--- ejabberd.yml.orig	2014-11-21 13:06:14.000000000 +0100
+++ ejabberd.yml	2016-02-27 18:34:12.000000000 +0100
@@ -72,7 +72,8 @@
 ##   - "example.org"
 ##
 hosts:
-  - "localhost"
+  - "example.org"
+  - "guest.example.org"
 
 ##
 ## route_subdomains: Delegate subdomains to other XMPP servers.
@@ -98,14 +99,14 @@
     ## certificate, specify the full path to the
     ## file and uncomment this line:
     ##
-    certfile: "/etc/ejabberd/ejabberd.pem"
-    starttls: true
+    certfile: "/etc/ejabberd/chat.example.org.pem"
+    starttls_required: true
     ##
     ## Custom OpenSSL options
     ##
     protocol_options:
       - "no_sslv3"
-    ##   - "no_tlsv1"
+      - "no_tlsv1"
     max_stanza_size: 65536
     shaper: c2s_shaper
     access: c2s
@@ -148,29 +149,62 @@
     module: ejabberd_http
     ## request_handlers:
     ##   "/pub/archive": mod_http_fileserver
-    web_admin: true
-    http_poll: true
+    web_admin: false
+    http_poll: false
     http_bind: true
     ## register: true
-    captcha: true
+    captcha: false
+
+  -
+    port: 3478
+    transport: udp
+    module: ejabberd_stun
+  -
+    port: 3478
+    module: ejabberd_stun
+  -
+    port: 5349
+    module: ejabberd_stun
+    certfile: "/etc/ejabberd/chat.example.org.pem"
+    tls: true
+    turn_ip: "188.183.5.254"
+    auth_type: user
+    auth_realm: "EXAMPLE.ORG"
+##  -
+##    port: 5060
+##    transport: udp
+##    module: ejabberd_sip
+##  -
+##    port: 5060
+##    module: ejabberd_sip
+  -
+    port: 5061
+    module: ejabberd_sip
+    certfile: "/etc/ejabberd/chat.example.org.pem"
+    tls: true
 
 ##
 ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
 ## Allowed values are: false optional required required_trusted
 ## You must specify a certificate file.
 ##
+## s2s_use_starttls: optional
 s2s_use_starttls: optional
 
 ##
 ## s2s_certfile: Specify a certificate file.
 ##
-s2s_certfile: "/etc/ejabberd/ejabberd.pem"
+## s2s_certfile: "/path/to/ssl.pem"
+s2s_certfile: "/etc/ejabberd/chat.example.org.pem"
 
 ## Custom OpenSSL options
 ##
+## s2s_protocol_options:
+##   - "no_sslv3"
+##   - "no_tlsv1"
 s2s_protocol_options:
   - "no_sslv3"
-##   - "no_tlsv1"
+  - "no_tlsv1"
 
 ##
 ## domain_certfile: Specify a different certificate for each served hostname.
@@ -289,6 +323,14 @@
 ##     auth_method:
 ##       - internal
 ##       - anonymous
+host_config:
+  "example.org":
+    auth_method:
+      - pam
+  "guest.example.org":
+    auth_method: anonymous
+    allow_multiple_connections: true
+    anonymous_protocol: both
 
 ###   ==============
 ###   DATABASE SETUP
@@ -472,7 +514,7 @@
   ## In-band registration allows registration of any possible username.
   ## To disable in-band registration, replace 'allow' with 'deny'.
   register: 
-    all: allow
+    all: deny
   ## Only allow to register from localhost
   trusted_network: 
     loopback: allow
@@ -553,7 +595,7 @@
   ##   accesslog: "/var/log/ejabberd/access.log"
   mod_last: {}
   mod_muc: 
-    ## host: "conference.@HOST@"
+    host: "conference.example.org"
     access: muc
     access_create: muc_create
     access_persistent: muc_create
@@ -615,11 +657,12 @@
     ##
     ## Local c2s or remote s2s users cannot register accounts
     ##
-    ## access_from: deny
+    access_from: deny
 
     access: register
   mod_roster: {}
   mod_shared_roster: {}
+  mod_sip: {}
   mod_stats: {}
   mod_time: {}
   mod_vcard: {}