as a reverse-proxy
+Which will ends TLS connections:
 
 ```nginx
 server {
@@ -108,7 +108,7 @@ server {
 }
 ```
 
-Et le vhost spécique pour la fonctionnalité `http_upload` :
+Dedicated vhosts for `http_upload` :
 ```nginx
 server {
   listen 80;
@@ -164,14 +164,14 @@ server {
 }
 ```
 
-### Configuration ejabberd
-Création d'un dhparams :
+### ejabberd configuration
+dhparams creation:
 ```bash
 $ openssl dhparam -out /etc/ejabberd/dhparams.pem 2048
 $ chown ejabberd: /etc/ejabberd/dhparams.pem
 ```
 
-et copie de la clé privée :
+Let's copy the private key:
 ```bash
 $ cp /etc/letsencrypt/private/xmpp.example.com.pem /etc/ejabberd
 $ chown ejabberd: /etc/ejabberd/xmpp.example.com.pem
@@ -390,22 +390,14 @@ $ chmod 400 /etc/ejabberd/xmpp.example.com.pem
    mod_shared_roster: {}
 ```
 
-### Import des données Prosody
-On s'assure d'abord que l'utilisateur `ejabberd` puisse lire les données stockées par Prosody :
+### Importing Prosody data
+`ejabberd` user must be able to read Prosody data:
 ```bash
 $ chmod 770 -R /var/lib/prosody/
 $ chown root:ejabberd -R /var/lib/prosody/
 ```
 
 `$ ejabberdctl import_prosody /var/lib/prosody/`
 
-### Différence de comportement
-Le module Prosody `mod_mam` a pour comportement par défaut
-
-| option                 | type                  | default |
-|------------------------|-----------------------|---------|
-| default_archive_policy | `boolean` or 'roster' | `true`  |
-|                        |                       |         |
-
-
-ce qui fait que Conversations active l'archivage par défaut alors qu'Ejabberd est à false par défaut
+### Differences
+Prosody's module `mod_mam`, is enabling archive by default. On Ejabberd, it has to be explicitely configured.
diff --git a/prosody-to-ejabberd-migration.md b/prosody-to-ejabberd-migration.md
@@ -0,0 +1,411 @@
+Souhaitant tester Ejabberd dont le développement est très actif depuis l'année dernière, je me suis décidé à migrer mon instance Jabber actuellement gérée par Prosody. La procédure a été suivie sur une Debian Stretch (9.3) avec Prosody 0.10.
+
+## Étapes
+### Installation paquets
+La version la plus récente est disponible dans les dépôts backports de Stretch :
+```bash
+cat <<EOF | sudo tee /etc/apt/sources.list.d/backports.list
+deb http://ftp.debian.org/debian stretch-backports main
+EOF
+```
+On vérifie :
+```bash
+$ apt update
+$ apt-cache policy ejabberd
+ejabberd:
+  Installed: (none)
+  Candidate: 16.09-4
+  Version table:
+     18.01-2~bpo9+1 100
+        100 http://ftp.debian.org/debian stretch-backports/main amd64 Packages
+     16.09-4 500
+        500 http://mirrors.online.net/debian stretch/main amd64 Packages
+```
+et on installe :
+```bash
+$ apt -t stretch-backports install ejabberd
+$ apt install erlang-luerl  # pour migrer les données
+```
+
+### Configuration des entrées DNS
+```
+conference.example.com IN CNAME
+echo.example.com IN CNAME
+jabber.example.com IN CNAME
+proxy.example.com IN CNAME
+pubsub.example.com IN CNAME
+share.example.com IN CNAME
+status.example.com IN CNAME
+example.com IN CNAME
+www.example.com IN CNAME
+xmpp.example.com IN A
+xmpp.example.com IN AAAA
+xmpps.example.com IN CNAME
+
+_xmpp-client._tcp.example.com. 18000 IN SRV 0 5 5222 xmpp.example.com.
+_xmpp-server._tcp.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com.
+_xmpp-server._tcp.conference.example.com. 18000 IN SRV 0 5 5269 xmpp.example.com.
+```
+
+### Utilisation nginx comme proxy inverse
+Plutôt que d'exposer le serveur web d'ejabberd directement, on va utiliser nginx en terminaison TLS pour les différents services HTTP.
+
+```nginx
+server {
+  listen 80;
+  listen [::]:80;
+  server_name example.com xmpp.example.com conference.example.com pubsub.example.com xmpps.example.com proxy.example.com status.example.com www.example.com echo.example.com;
+
+  root /var/www/example.com/xmpp;
+  index index.php index.html;
+
+  location ^~ /.well-known/acme-challenge/ {
+    alias /etc/letsencrypt/challenges/xmpp.example.com/;
+    try_files $uri =404;
+  }
+
+  include snippets/security.conf;
+
+  location / {
+    return 301 https://$server_name$request_uri;
+  }
+
+  access_log /var/log/nginx/example.com/xmpp.access.log;
+  error_log /var/log/nginx/example.com/xmpp.error.log;
+
+  # DEBUG ONLY
+  #rewrite_log on;
+  #error_log /var/log/nginx/example.com/xmpp.error.log debug;
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name example.com xmpp.example.com conference.example.com pubsub.example.com xmpps.example.com proxy.example.com status.example.com www.example.com echo.example.com;
+
+  root /var/www/example.com/xmpp/home;
+  index index.php index.html;
+
+  # ssl part
+  include ssl.conf;
+  ssl_certificate_key /etc/letsencrypt/private/xmpp.example.com.key;
+  ssl_certificate /etc/letsencrypt/pem/xmpp.example.com.pem;
+
+  location /admin {
+    proxy_set_header Host $host;
+    proxy_pass http://127.0.0.1:5280;
+    proxy_set_header X-Forwarded-Port 443;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  access_log /var/log/nginx/example.com/xmpp.access.log;
+  error_log /var/log/nginx/example.com/xmpp.error.log;
+  # DEBUG ONLY
+  #rewrite_log on;
+  #error_log /var/log/nginx/example.com/xmpp.error.log debug;
+}
+```
+
+Et le vhost spécique pour la fonctionnalité `http_upload` :
+```nginx
+server {
+  listen 80;
+  listen [::]:80;
+  server_name share.example.com;
+
+  root /var/www/example.com/share;
+  index index.php index.html;
+
+  location ^~ /.well-known/acme-challenge/ {
+    alias /etc/letsencrypt/challenges/xmpp.example.com/;
+    try_files $uri =404;
+  }
+
+  include snippets/security.conf;
+
+  location / {
+    return 301 https://share.example.com$request_uri;
+  }
+
+  access_log /var/log/nginx/example.com/share.access.log;
+  error_log /var/log/nginx/example.com/share.error.log;
+
+  # DEBUG ONLY
+  #rewrite_log on;
+  #error_log /var/log/nginx/example.com/share.error.log debug;
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name share.example.com ;
+
+  root /var/www/example.com/share;
+  index index.php index.html;
+
+  # ssl part
+  include ssl.conf;
+  ssl_certificate_key /etc/letsencrypt/private/xmpp.example.com.key;
+  ssl_certificate /etc/letsencrypt/pem/xmpp.example.com.pem;
+
+  location / {
+    proxy_set_header Host $host;
+    proxy_pass http://localhost:5444;
+    proxy_set_header X-Forwarded-Port 443;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  access_log /var/log/nginx/example.com/share.access.log;
+  error_log /var/log/nginx/example.com/share.error.log;
+}
+```
+
+### Configuration ejabberd
+Création d'un dhparams :
+```bash
+$ openssl dhparam -out /etc/ejabberd/dhparams.pem 2048
+$ chown ejabberd: /etc/ejabberd/dhparams.pem
+```
+
+et copie de la clé privée :
+```bash
+$ cp /etc/letsencrypt/private/xmpp.example.com.pem /etc/ejabberd
+$ chown ejabberd: /etc/ejabberd/xmpp.example.com.pem
+$ chmod 400 /etc/ejabberd/xmpp.example.com.pem
+```
+
+```diff
+--- ejabberd.yml.bak    2018-03-12 13:14:31.444628397 +0100
++++ ejabberd.yml        2018-03-15 23:00:05.612048546 +0100
+@@ -81,7 +81,8 @@
+ ##   - "example.org"
+ ##
+ hosts:
+-  - "localhost"
++  - "example.com"
++  - "example.net"
+
+ ##
+ ## route_subdomains: Delegate subdomains to other XMPP servers.
+@@ -98,7 +99,10 @@
+ ## automatically by ejabberd.
+ ##
+ certfiles:
+-  - "/etc/ejabberd/ejabberd.pem"
++  - "/etc/ejabberd/xmpp.example.com.key"
++  - "/etc/ejabberd/xmpp.example.net.key"
++  - "/etc/letsencrypt/pem/xmpp.example.com.pem"
++  - "/etc/letsencrypt/pem/xmpp.example.net.pem"
+
+ ## If your system provides only a single CA file (CentOS/FreeBSD):
+ ## ca_file: "/etc/ssl/certs/ca-bundle.pem"
+@@ -117,7 +121,7 @@
+     - "no_tlsv1"
+     - "cipher_server_preference"
+     - "no_compression"
+-  ## 'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
++  'DH_FILE': "/etc/ejabberd/dhparams.pem"
+
+ ## c2s_dhfile: 'DH_FILE'
+ ## s2s_dhfile: 'DH_FILE'
+@@ -149,7 +153,7 @@
+     module: ejabberd_s2s_in
+   -
+     port: 5280
+-    ip: "::"
++    ip: "127.0.0.1"
+     module: ejabberd_http
+     request_handlers:
+       "/ws": ejabberd_http_ws
+@@ -157,9 +161,9 @@
+       "/api": mod_http_api
+     ##  "/pub/archive": mod_http_fileserver
+     web_admin: true
+-    ## register: true
+-    ## captcha: true
+-    tls: true
++    register: true
++    captcha: true
++    tls: false
+     protocol_options: 'TLS_OPTIONS'
+
+   ##
+@@ -212,16 +216,16 @@
+   ##
+   ## To enable secure http upload
+   ##
+-  ## -
+-  ##   port: 5444
+-  ##   ip: "::"
+-  ##   module: ejabberd_http
+-  ##   request_handlers:
+-  ##     "": mod_http_upload
+-  ##   tls: true
+-  ##   protocol_options: 'TLS_OPTIONS'
+-  ##   dhfile: 'DH_FILE'
+-  ##   ciphers: 'TLS_CIPHERS'
++  -
++    port: 5444
++    ip: "127.0.0.1"
++    module: ejabberd_http
++    request_handlers:
++      "": mod_http_upload
++    tls: false
++    protocol_options: 'TLS_OPTIONS'
++    dhfile: 'DH_FILE'
++    ciphers: 'TLS_CIPHERS'
+
+ ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
+ ## password storage (see auth_password_format option).
+@@ -436,8 +440,12 @@
+   ##
+   admin:
+      user:
+-       - ""
++       - "theadmin": "example.com"
+
++  shortname:
++    user_glob:
++      - "?"
++      - "??"
+   ##
+   ## Blocked users
+   ##
+@@ -533,7 +541,8 @@
+   ## In-band registration allows registration of any possible username.
+   ## To disable in-band registration, replace 'allow' with 'deny'.
+   register:
+-    - allow
++    - deny: shortname
++    - allow: all
+   ## Only allow to register from localhost
+   trusted_network:
+     - allow: loopback
+@@ -595,7 +604,7 @@
+
+ ## By default the frequency of account registrations from the same IP
+ ## is limited to 1 account every 10 minutes. To disable, specify: infinity
+-## registration_timeout: 600
++registration_timeout: 3600
+
+ ##
+ ## Define specific Access Rules in a virtual host.
+@@ -630,12 +639,13 @@
+ ##
+ ## Full path to a script that generates the image.
+ ##
+-## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
++captcha_cmd: "/usr/share/ejabberd/captcha.sh"
+
+ ##
+ ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
+ ##
+ ## captcha_host: "example.org:5280"
++captcha_host: "https://xmpp.example.net:443"
+
+ ##
+ ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
+@@ -691,22 +701,25 @@
+   ## mod_delegation: {}   # for xep0356
+   mod_disco: {}
+   mod_echo: {}
+-  mod_irc: {}
++  #mod_irc: {}
+   mod_bosh: {}
+   ## mod_http_fileserver:
+   ##   docroot: "/var/www"
+   ##   accesslog: "/var/log/ejabberd/access.log"
+-  ## mod_http_upload:
+-  ##   # docroot: "@HOME@/upload"
+-  ##   put_url: "https://@HOST@:5444"
+-  ##   thumbnail: false # otherwise needs the identify command from ImageMagick installed
++  mod_http_upload:
++    host: "share.@HOST@"
++    docroot: "@HOME@/upload"
++    put_url: "https://share.@HOST@"
++    thumbnail: false # otherwise needs the identify command from ImageMagick installed
++    max_size: 209715200 # 200 MiB
+   ## mod_http_upload_quota:
+   ##   max_days: 30
+   mod_last: {}
+   ## XEP-0313: Message Archive Management
+   ## You might want to setup a SQL backend for MAM because the mnesia database is
+   ## limited to 2GB which might be exceeded on large servers
+-  ## mod_mam: {} # for xep0313, mnesia is limited to 2GB, better use an SQL backend
++  mod_mam: # for xep0313, mnesia is limited to 2GB, better use an SQL backend
++    default: always
+   mod_muc:
+     ## host: "conference.@HOST@"
+     access:
+@@ -715,6 +728,12 @@
+       - allow: admin
+     access_create: muc_create
+     access_persistent: muc_create
++    max_user_conferences: 25
++    default_room_options:
++      mam: true
++      persistent: true
++      public: false
++      public_list: false
+   mod_muc_admin: {}
+   ## mod_muc_log: {}
+   ## mod_multicast: {}
+@@ -740,11 +759,11 @@
+       - "pep"   # pep requires mod_caps
+   mod_push: {}
+   mod_push_keepalive: {}
+-  ## mod_register:
++  mod_register:
+   ##
+   ## Protect In-Band account registrations with CAPTCHA.
+   ##
+-  ##   captcha_protected: true
++    captcha_protected: true
+   ##
+   ## Set the minimum informational entropy for passwords.
+   ##
+@@ -762,8 +781,8 @@
+   ## When a user registers, send a notification to
+   ## these XMPP accounts.
+   ##
+-  ##   registration_watchers:
+-  ##     - "[email protected]"
++    registration_watchers:
++      - "[email protected]"
+   ##
+   ## Only clients in the server machine can register accounts
+   ##
+@@ -773,6 +792,8 @@
+   ##
+   ##   access_from: deny
+   ##   access: register
++    access: register
++    access_from: allow
+   mod_roster:
+     versioning: true
+   mod_shared_roster: {}
+```
+
+### Import des données Prosody
+On s'assure d'abord que l'utilisateur `ejabberd` puisse lire les données stockées par Prosody :
+```bash
+$ chmod 770 -R /var/lib/prosody/
+$ chown root:ejabberd -R /var/lib/prosody/
+```
+
+`$ ejabberdctl import_prosody /var/lib/prosody/`
+
+### Différence de comportement
+Le module Prosody `mod_mam` a pour comportement par défaut
+
+| option                 | type                  | default |
+|------------------------|-----------------------|---------|
+| default_archive_policy | `boolean` or 'roster' | `true`  |
+|                        |                       |         |
+
+
+ce qui fait que Conversations active l'archivage par défaut alors qu'Ejabberd est à false par défaut