Man Linux: Main Page and Category List

NAME

       jabber.xml - jabberd daemon configuration file

SYNOPSIS

       The  jabber  daemon jabberd is configured by an XML configuration file.
       By default jabberd will read  /etc/jabber/jabber.xml.  The  -c  command
       line option can be used to specify an alternate configuration file.

FILE FORMAT

       The configuration file has to be a valid XML document preferably in the
       UTF-8 charset (ASCII is valid subset of UTF-8).

       Within  the  following  xpath  expressions,  the  following   namespace
       prefixes are used:

       default  namespace:  "jabber:server",  browse: "jabber:iq:browse", cfg:
       "http://jabberd.org/ns/configfile",   register:   "jabber:iq:register",
       vcard: "vcard-temp",

       <jabber/>
              This is the root element of the configuration file.

       <service/>
              This element is an immediate child element of the <jabber/> root
              element.  It defines a general purpose component in  the  jabber
              daemon.  The  jabber  daemon  will  route  all  stanzas  to this
              component that have a domain part in the  destination  JID  that
              equals  the  id attribute or any defined additional domains this
              component is responsible for using the  <host/>  child  element.
              An  implementation  or  relation  to an other process is defined
              using  one  of  the   following   child   elements:   <accept/>,
              <connect/>,  <dynamic/>,  <exec/>,  <load/>,  <null/>. Any child
              elements in own namespaces are ignored by the core  jabberd  and
              can be used by components to store their own configuration.

       <xdb/> This element is an immediate child element of the <jabber/> root
              element.  It defines a component in the jabber daemon,  that  is
              responsible  for  XML  data  storage.  This  components internal
              address is defined  by  the  id  attribute.  The  <host/>  child
              elements  define  for  which  domains  this storage component is
              managing the data. An empty <host/> element defines, that it  is
              responsible for all components. With the <ns/> child element you
              can limit the responsibility to XML chunks in  a  given  set  of
              namespaces.   You  can  then  for  example  define  one  storage
              component that handles rosters and an other that handles offline
              message  storage.   An  implementation  or  relation to an other
              process is defined using on of  the  following  child  elements:
              <accept/>,  <connect/>,  <dynamic/>,  <exec/>, <load/>, <null/>.
              Any child elements in own namespaces are  ignored  by  the  core
              jabberd  and  can  be  used  by  components  to  store their own
              configuration.

       <log/> This element is an immediate child element of the <jabber/> root
              element.  It defines a component in the jabber daemon, that acts
              as a logging sink.  This components internal address is  defined
              by the id attribute. The <host/> child elements define for which
              domains this logging sink is logging messages.  An empty <host/>
              element  defines,  that  it  is  responsible for all components.
              With the <logtype/> child element you can select  the  types  of
              messages,  that  are  handled by this component.  Where to write
              the logging information is defined with  one  of  the  following
              child  elements: <file/>, <stderr/>, <stdout/>, <to/>.  With the
              <format/> child element you define  the  format  of  the  logged
              message.

       <io/>  This element is an immediate child element of the <jabber/> root
              element.  In this section of  the  configuration  file  you  can
              define  different  settings  that are related to the network I/O
              layer. This includes bandwidth limitations (using  the  <karma/>
              element),  assigning  X.509  certificates  to sockets (using the
              <tls/> element), and to limit access to the server  to  specific
              IP address ranges (using the <allow/> and <deny/> elements).

       <pidfile/>
              This element specifies to which file the server should write its
              process ID.  If this file already  exists  when  the  server  is
              started,  it will fail. You have to remove stale pidfiles before
              starting the server yourself. If  you  omit  this  element,  the
              server will not write nor check any pidfile.

       <debug/>
              This  element  contains  configuration  settings controlling the
              output of debugging messages. These settings can be  changed  at
              server  runtime,  the  server  will  reread  them on receiving a
              SIGHUP signal.

       The following elements are used  inside  the  <service/>,  <xdb/>,  and
       <log/>
              elements, that are defining components. They are used to provide
              the  jabberd  process  with  information  where  it can find the
              component’s implementation.

       <load/>
              This element can be used inside  any  component  definition.  It
              specifies, that the implementation of the component can be found
              inside a shared  object.  Any  child  element  of  this  element
              defines  a  shared  object  file  and  a  method in this object.
              jabberd will load the shared object files  which  locations  are
              defined  in  the  cdata  elements inside the child elements, the
              names of the elements are defining the functions that have to be
              called. An optional main attribute in the <load/> element define
              the main function in  a  component,  that  has  to  be  used  to
              initialize it.

       <accept/>
              This  element  defines,  that  jabberd will wait for an incoming
              connection using the jabber:component:accept protocol defined in
              XEP-0114.  With  this  it is possible to run components in their
              own process, even on different hosts and connect it to the  main
              jabberd  routing  process.  On  the  other end of the connection
              there can be an instance of jabberd again that  uses  a  section
              with  <connect/>  to  initiate  the  connection,  but  there are
              libraries  in  many  programming   languages   available,   that
              implement  XEP-0114  as  well.   Inside this element you have to
              provide an <ip/> element, that defines the IPv4 or IPv6  address
              to  listen  on, a <port/> element that defines on which port the
              server will listen for the connection, and a <secret/>  element,
              that defines a shared secret to authenticate the other peer.

       <connect/>
              This  element  is the opposite of the <accept/> element. Jabberd
              will   try   to   connect   to   an   implementation   of    the
              jabber:component:accept  protocol  defined  in XEP-0114.  Inside
              this element you have to provide an <ip/> element, that  defines
              the IPv4 or IPv6 address where to connect to, a <port/> element,
              that defines the destination port, and a <secret/> element, that
              defines a shared secret to authenticate to the other peer.

       <file/>
              This  element  can  only  be used inside a <log/> section. It is
              used to specify that log messages should be appended to  a  text
              file.

       <null/>
              This  element  specifies  an empty component. Everything that is
              sent to a JabberID with the domain part  of  this  component  is
              silently  discarded.  It can be used to drop stanzas directed to
              entities on the Jabber  network,  that  have  disappeared  (e.g.
              update.jabber.org).

       <stderr/>
              This  element  can  only  be used inside a <log/> section. It is
              used to specify that log  messages  should  be  written  to  the
              standard error output stream.

       <stdout/>
              This  element  is  used  to  define, that the jabberd process is
              communicating  with  the  process,  that  is  implementing   the
              component.  It  is  the  opposite  of <exec/>. A process that is
              started by <exec/> in an other  process  can  use  <stdout/>  to
              implement the other end of the connecting pipe.

       <syslog/>
              This  element  can  only  be used inside a <log/> section. It is
              used to specify that log  messages  should  be  written  to  the
              syslog.

       <to/>  This  element  can  only  be used inside a <log/> section. It is
              used to reformat log packets as messages and resend them  to  an
              entity  with  the given JabberID. The JabberID is given as cdata
              child element.

       <unsubscribe/>
              This element can only be used inside a <service/> section. It is
              used  to bounce messages and iq queries and send unsubscribes to
              presences, that are received. It is intended to  be  used  as  a
              replacement  for  transports, that are removed from a server. It
              will remove the roster items of this transport from  the  users’
              rosters.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/browse:browse
              List  of  services,  that  should be returned as the result of a
              browsing or a service discovery request. The format is as  in  a
              browse result stanza.

       jsm   setting:   cfg:jabber/cfg:service/jsm:jsm/disco-info:disco/disco-
       info:identity
              Name  of the Jabber server, that should be returned in a service
              discovery reply.  If this is not configured, the FN field of the
              server’s                                                   vCard
              (cfg:jabber/cfg:service/jsm:jsm/vcard:vCard/vcard:FN) is used.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:admin/reply
              Message, that should be returned to someone,  that  has  sent  a
              message to the servers address. (These messages are forwarded to
              all users having the ’adminmsg’ ACL right.)

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:agents
              This configuration setting can contain a response of  a  iq  get
              query   in   the   jabber:iq:agents  namespace.  Using  this  is
              deprecated. You should not use this configuration  setting.  The
              jabber:iq:agents namespace is superseded by service discovery.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:archive
              Configure the JabberIDs where mod_log should send messages about
              created sessions to. The  JabberIDs  should  be  enclosed  in  a
              <service/>  element.  Multiple <service/> elements can be placed
              inside the <archive/> element.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:auth
              Redirect authentication handling (non-SASL only) to a component.
              The  address  of  the  component  has to be given as the textual
              content of this configuration element. No default setting.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:history
              With this element, the session manager can be configured to send
              copies  of  received  and sent messages to xdb. This can be used
              for logging or to implement  web-based  access  to  the  message
              history.  The  history element contains two child elements: sent
              and recv. The sent element configures how  messages  sent  by  a
              user  are  handled.  The  recv  element  configures how messages
              received by a user are handled.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:maxusers
              The maximum number of users the server should expect per  domain
              (more  users  will  get  handled,  but  it  may have performance
              impacts). A prime number should be configured here. The  default
              setting is 3001.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:mod_auth_crypt/jsm:hash
              The default password hashing algorithm used by mod_auth_crypt is
              crypt().  With this setting you can select other  algorithms  by
              adding their name as the text inside this element. Currently the
              only other algorithm supported by mod_auth_crypt is  "SHA1".  It
              is   not   recommended   to  use  mod_auth_crypt.   With  hashed
              passwords, you get problems when you want  to  migrate  to  SASL
              authentication.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:mod_offline
              With  this  it  can  be  configured  which  messages  are stored
              offline. The default is to only store normal and  chat  messages
              offline  (bouncing  headline  and  groupchat  messages, dropping
              error messages). If the mod_offline  element  is  present,  only
              message  types  present in this element are stored offline.  Use
              the following element  names  inside  this  element:  <normal/>,
              <chat/>, <headline/>, <groupchat/>, and <error/>.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:mod_useridpolicy
              Define  a  policy  for  usernames,  that  should  be enforced on
              account registration (i.e. already registered usernames are  not
              affected).   It   is  possible  to  block  accounts  from  being
              registered based on special names (put  the  username  inside  a
              <forbidden/>   element,  e.g.   <forbidden>root</forbidden>)  or
              enforce length constraints on the username by defining a minimum
              and/or maximum length of the username in unicode characters (put
              the  setting  inside  <minlen/>  and  <maxlen/>  elements,  e.g.
              <minlen>3</minlen>).

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:mod_version
              Modify  the  result  to  a  jabber:iq:version  request. With the
              <name/>  element  inside  this  configuration  option,  you  can
              replace  the  product name, that is returned by the server. With
              the <version/> element, you can  replace  the  returned  product
              version.  With  the <os/> element, you can replace the operating
              system  identification  returned  by   mod_version.   With   the
              <no_os_version/>  element,  you  can  configured  mod_version to
              return the name of the operating system,  but  not  its  version
              number.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:presence
              This  configuration  option  can include two different elements:
              With the <presence2xdb/>  element  you  configure  jabberd14  to
              store  all  presences  of  the local users to xdb. Used together
              with xdb_sql this can be used to have the presence of your users
              in  a  SQL  database,  e.g.  to  use  it  to  display web status
              indicators.  (Please  recognize  the  privacy  issues  with  web
              indicators  if  you  plan to implement this.) The other possible
              element inside this configuration option is <bcc/> which can  be
              used  multiple  times.  Inside  the <bcc/> element you can place
              JabberIDs.  All local  presences  are  send  to  the  configured
              JabberIDs  as a copy.  This can be used to forward presence to a
              component, that needs to know presence of all local users. (E.g.
              another way to implement a web presence indicator.)

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:regtimeout
              This  configures  the  number of seconds an account gets blocked
              against reregistration after it has been unregistered. The value
              is specified as the timeout attribute of this element.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:serialization
              With this setting the session manager can be configured to store
              all necessary state information to restart the  session  manager
              to  a  file.   This  can  be used to restart the session manager
              after a crash (or after it has been killed by a signal)  without
              the  user’s  sessions  to  be  dropped.  This  can  be  used  to
              reconfigure the session manager  while  it  is  running.  Please
              note,  that  on  very  big jabberd14 installations you might get
              problems if you serialize the state to often.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/jsm:vcard2jud
              If the vCard a users sets  should  be  forwarded  to  the  first
              Jabber     users    directory,    that    is    configured    in
              cfg:jabber/cfg:service/jsm:jsm/browse:browse.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/register:register
              Reply  stanza  to  a  jabber:iq:register   get   request.   This
              configures  what  a client gets asked, if a user tries an inband
              account registration.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/vcard:vCard
              The vCard, that gets returned, if a  Jabber  entity  requests  a
              vCard for the server. No default value.

       jsm setting: cfg:jabber/cfg:service/jsm:jsm/welcome
              A message stanza, that should be sent to a new user. The content
              of the welcome element is used as the content of  the  generated
              message stanza.  Therefore you should have a body element inside
              this one, and a subject element might be good to have  as  well.
              It  is  possible  to  use xml:lang attributes for the content of
              this element. No default setting,  if  element  is  missing,  no
              welcome message is generated.

       TLS settings: cfg:jabber/cfg:io/cfg:tls
              Inside  this  configuration  element you find the settings, that
              configure how TLS is used inside jabberd14. Settings inside this
              element  are  grouped together using the <credentials/> element.
              Every set of settings defined within such an element is used for
              the  set  of  domains,  that  are configured using the <domain/>
              element inside this element. If jabberd14 searches for  settings
              and  does  not  find a set that contains the relevant domain, it
              will search a set that contains the <default/> element. If  even
              no  such  set is found, TLS is disabled for this domain.  (Note:
              This is designed to be used with the STARTTLS mechanism  of  the
              XMPP  protocol.  If  you  are  using  legacy TLS connections for
              clients on port 5223, you have to  configure  the  IP  addresses
              your    are    listening    on   as   domain   as   well.   E.g.
              <domain>192.0.2.34</domain> if you are listening on port 5223 or
              the  IP address 192.0.2.34.)  Beside the <credentials/> element,
              there are three more valid elements, that can be  placed  inside
              the <tls/> element:

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:dhparams
              If   this  setting  is  not  present,  jabberd14  will  generate
              parameters for Diffie  Hellman  keyexchanges  on  the  fly  when
              starting  up.  As this may take some time, you might want to use
              pre-calculated parameters.   Use  this  setting  to  load  them.
              Specify the filename containing the parameters as the content of
              this element. By default the file is expected to by PEM encoded.
              Add the flag type="der" if the file is DER encoded.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:cacertfile
              This  setting  defines a file containing certificates of the CAs
              jabberd14  should  trust   when   authenticating   peers   using
              certificates.  These CA certificates are used as the default CAs
              and can be  overwritten  using  the  <ca/>  element  inside  the
              <credentials/> elements for each set of TLS settings.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:crlfile
              This  setting  allows  you to load a certificate revocation list
              from a file.  Place the filename as the content of this element.
              By default the file is tried to be loaded as a PEM encoded file.
              If the file  is  DER  encoded,  please  specify  the  type="der"
              attribute on this element.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:default
              Define  that  this  set  of  TLS settings should be used when no
              explicit set of settings can be found for a domain.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:domain
              Bind a set of settings to a domain. The domain for which the set
              should  be used has to be placed as the content of this element.
              No whitespace should be present in the content of this  element.
              This   element   can   be   used   multiple   times  inside  the
              <credentials/> element to bind a set  of  settings  to  multiple
              domains.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:pem
              This  setting  is  used  to  load  a  server  certificate  of  a
              certificate chain, that is PEM  encoded.  By  default  jabberd14
              tries  to  read  the  private  key  from  the  same  file as the
              certificate. If you have your private key in a  different  file,
              please  specify  the filename of this file using the private-key
              attribute  on  the  <pem/>  element.   If  you   have   multiple
              certificates  for  the  set  of  domains  (e.g.  a RSA and a DSA
              certificate) you can place multiple  <pem/>  elements  inside  a
              <credentials/>   element.  But  if  your  certificates  are  for
              different  domains,  you  have  to  place  them   in   different
              <credentials/> elements.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:der
              This  is  the  same setting as the <pem/> element, with the only
              difference that the file is expected to be DER  encoded  instead
              of  PEM  encoded.  Please  also  note,  that  with  DER  encoded
              certificates you always have to place  your  private  key  in  a
              different  file,  and  therefore  have  to  use  the private-key
              attribute of the <der/> element.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:ca
              Load one or many certificates of CAs the server should trust  to
              do  certificate  based  authentication  of peers. By default the
              file is expected to be PEM encoded. If the file is DER  encoded,
              you  have  to add the type="der" attribute to this element. This
              element can be used multiple times to load multiple files.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:openpgp
              Load an OpenPGP key as certificate. Specify the file  containing
              the  public  key  as  the  content  of this element and the file
              containing your private key using the private-key  attribute  of
              this element.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:keyring
              Load  an  OpenPGP  keyring  from  the  file  specified using the
              content of this element.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:trustdb
              Load a GnuPG trust database from the file  specified  using  the
              content of this element.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:protocols
              This  setting  is  used  to  specify  which  version  of the TLS
              protocol should be used  and  in  which  order  they  should  be
              prefered.  If  you  omit  this  setting, the protocols and their
              preference are defined by the used TLS library (GnuTLS)  itself.
              Place  the  list  of  protocols in the order of their preference
              separated by whitespace as content of this  element.  Recognized
              values  are: TLS1_2 for TLS version 1.2 (only known if jabberd14
              is compiled with a TLS library supporting this version  of  TLS,
              otherwise  ignored),  TLS1_1 for TLS version 1.1, TLS1_0 for TLS
              version 1.0, and SSL3 for SSL version 3.0  (predecessor  of  TLS
              1_0).  SSL  versions  before  3.0 are not supported by jabberd14
              anymore as they are considered weak.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:kx
              This setting is used to specify which  key  exchange  algorithms
              should  be  used  and in which order they should be prefered. If
              you omit this setting, the algorithms and their  preference  are
              defined  by the used TLS library (GnuTLS) itself. Place the list
              of algorithms in the order  of  their  preference  separated  by
              whitespace  as  content  of this element. Recognized values are:
              RSA for exchanging keys on a RSA encrypted channel, DHE_RSA  for
              using a RSA signed Diffie Hellman keyexchange, DHE_DSS for using
              a DSS signed Diffie Hellman keyexchange. The DHE_* key exchanges
              might need a bit more computing power, but will result in a non-
              compromized key even if your certificate gets compromized.  With
              a  pure  RSA key exchange the encrypted session gets readable if
              your RSA certificate  gets  compromized.  For  RSA  and  DHE_RSA
              keyexchanges  you  need  a RSA certificate when being the server
              side of the connection, for the DHE_DSS key exchange you need  a
              DSS certificate when being the server side of the connection. If
              you are the server (i.e. connected) side of the TLS  connection,
              this  setting will only select which key exchange algorithms you
              support/offer as it is the client’s task to select  one  of  the
              offered  algorithms. Therefore the order of this setting is only
              relevant if you are the connecting side  of  a  TLS  connection.
              (Note:  ANON_DH is supported as well and results in an anonymous
              Diffie Hellman keyexchange. Normally you do not want  to  enable
              this  key  exchange, please only enable it, if you know what you
              are doing.)

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:ciphers
              This setting is used to specify which cipher  algorithms  should
              be  used and in which order they should be prefered. If you omit
              this setting, the ciphers and their preference  are  defined  by
              the used TLS library (GnuTLS) itself.  Place the list of ciphers
              in the order of their  preference  separated  by  whitespace  as
              content  of  this element. Recognized values are: AES_256_CBC is
              the AES cipher using a 256 b key in CBC mode, AES_128_CBC is the
              AES  cipher  using a 128 b key in CBC mode, 3DES_CBC is the 3DES
              cipher using 168 b key (effective strength is considered  to  be
              only  112  b)  in  CBC  mode,  ARCFOUR_128 is the ARCFOUR stream
              cipher using a 128 b key.  (The following ciphers are recognized
              as well, but you normally should not configure them: ARCFOUR_40,
              RC2_40_CBC, DES_CBC, NULL. Only allow these additional  ciphers,
              if  you  know exactly what you are doing. They are considered to
              be weak ciphers.)

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:compression
              This setting is used to  specify  which  compression  algorithms
              should  be  used  and in which order they should be prefered. If
              you omit this setting,  the  compression  algorithms  and  their
              preference  are defined by the used TLS library (GnuTLS) itself.
              With  current  versions   of   GnuTLS   this   means   disabling
              compression.   Therefore   if   you   want  to  use  TLS  stream
              compression, you have to define this setting. Place the list  of
              compression   algorithms   in  the  order  of  their  preference
              separated by whitespace as content of this element.   Recognized
              values  are:  LZO  for compression using the LZO algorithm (only
              supported if GnuTLS extra  has  been  found  on  compilation  of
              jabberd14, ignored otherwise), DEFLATE for compression using the
              deflate/gzip  algorithm,  NULL  for  no  compression.  The   LZO
              algorithm  might  have  a  better  performance  than the DEFLATE
              algorithm.

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:mac
              This setting is used to specify which MAC algorithms  should  be
              used  and  in  which  order they should be prefered. If you omit
              this setting, the algorithms and their preference are defined by
              the  used  TLS  library  (GnuTLS) itself.  Place the list of mac
              algorithms  in  the  order  of  their  preference  separated  by
              whitespace  as  content  of this element. Recognized values are:
              NULL  (for  using  no  MAC),  MD5,  SHA1,   RMD160,   MD2   (not
              recommended),  SHA256,  SHA386,  SHA512.   This  setting  is for
              expert users only. Normally you  want  to  leave  the  defaults.
              (SHA256,  SHA386  and  SHA512 are only present if the underlying
              TLS library support them.)

       TLS setting: cfg:jabber/cfg:io/cfg:tls/cfg:credentials/cfg:certtypes
              This setting is used to specify which certificate  types  should
              be  used and in which order they should be prefered. If you omit
              this setting, the types and their preference are defined by  the
              used  TLS  library  (GnuTLS)  itself.  With  current versions of
              GnuTLS this means only supporting X.509 certificates,  which  is
              what you currently normally want to use. Place the list of types
              in the order of their  preference  separated  by  whitespace  as
              content  of this element. Recognized values are: X.509 for X.509
              certificates and OpenPGP for using OpenPGP keys as certificates.

AUTHOR

       jabberd14 project