diff --git a/apps/emqx_conf/src/emqx_conf.erl b/apps/emqx_conf/src/emqx_conf.erl
index e83ccfffd..5e56bd9d5 100644
--- a/apps/emqx_conf/src/emqx_conf.erl
+++ b/apps/emqx_conf/src/emqx_conf.erl
@@ -125,12 +125,21 @@ reset(Node, KeyPath, Opts) ->
%% @doc Called from build script.
-spec dump_schema(file:name_all()) -> ok.
dump_schema(Dir) ->
- SchemaMarkdownFile = filename:join([Dir, "config.md"]),
- io:format(user, "===< Generating: ~s~n", [SchemaMarkdownFile ]),
- ok = gen_doc(SchemaMarkdownFile),
+ SchemaMdFile = filename:join([Dir, "config.md"]),
+ io:format(user, "===< Generating: ~s~n", [SchemaMdFile ]),
+ ok = gen_doc(SchemaMdFile),
+
+ %% for scripts/spellcheck.
SchemaJsonFile = filename:join([Dir, "schema.json"]),
io:format(user, "===< Generating: ~s~n", [SchemaJsonFile]),
- ok = gen_hot_conf_schema(SchemaJsonFile),
+ JsonMap = hocon_schema_json:gen(emqx_conf_schema),
+ IoData = jsx:encode(JsonMap, [space, {indent, 4}]),
+ ok = file:write_file(SchemaJsonFile, IoData),
+
+ %% hot-update configuration schema
+ HotConfigSchemaFile = filename:join([Dir, "hot-config-schema.json"]),
+ io:format(user, "===< Generating: ~s~n", [HotConfigSchemaFile]),
+ ok = gen_hot_conf_schema(HotConfigSchemaFile),
ok.
%%--------------------------------------------------------------------
diff --git a/schema_v1.json b/schema_v1.json
deleted file mode 100644
index 948d69332..000000000
--- a/schema_v1.json
+++ /dev/null
@@ -1,5392 +0,0 @@
-{
- "components": {
- "schemas": {
- "limiter.bucket": {
- "properties": {
- "zone": {
- "description": "The bucket's zone",
- "type": "string"
- },
- "aggregated": {
- "$ref": "#/components/schemas/limiter.bucket_aggregated"
- },
- "per_client": {
- "$ref": "#/components/schemas/limiter.client_bucket"
- }
- },
- "type": "object"
- },
- "modules.rewrite": {
- "properties": {
- "action": {
- "description": "Action",
- "example": "publish",
- "symbols": [
- "subscribe",
- "publish",
- "all"
- ],
- "type": "enum"
- },
- "source_topic": {
- "description": "Origin Topic",
- "example": "x/#",
- "type": "string"
- },
- "dest_topic": {
- "description": "Destination Topic",
- "example": "z/y/$1",
- "type": "string"
- },
- "re": {
- "description": "Regular expressions",
- "example": "^x/y/(.+)$",
- "type": "string"
- }
- },
- "type": "object"
- },
- "dashboard.http": {
- "required": [
- "bind",
- "protocol"
- ],
- "properties": {
- "protocol": {
- "default": "http",
- "description": "HTTP/HTTPS protocol.",
- "symbols": [
- "http",
- "https"
- ],
- "type": "enum"
- },
- "bind": {
- "default": 18083,
- "description": "Port without IP(18083) or port with specified IP(127.0.0.1:18083).",
- "oneOf": [
- {
- "type": "ip_port"
- },
- {
- "minimum": 1,
- "type": "number"
- }
- ]
- },
- "num_acceptors": {
- "default": 4,
- "description": "Socket acceptor pool for TCP protocols.",
- "type": "number"
- },
- "max_connections": {
- "default": 512,
- "type": "number"
- },
- "backlog": {
- "default": 1024,
- "description": "Defines the maximum length that the queue of pending connections can grow to.",
- "type": "number"
- },
- "send_timeout": {
- "default": "5s",
- "type": "duration"
- },
- "inet6": {
- "default": false,
- "type": "boolean"
- },
- "ipv6_v6only": {
- "default": false,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "authn-mysql.authentication": {
- "required": [
- "database",
- "server",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "mysql"
- ],
- "type": "enum"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "query": {
- "type": "string"
- },
- "query_timeout": {
- "default": "5s",
- "type": "duration"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "server": {
- "description": "\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe MySQL default port 3306 is used if '[:Port]' isn't present",
- "type": "ip_port"
- },
- "database": {
- "type": "string"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "auto_reconnect": {
- "default": true,
- "type": "boolean"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "configuration.node": {
- "required": [
- "data_dir"
- ],
- "properties": {
- "name": {
- "default": "emqx@127.0.0.1",
- "description": "Unique name of the EMQX node. It must follow %name%@FQDN or\n %name%@IP format.",
- "type": "string"
- },
- "cookie": {
- "default": "emqxsecretcookie",
- "description": "Secret cookie is a random string that should be the same on all nodes in\n the given EMQX cluster, but unique per EMQX cluster. It is used to prevent EMQX nodes that\n belong to different clusters from accidentally connecting to each other.",
- "type": "string"
- },
- "data_dir": {
- "description": "Path to the persistent data directory. It must be unique per broker instance.",
- "type": "string"
- },
- "config_files": {
- "description": "List of configuration files that are read during startup. The order is\n significant: later configuration files override the previous ones.",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "global_gc_interval": {
- "default": "15m",
- "description": "Periodic garbage collection interval.",
- "type": "duration"
- },
- "crash_dump_file": {
- "description": "Location of the crash dump file",
- "type": "string"
- },
- "crash_dump_seconds": {
- "default": "30s",
- "description": "The number of seconds that the broker is allowed to spend writing\na crash dump",
- "type": "duration"
- },
- "crash_dump_bytes": {
- "default": "100MB",
- "description": "The maximum size of a crash dump file in bytes.",
- "type": "byteSize"
- },
- "dist_net_ticktime": {
- "default": "2m",
- "description": "This is the approximate time an EMQX node may be unresponsive until it is considered down and thereby disconnected.",
- "type": "duration"
- },
- "dist_listen_min": {
- "default": 6369,
- "description": "Lower bound for the port range where EMQX broker listens for peer connections.",
- "maximum": 65535,
- "minimum": 1024,
- "type": "number"
- },
- "dist_listen_max": {
- "default": 6369,
- "description": "Upper bound for the port range where EMQX broker listens for peer connections.",
- "maximum": 65535,
- "minimum": 1024,
- "type": "number"
- },
- "backtrace_depth": {
- "default": 23,
- "description": "Maximum depth of the call stack printed in error messages and\n process_info.",
- "type": "number"
- },
- "applications": {
- "default": "",
- "description": "List of Erlang applications that shall be rebooted when the EMQX broker joins\n the cluster.",
- "type": "comma_separated_string"
- },
- "etc_dir": {
- "description": "etc dir for the node",
- "type": "string"
- },
- "cluster_call": {
- "$ref": "#/components/schemas/emqx_conf_schema.cluster_call"
- }
- },
- "type": "object"
- },
- "emqx_schema.force_shutdown": {
- "properties": {
- "enable": {
- "default": true,
- "type": "boolean"
- },
- "max_message_queue_len": {
- "default": 1000,
- "minimum": 0,
- "type": "number"
- },
- "max_heap_size": {
- "default": "32MB",
- "type": "byteSize"
- }
- },
- "type": "object"
- },
- "emqx_schema.ssl_client_opts": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "cacertfile": {
- "description": "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.\n",
- "type": "string"
- },
- "certfile": {
- "description": "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.\n",
- "type": "string"
- },
- "keyfile": {
- "description": "PEM format private key file.
\n",
- "type": "string"
- },
- "verify": {
- "default": "verify_none",
- "symbols": [
- "verify_peer",
- "verify_none"
- ],
- "type": "enum"
- },
- "reuse_sessions": {
- "default": true,
- "type": "boolean"
- },
- "depth": {
- "default": 10,
- "type": "number"
- },
- "password": {
- "description": "String containing the user's password. Only used if the private\nkey file is password-protected.",
- "type": "string"
- },
- "versions": {
- "default": [
- "tlsv1.3",
- "tlsv1.2",
- "tlsv1.1",
- "tlsv1"
- ],
- "description": "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIn case PSK cipher suites are intended, make sure to configured\n['tlsv1.2', 'tlsv1.1'] here.\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "ciphers": {
- "default": [
- "TLS_AES_256_GCM_SHA384",
- "TLS_AES_128_GCM_SHA256",
- "TLS_CHACHA20_POLY1305_SHA256",
- "TLS_AES_128_CCM_SHA256",
- "TLS_AES_128_CCM_8_SHA256",
- "ECDHE-ECDSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-ECDSA-AES256-SHA384",
- "ECDHE-RSA-AES256-SHA384",
- "ECDH-ECDSA-AES256-GCM-SHA384",
- "ECDH-RSA-AES256-GCM-SHA384",
- "ECDH-ECDSA-AES256-SHA384",
- "ECDH-RSA-AES256-SHA384",
- "DHE-DSS-AES256-GCM-SHA384",
- "DHE-DSS-AES256-SHA256",
- "AES256-GCM-SHA384",
- "AES256-SHA256",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "ECDHE-RSA-AES128-GCM-SHA256",
- "ECDHE-ECDSA-AES128-SHA256",
- "ECDHE-RSA-AES128-SHA256",
- "ECDH-ECDSA-AES128-GCM-SHA256",
- "ECDH-RSA-AES128-GCM-SHA256",
- "ECDH-ECDSA-AES128-SHA256",
- "ECDH-RSA-AES128-SHA256",
- "DHE-DSS-AES128-GCM-SHA256",
- "DHE-DSS-AES128-SHA256",
- "AES128-GCM-SHA256",
- "AES128-SHA256",
- "ECDHE-ECDSA-AES256-SHA",
- "ECDHE-RSA-AES256-SHA",
- "DHE-DSS-AES256-SHA",
- "ECDH-ECDSA-AES256-SHA",
- "ECDH-RSA-AES256-SHA",
- "ECDHE-ECDSA-AES128-SHA",
- "ECDHE-RSA-AES128-SHA",
- "DHE-DSS-AES128-SHA",
- "ECDH-ECDSA-AES128-SHA",
- "ECDH-RSA-AES128-SHA",
- "RSA-PSK-AES256-GCM-SHA384",
- "RSA-PSK-AES256-CBC-SHA384",
- "RSA-PSK-AES128-GCM-SHA256",
- "RSA-PSK-AES128-CBC-SHA256",
- "RSA-PSK-AES256-CBC-SHA",
- "RSA-PSK-AES128-CBC-SHA"
- ],
- "description": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "user_lookup_fun": {
- "default": "emqx_tls_psk:lookup",
- "type": "string"
- },
- "secure_renegotiate": {
- "default": true,
- "description": "\nSSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.\n",
- "type": "boolean"
- },
- "server_name_indication": {
- "description": "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP addressed used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
- "oneOf": [
- {
- "type": "string"
- },
- {
- "symbols": [
- "disable"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.cluster_etcd": {
- "properties": {
- "server": {
- "type": "comma_separated_string"
- },
- "prefix": {
- "default": "emqxcl",
- "type": "string"
- },
- "node_ttl": {
- "default": "1m",
- "type": "duration"
- },
- "ssl": {
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "emqx_schema.flapping_detect": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "max_count": {
- "default": 15,
- "type": "number"
- },
- "window_time": {
- "default": "1m",
- "type": "duration"
- },
- "ban_time": {
- "default": "5m",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "emqx_schema.tcp_opts": {
- "properties": {
- "active_n": {
- "default": 100,
- "type": "number"
- },
- "backlog": {
- "default": 1024,
- "type": "number"
- },
- "send_timeout": {
- "default": "15s",
- "type": "duration"
- },
- "send_timeout_close": {
- "default": true,
- "type": "boolean"
- },
- "recbuf": {
- "type": "byteSize"
- },
- "sndbuf": {
- "type": "byteSize"
- },
- "buffer": {
- "type": "byteSize"
- },
- "high_watermark": {
- "default": "1MB",
- "type": "byteSize"
- },
- "nodelay": {
- "default": false,
- "type": "boolean"
- },
- "reuseaddr": {
- "default": true,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_schema.mqtt_wss_listener": {
- "required": [
- "bind"
- ],
- "properties": {
- "tcp": {
- "$ref": "#/components/schemas/emqx_schema.tcp_opts"
- },
- "ssl": {
- "$ref": "#/components/schemas/emqx_schema.listener_wss_opts"
- },
- "websocket": {
- "$ref": "#/components/schemas/emqx_schema.ws_opts"
- },
- "bind": {
- "oneOf": [
- {
- "type": "number"
- },
- {
- "type": "ip_port"
- }
- ]
- },
- "acceptors": {
- "default": 16,
- "type": "number"
- },
- "max_connections": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "mountpoint": {
- "default": "",
- "type": "string"
- },
- "zone": {
- "default": "default",
- "type": "string"
- },
- "limiter": {
- "default": {},
- "properties": {
- "$ratelimit bucket's name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "access_rules": {
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "proxy_protocol": {
- "default": false,
- "type": "boolean"
- },
- "proxy_protocol_timeout": {
- "type": "duration"
- },
- "authentication": {
- "description": "Per-listener authentication override\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked\nin the configured order.
\n",
- "items": {
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-scram-builtin_db.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.jwks"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.public-key"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.hmac-based"
- },
- {
- "$ref": "#/components/schemas/authn-http.post"
- },
- {
- "$ref": "#/components/schemas/authn-http.get"
- },
- {
- "$ref": "#/components/schemas/authn-redis.sentinel"
- },
- {
- "$ref": "#/components/schemas/authn-redis.cluster"
- },
- {
- "$ref": "#/components/schemas/authn-redis.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.sharded-cluster"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.replica-set"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-postgresql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-mysql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-builtin_db.authentication"
- }
- ]
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "emqx_schema.persistent_session_store": {
- "properties": {
- "enabled": {
- "default": false,
- "type": "boolean"
- },
- "storage_type": {
- "default": "disc",
- "oneOf": [
- {
- "symbols": [
- "disc"
- ],
- "type": "enum"
- },
- {
- "symbols": [
- "ram"
- ],
- "type": "enum"
- }
- ]
- },
- "max_retain_undelivered": {
- "default": "1h",
- "type": "duration"
- },
- "message_gc_interval": {
- "default": "1h",
- "type": "duration"
- },
- "session_message_gc_interval": {
- "default": "1m",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "auto_subscribe.auto_subscribe": {
- "properties": {
- "topics": {
- "items": {
- "$ref": "#/components/schemas/auto_subscribe.topic"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "connector-http.request": {
- "properties": {
- "method": {
- "symbols": [
- "post",
- "put",
- "get",
- "delete"
- ],
- "type": "enum"
- },
- "path": {
- "type": "string"
- },
- "body": {
- "type": "string"
- },
- "headers": {
- "type": "string"
- },
- "request_timeout": {
- "description": "The timeout when sending request to the HTTP server",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "emqx_schema.overload_protection": {
- "properties": {
- "enable": {
- "default": false,
- "description": "React on system overload or not",
- "type": "boolean"
- },
- "backoff_delay": {
- "default": 1,
- "description": "Some unimportant tasks could be delayed for execution, here set the delays in ms",
- "minimum": 0,
- "type": "number"
- },
- "backoff_gc": {
- "default": false,
- "description": "Skip forceful GC if necessary",
- "type": "boolean"
- },
- "backoff_hibernation": {
- "default": true,
- "description": "Skip process hibernation if necessary",
- "type": "boolean"
- },
- "backoff_new_conn": {
- "default": true,
- "description": "Close new incoming connections if necessary",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_schema.zone": {
- "properties": {
- "mqtt": {
- "$ref": "#/components/schemas/zone.mqtt"
- },
- "stats": {
- "$ref": "#/components/schemas/zone.stats"
- },
- "flapping_detect": {
- "$ref": "#/components/schemas/zone.flapping_detect"
- },
- "force_shutdown": {
- "$ref": "#/components/schemas/zone.force_shutdown"
- },
- "conn_congestion": {
- "$ref": "#/components/schemas/zone.conn_congestion"
- },
- "rate_limit": {
- "$ref": "#/components/schemas/zone.rate_limit"
- },
- "quota": {
- "$ref": "#/components/schemas/zone.quota"
- },
- "force_gc": {
- "$ref": "#/components/schemas/zone.force_gc"
- },
- "overload_protection": {
- "$ref": "#/components/schemas/zone.overload_protection"
- }
- },
- "type": "object"
- },
- "emqx_schema.listener_ssl_opts": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "cacertfile": {
- "description": "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.\n",
- "type": "string"
- },
- "certfile": {
- "description": "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.\n",
- "type": "string"
- },
- "keyfile": {
- "description": "PEM format private key file.
\n",
- "type": "string"
- },
- "verify": {
- "default": "verify_none",
- "symbols": [
- "verify_peer",
- "verify_none"
- ],
- "type": "enum"
- },
- "reuse_sessions": {
- "default": true,
- "type": "boolean"
- },
- "depth": {
- "default": 10,
- "type": "number"
- },
- "password": {
- "description": "String containing the user's password. Only used if the private\nkey file is password-protected.",
- "type": "string"
- },
- "versions": {
- "default": [
- "tlsv1.3",
- "tlsv1.2",
- "tlsv1.1",
- "tlsv1"
- ],
- "description": "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIn case PSK cipher suites are intended, make sure to configured\n['tlsv1.2', 'tlsv1.1'] here.\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "ciphers": {
- "default": [
- "TLS_AES_256_GCM_SHA384",
- "TLS_AES_128_GCM_SHA256",
- "TLS_CHACHA20_POLY1305_SHA256",
- "TLS_AES_128_CCM_SHA256",
- "TLS_AES_128_CCM_8_SHA256",
- "ECDHE-ECDSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-ECDSA-AES256-SHA384",
- "ECDHE-RSA-AES256-SHA384",
- "ECDH-ECDSA-AES256-GCM-SHA384",
- "ECDH-RSA-AES256-GCM-SHA384",
- "ECDH-ECDSA-AES256-SHA384",
- "ECDH-RSA-AES256-SHA384",
- "DHE-DSS-AES256-GCM-SHA384",
- "DHE-DSS-AES256-SHA256",
- "AES256-GCM-SHA384",
- "AES256-SHA256",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "ECDHE-RSA-AES128-GCM-SHA256",
- "ECDHE-ECDSA-AES128-SHA256",
- "ECDHE-RSA-AES128-SHA256",
- "ECDH-ECDSA-AES128-GCM-SHA256",
- "ECDH-RSA-AES128-GCM-SHA256",
- "ECDH-ECDSA-AES128-SHA256",
- "ECDH-RSA-AES128-SHA256",
- "DHE-DSS-AES128-GCM-SHA256",
- "DHE-DSS-AES128-SHA256",
- "AES128-GCM-SHA256",
- "AES128-SHA256",
- "ECDHE-ECDSA-AES256-SHA",
- "ECDHE-RSA-AES256-SHA",
- "DHE-DSS-AES256-SHA",
- "ECDH-ECDSA-AES256-SHA",
- "ECDH-RSA-AES256-SHA",
- "ECDHE-ECDSA-AES128-SHA",
- "ECDHE-RSA-AES128-SHA",
- "DHE-DSS-AES128-SHA",
- "ECDH-ECDSA-AES128-SHA",
- "ECDH-RSA-AES128-SHA",
- "RSA-PSK-AES256-GCM-SHA384",
- "RSA-PSK-AES256-CBC-SHA384",
- "RSA-PSK-AES128-GCM-SHA256",
- "RSA-PSK-AES128-CBC-SHA256",
- "RSA-PSK-AES256-CBC-SHA",
- "RSA-PSK-AES128-CBC-SHA"
- ],
- "description": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "user_lookup_fun": {
- "default": "emqx_tls_psk:lookup",
- "type": "string"
- },
- "secure_renegotiate": {
- "default": true,
- "description": "\nSSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.\n",
- "type": "boolean"
- },
- "dhfile": {
- "description": "Path to a file containing PEM-encoded Diffie Hellman parameters\nto be used by the server if a cipher suite using Diffie Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
- "type": "string"
- },
- "fail_if_no_peer_cert": {
- "default": false,
- "description": "\nUsed together with {verify, verify_peer} by an TLS/DTLS server.\nIf set to true, the server fails if the client does not have a\ncertificate to send, that is, sends an empty certificate.\nIf set to false, it fails only if the client sends an invalid\ncertificate (an empty certificate is considered valid).\n",
- "type": "boolean"
- },
- "honor_cipher_order": {
- "default": true,
- "type": "boolean"
- },
- "client_renegotiation": {
- "default": true,
- "description": "\nIn protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.\n",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_schema.trace": {
- "properties": {
- "payload_encode": {
- "default": "text",
- "description": "\nDetermine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol. It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`\n ",
- "symbols": [
- "hex",
- "text",
- "hidden"
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "emqx_schema.deflate_opts": {
- "properties": {
- "level": {
- "symbols": [
- "none",
- "default",
- "best_compression",
- "best_speed"
- ],
- "type": "enum"
- },
- "mem_level": {
- "default": 8,
- "maximum": 9,
- "minimum": 1,
- "type": "number"
- },
- "strategy": {
- "symbols": [
- "default",
- "filtered",
- "huffman_only",
- "rle"
- ],
- "type": "enum"
- },
- "server_context_takeover": {
- "symbols": [
- "takeover",
- "no_takeover"
- ],
- "type": "enum"
- },
- "client_context_takeover": {
- "symbols": [
- "takeover",
- "no_takeover"
- ],
- "type": "enum"
- },
- "server_max_window_bits": {
- "default": 15,
- "maximum": 15,
- "minimum": 8,
- "type": "number"
- },
- "client_max_window_bits": {
- "default": 15,
- "maximum": 15,
- "minimum": 8,
- "type": "number"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.log_burst_limit": {
- "properties": {
- "enable": {
- "default": true,
- "type": "boolean"
- },
- "max_count": {
- "default": 10000,
- "type": "number"
- },
- "window_time": {
- "default": "1s",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "zone.rate_limit": {
- "properties": {
- "max_conn_rate": {
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "conn_messages_in": {
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "conn_bytes_in": {
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_schema.sysmon_os": {
- "properties": {
- "cpu_check_interval": {
- "default": "60s",
- "type": "duration"
- },
- "cpu_high_watermark": {
- "default": "80%",
- "type": "percent"
- },
- "cpu_low_watermark": {
- "default": "60%",
- "type": "percent"
- },
- "mem_check_interval": {
- "default": "60s",
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- }
- ]
- },
- "sysmem_high_watermark": {
- "default": "70%",
- "type": "percent"
- },
- "procmem_high_watermark": {
- "default": "5%",
- "type": "percent"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.cluster_k8s": {
- "properties": {
- "apiserver": {
- "type": "string"
- },
- "service_name": {
- "default": "emqx",
- "type": "string"
- },
- "address_type": {
- "symbols": [
- "ip",
- "dns",
- "hostname"
- ],
- "type": "enum"
- },
- "app_name": {
- "default": "emqx",
- "type": "string"
- },
- "namespace": {
- "default": "default",
- "type": "string"
- },
- "suffix": {
- "default": "pod.local",
- "type": "string"
- }
- },
- "type": "object"
- },
- "statsd.statsd": {
- "required": [
- "flush_time_interval",
- "sample_time_interval",
- "server",
- "enable"
- ],
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "server": {
- "default": "127.0.0.1:8125",
- "type": "ip_port"
- },
- "sample_time_interval": {
- "default": "10s",
- "type": "duration"
- },
- "flush_time_interval": {
- "default": "10s",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "emqx_schema.mqtt_ssl_listener": {
- "required": [
- "bind"
- ],
- "properties": {
- "tcp": {
- "$ref": "#/components/schemas/emqx_schema.tcp_opts"
- },
- "ssl": {
- "$ref": "#/components/schemas/emqx_schema.listener_ssl_opts"
- },
- "bind": {
- "oneOf": [
- {
- "type": "number"
- },
- {
- "type": "ip_port"
- }
- ]
- },
- "acceptors": {
- "default": 16,
- "type": "number"
- },
- "max_connections": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "mountpoint": {
- "default": "",
- "type": "string"
- },
- "zone": {
- "default": "default",
- "type": "string"
- },
- "limiter": {
- "default": {},
- "properties": {
- "$ratelimit bucket's name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "access_rules": {
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "proxy_protocol": {
- "default": false,
- "type": "boolean"
- },
- "proxy_protocol_timeout": {
- "type": "duration"
- },
- "authentication": {
- "description": "Per-listener authentication override\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked\nin the configured order.
\n",
- "items": {
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-scram-builtin_db.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.jwks"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.public-key"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.hmac-based"
- },
- {
- "$ref": "#/components/schemas/authn-http.post"
- },
- {
- "$ref": "#/components/schemas/authn-http.get"
- },
- {
- "$ref": "#/components/schemas/authn-redis.sentinel"
- },
- {
- "$ref": "#/components/schemas/authn-redis.cluster"
- },
- {
- "$ref": "#/components/schemas/authn-redis.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.sharded-cluster"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.replica-set"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-postgresql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-mysql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-builtin_db.authentication"
- }
- ]
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "retainer.mnesia_config": {
- "properties": {
- "type": {
- "oneOf": [
- {
- "symbols": [
- "built_in_database"
- ],
- "type": "enum"
- }
- ]
- },
- "storage_type": {
- "default": "ram",
- "oneOf": [
- {
- "symbols": [
- "disc"
- ],
- "type": "enum"
- },
- {
- "symbols": [
- "ram"
- ],
- "type": "enum"
- }
- ]
- },
- "max_retained_messages": {
- "default": 0,
- "type": "number"
- }
- },
- "type": "object"
- },
- "zone.quota": {
- "properties": {
- "conn_messages_routing": {
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "overall_messages_routing": {
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.console_handler": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "level": {
- "default": "warning",
- "description": "Global log level. This includes the primary log level and all log handlers.",
- "symbols": [
- "debug",
- "info",
- "notice",
- "warning",
- "error",
- "critical",
- "alert",
- "emergency",
- "all"
- ],
- "type": "enum"
- },
- "time_offset": {
- "default": "system",
- "type": "string"
- },
- "chars_limit": {
- "default": "unlimited",
- "description": "Set the maximum length of a single log message. If this length is exceeded, the log message will be truncated.",
- "oneOf": [
- {
- "minimum": 1,
- "type": "number"
- },
- {
- "symbols": [
- "unlimited"
- ],
- "type": "enum"
- }
- ]
- },
- "formatter": {
- "default": "text",
- "description": "Choose log format. text for free text, and json for structured logging.",
- "symbols": [
- "text",
- "json"
- ],
- "type": "enum"
- },
- "single_line": {
- "default": true,
- "description": "Print logs in a single line if set to true. Otherwise, log messages may span multiple lines.",
- "type": "boolean"
- },
- "sync_mode_qlen": {
- "default": 100,
- "type": "number"
- },
- "drop_mode_qlen": {
- "default": 3000,
- "type": "number"
- },
- "flush_qlen": {
- "default": 8000,
- "type": "number"
- },
- "overload_kill": {
- "$ref": "#/components/schemas/emqx_conf_schema.log_overload_kill"
- },
- "burst_limit": {
- "$ref": "#/components/schemas/emqx_conf_schema.log_burst_limit"
- },
- "supervisor_reports": {
- "default": "error",
- "symbols": [
- "error",
- "progress"
- ],
- "type": "enum"
- },
- "max_depth": {
- "default": 100,
- "description": "Maximum depth for Erlang term log formatting and Erlang process message queue inspection.",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "unlimited"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_schema.mqtt": {
- "properties": {
- "idle_timeout": {
- "default": "15s",
- "description": "Close TCP connections from the clients that have not sent MQTT CONNECT\nmessage within this interval.",
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "max_packet_size": {
- "default": "1MB",
- "description": "Maximum MQTT packet size allowed.",
- "type": "byteSize"
- },
- "max_clientid_len": {
- "default": 65535,
- "description": "Maximum allowed length of MQTT clientId.",
- "maximum": 65535,
- "minimum": 23,
- "type": "number"
- },
- "max_topic_levels": {
- "default": 65535,
- "description": "Maximum topic levels allowed.",
- "maximum": 65535,
- "minimum": 1,
- "type": "number"
- },
- "max_qos_allowed": {
- "default": 2,
- "description": "Maximum QoS allowed.",
- "symbols": [
- 0,
- 1,
- 2
- ],
- "type": "enum"
- },
- "max_topic_alias": {
- "default": 65535,
- "description": "Maximum Topic Alias, 0 means no topic alias supported.",
- "maximum": 65535,
- "minimum": 0,
- "type": "number"
- },
- "retain_available": {
- "default": true,
- "description": "Support MQTT retained messages.",
- "type": "boolean"
- },
- "wildcard_subscription": {
- "default": true,
- "description": "Support MQTT Wildcard Subscriptions.",
- "type": "boolean"
- },
- "shared_subscription": {
- "default": true,
- "description": "Support MQTT Shared Subscriptions.",
- "type": "boolean"
- },
- "ignore_loop_deliver": {
- "default": false,
- "description": "Ignore loop delivery of messages for MQTT v3.1.1.",
- "type": "boolean"
- },
- "strict_mode": {
- "default": false,
- "description": "Parse the MQTT frame in strict mode.",
- "type": "boolean"
- },
- "response_information": {
- "default": "",
- "description": "Specify the response information returned to the client\nThis feature is disabled if is set to \"\".",
- "type": "string"
- },
- "server_keepalive": {
- "default": "disabled",
- "description": "'Server Keep Alive' of MQTT 5.0.\nIf the server returns a 'Server Keep Alive' in the CONNACK packet,\nthe client MUST use that value instead of the value it sent as the 'Keep Alive'.",
- "oneOf": [
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- },
- {
- "type": "number"
- }
- ]
- },
- "keepalive_backoff": {
- "default": 0.75,
- "description": "The backoff for MQTT keepalive timeout. The broker will close the connection\nafter idling for 'Keepalive * backoff * 2'.",
- "type": "number"
- },
- "max_subscriptions": {
- "default": "infinity",
- "description": "Maximum number of subscriptions allowed.",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "minimum": 1,
- "type": "number"
- }
- ]
- },
- "upgrade_qos": {
- "default": false,
- "description": "Force upgrade of QoS level according to subscription.",
- "type": "boolean"
- },
- "max_inflight": {
- "default": 32,
- "description": "Maximum size of the Inflight Window storing QoS1/2 messages delivered but un-acked.",
- "maximum": 65535,
- "minimum": 1,
- "type": "number"
- },
- "retry_interval": {
- "default": "30s",
- "description": "Retry interval for QoS1/2 message delivering.",
- "type": "duration"
- },
- "max_awaiting_rel": {
- "default": 100,
- "description": "Maximum QoS2 packets (Client -> Broker) awaiting PUBREL.",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "type": "number"
- }
- ]
- },
- "await_rel_timeout": {
- "default": "300s",
- "description": "The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.",
- "type": "duration"
- },
- "session_expiry_interval": {
- "default": "2h",
- "description": "Default session expiry interval for MQTT V3.1.1 connections.",
- "type": "duration"
- },
- "max_mqueue_len": {
- "default": 1000,
- "description": "Maximum queue length. Enqueued messages when persistent client disconnected,\nor inflight window is full.",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "minimum": 0,
- "type": "number"
- }
- ]
- },
- "mqueue_priorities": {
- "default": "disabled",
- "description": "Topic priorities.
\nThere's no priority table by default, hence all messages are treated equal.
\nPriority number [1-255]
\n\n**NOTE**: Comma and equal signs are not allowed for priority topic names.
\n**NOTE**: Messages for topics not in the priority table are treated as\neither highest or lowest priority depending on the configured value for\nmqtt.mqueue_default_priority.\n
\n**Examples**:\nTo configure \"topic/1\" > \"topic/2\":
\nmqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}",
- "oneOf": [
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- },
- {
- "type": "string"
- }
- ]
- },
- "mqueue_default_priority": {
- "default": "lowest",
- "description": "Default to the highest priority for topics not matching priority table.",
- "symbols": [
- "highest",
- "lowest"
- ],
- "type": "enum"
- },
- "mqueue_store_qos0": {
- "default": true,
- "description": "Support enqueue QoS0 messages.",
- "type": "boolean"
- },
- "use_username_as_clientid": {
- "default": false,
- "description": "Replace client ID with the username.",
- "type": "boolean"
- },
- "peer_cert_as_username": {
- "default": "disabled",
- "description": "Use the CN, DN or CRT field from the client certificate as a username.\nOnly works for the TLS connection.",
- "symbols": [
- "disabled",
- "cn",
- "dn",
- "crt",
- "pem",
- "md5"
- ],
- "type": "enum"
- },
- "peer_cert_as_clientid": {
- "default": "disabled",
- "description": "Use the CN, DN or CRT field from the client certificate as a clientid.\nOnly works for the TLS connection.",
- "symbols": [
- "disabled",
- "cn",
- "dn",
- "crt",
- "pem",
- "md5"
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "limiter.rate_burst": {
- "properties": {
- "rate": {
- "type": "string"
- },
- "burst": {
- "default": "0/0s",
- "type": "string"
- }
- },
- "type": "object"
- },
- "authn-hash.bcrypt_rw": {
- "properties": {
- "name": {
- "symbols": [
- "bcrypt"
- ],
- "type": "enum"
- },
- "salt_rounds": {
- "default": 10,
- "type": "number"
- }
- },
- "type": "object"
- },
- "authn-http.post": {
- "required": [
- "url",
- "backend",
- "mechanism"
- ],
- "properties": {
- "method": {
- "default": "post",
- "symbols": [
- "post"
- ],
- "type": "enum"
- },
- "headers": {
- "default": {
- "accept": "application/json",
- "cache-control": "no-cache",
- "connection": "keep-alive",
- "content-type": "application/json",
- "keep-alive": "timeout=30, max=1000"
- },
- "type": "string"
- },
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "http"
- ],
- "type": "enum"
- },
- "url": {
- "type": "string"
- },
- "body": {
- "type": "string"
- },
- "request_timeout": {
- "default": "5s",
- "type": "duration"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "connect_timeout": {
- "default": "15s",
- "description": "The timeout when connecting to the HTTP server",
- "type": "duration"
- },
- "enable_pipelining": {
- "default": true,
- "description": "Enable the HTTP pipeline",
- "type": "boolean"
- },
- "max_retries": {
- "default": 5,
- "description": "Max retry times if error on sending request",
- "minimum": 1,
- "type": "number"
- },
- "pool_size": {
- "default": 8,
- "description": "The pool size",
- "minimum": 1,
- "type": "number"
- },
- "request": {
- "description": "\nIf the request is provided, the caller can send HTTP requests via\nemqx_resource:query(ResourceId, {send_message, BridgeId, Message})\n",
- "$ref": "#/components/schemas/connector-http.request"
- },
- "retry_interval": {
- "default": "1s",
- "description": "Interval before next retry if error on sending request",
- "type": "duration"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "emqx_schema.sysmon_vm": {
- "properties": {
- "process_check_interval": {
- "default": "30s",
- "type": "duration"
- },
- "process_high_watermark": {
- "default": "80%",
- "type": "percent"
- },
- "process_low_watermark": {
- "default": "60%",
- "type": "percent"
- },
- "long_gc": {
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- }
- ]
- },
- "long_schedule": {
- "default": "240ms",
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- }
- ]
- },
- "large_heap": {
- "default": "32MB",
- "oneOf": [
- {
- "type": "byteSize"
- },
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- }
- ]
- },
- "busy_dist_port": {
- "default": true,
- "type": "boolean"
- },
- "busy_port": {
- "default": true,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "zone.force_gc": {
- "properties": {
- "enable": {
- "type": "boolean"
- },
- "count": {
- "description": "GC the process after this many received messages.",
- "minimum": 0,
- "type": "number"
- },
- "bytes": {
- "description": "GC the process after specified number of bytes have passed through.",
- "type": "byteSize"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.cluster_dns": {
- "properties": {
- "name": {
- "default": "localhost",
- "type": "string"
- },
- "app": {
- "default": "emqx",
- "type": "string"
- }
- },
- "type": "object"
- },
- "modules.delayed": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "max_delayed_messages": {
- "type": "number"
- }
- },
- "type": "object"
- },
- "emqx_connector_mongo.topology": {
- "properties": {
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "max_overflow": {
- "default": 8,
- "type": "number"
- },
- "overflow_ttl": {
- "type": "duration"
- },
- "overflow_check_period": {
- "type": "duration"
- },
- "local_threshold_ms": {
- "type": "duration"
- },
- "connect_timeout_ms": {
- "type": "duration"
- },
- "socket_timeout_ms": {
- "type": "duration"
- },
- "server_selection_timeout_ms": {
- "type": "duration"
- },
- "wait_queue_timeout_ms": {
- "type": "duration"
- },
- "heartbeat_frequency_ms": {
- "type": "duration"
- },
- "min_heartbeat_frequency_ms": {
- "type": "duration"
- }
- },
- "type": "object"
- },
- "retainer.flow_control": {
- "properties": {
- "max_read_number": {
- "default": 0,
- "type": "number"
- },
- "msg_deliver_quota": {
- "default": 0,
- "type": "number"
- },
- "quota_release_interval": {
- "default": "0ms",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "authn-redis.cluster": {
- "required": [
- "servers",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "redis"
- ],
- "type": "enum"
- },
- "cmd": {
- "type": "string"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "servers": {
- "description": "A Node list for Cluster to connect to. The nodes should be split with ',', such as: 'Node[,Node]'
\nFor each Node should be:
\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe Redis default port 6379 is used if '[:Port]' isn't present",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "redis_type": {
- "default": "cluster",
- "symbols": [
- "cluster"
- ],
- "type": "enum"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "password": {
- "type": "string"
- },
- "database": {
- "default": 0,
- "type": "number"
- },
- "auto_reconnect": {
- "default": true,
- "type": "boolean"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "emqx_schema.ws_opts": {
- "properties": {
- "mqtt_path": {
- "default": "/mqtt",
- "type": "string"
- },
- "mqtt_piggyback": {
- "default": "multiple",
- "symbols": [
- "single",
- "multiple"
- ],
- "type": "enum"
- },
- "compress": {
- "default": false,
- "type": "boolean"
- },
- "idle_timeout": {
- "default": "15s",
- "type": "duration"
- },
- "max_frame_size": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "fail_if_no_subprotocol": {
- "default": true,
- "type": "boolean"
- },
- "supported_subprotocols": {
- "default": "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5",
- "type": "comma_separated_string"
- },
- "check_origin_enable": {
- "default": false,
- "type": "boolean"
- },
- "allow_origin_absence": {
- "default": true,
- "type": "boolean"
- },
- "check_origins": {
- "default": "",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "proxy_address_header": {
- "default": "x-forwarded-for",
- "type": "string"
- },
- "proxy_port_header": {
- "default": "x-forwarded-port",
- "type": "string"
- },
- "deflate_opts": {
- "$ref": "#/components/schemas/emqx_schema.deflate_opts"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.log_file_handler": {
- "properties": {
- "file": {
- "type": "string"
- },
- "rotation": {
- "$ref": "#/components/schemas/emqx_conf_schema.log_rotation"
- },
- "max_size": {
- "default": "10MB",
- "oneOf": [
- {
- "type": "byteSize"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "level": {
- "default": "warning",
- "description": "Global log level. This includes the primary log level and all log handlers.",
- "symbols": [
- "debug",
- "info",
- "notice",
- "warning",
- "error",
- "critical",
- "alert",
- "emergency",
- "all"
- ],
- "type": "enum"
- },
- "time_offset": {
- "default": "system",
- "type": "string"
- },
- "chars_limit": {
- "default": "unlimited",
- "description": "Set the maximum length of a single log message. If this length is exceeded, the log message will be truncated.",
- "oneOf": [
- {
- "minimum": 1,
- "type": "number"
- },
- {
- "symbols": [
- "unlimited"
- ],
- "type": "enum"
- }
- ]
- },
- "formatter": {
- "default": "text",
- "description": "Choose log format. text for free text, and json for structured logging.",
- "symbols": [
- "text",
- "json"
- ],
- "type": "enum"
- },
- "single_line": {
- "default": true,
- "description": "Print logs in a single line if set to true. Otherwise, log messages may span multiple lines.",
- "type": "boolean"
- },
- "sync_mode_qlen": {
- "default": 100,
- "type": "number"
- },
- "drop_mode_qlen": {
- "default": 3000,
- "type": "number"
- },
- "flush_qlen": {
- "default": 8000,
- "type": "number"
- },
- "overload_kill": {
- "$ref": "#/components/schemas/emqx_conf_schema.log_overload_kill"
- },
- "burst_limit": {
- "$ref": "#/components/schemas/emqx_conf_schema.log_burst_limit"
- },
- "supervisor_reports": {
- "default": "error",
- "symbols": [
- "error",
- "progress"
- ],
- "type": "enum"
- },
- "max_depth": {
- "default": 100,
- "description": "Maximum depth for Erlang term log formatting and Erlang process message queue inspection.",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "unlimited"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "retainer.retainer": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "msg_expiry_interval": {
- "default": "0s",
- "type": "duration"
- },
- "msg_clear_interval": {
- "default": "0s",
- "type": "duration"
- },
- "flow_control": {
- "$ref": "#/components/schemas/retainer.flow_control"
- },
- "max_payload_size": {
- "default": "1MB",
- "type": "byteSize"
- },
- "stop_publish_clear_msg": {
- "default": false,
- "type": "boolean"
- },
- "config": {
- "oneOf": [
- {
- "$ref": "#/components/schemas/retainer.mnesia_config"
- }
- ]
- }
- },
- "type": "object"
- },
- "authn-jwt.hmac-based": {
- "required": [
- "mechanism"
- ],
- "properties": {
- "use_jwks": {
- "symbols": [
- false
- ],
- "type": "enum"
- },
- "algorithm": {
- "symbols": [
- "hmac-based"
- ],
- "type": "enum"
- },
- "secret": {
- "type": "string"
- },
- "secret_base64_encoded": {
- "default": false,
- "type": "boolean"
- },
- "mechanism": {
- "symbols": [
- "jwt"
- ],
- "type": "enum"
- },
- "verify_claims": {
- "default": {},
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "zone.flapping_detect": {
- "properties": {
- "enable": {
- "type": "boolean"
- },
- "max_count": {
- "type": "number"
- },
- "window_time": {
- "type": "duration"
- },
- "ban_time": {
- "type": "duration"
- }
- },
- "type": "object"
- },
- "zone.stats": {
- "properties": {
- "enable": {
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "authn-mongodb.replica-set": {
- "required": [
- "database",
- "servers",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "mongodb"
- ],
- "type": "enum"
- },
- "collection": {
- "type": "string"
- },
- "selector": {
- "type": "string"
- },
- "password_hash_field": {
- "type": "string"
- },
- "salt_field": {
- "type": "string"
- },
- "is_superuser_field": {
- "type": "string"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "mongo_type": {
- "default": "rs",
- "symbols": [
- "rs"
- ],
- "type": "enum"
- },
- "servers": {
- "description": "A Node list for Cluster to connect to. The nodes should be split with ',', such as: 'Node[,Node]'
\nFor each Node should be:
\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe MongoDB default port 27017 is used if '[:Port]' isn't present",
- "type": "string"
- },
- "w_mode": {
- "default": "unsafe",
- "symbols": [
- "unsafe",
- "safe"
- ],
- "type": "enum"
- },
- "r_mode": {
- "default": "master",
- "symbols": [
- "master",
- "slave_ok"
- ],
- "type": "enum"
- },
- "replica_set_name": {
- "type": "string"
- },
- "srv_record": {
- "default": false,
- "type": "boolean"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "auth_source": {
- "type": "string"
- },
- "database": {
- "type": "string"
- },
- "topology": {
- "$ref": "#/components/schemas/emqx_connector_mongo.topology"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "emqx_schema.stats": {
- "properties": {
- "enable": {
- "default": true,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.log_overload_kill": {
- "properties": {
- "enable": {
- "default": true,
- "type": "boolean"
- },
- "mem_size": {
- "default": "30MB",
- "type": "byteSize"
- },
- "qlen": {
- "default": 20000,
- "type": "number"
- },
- "restart_after": {
- "default": "5s",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "type": "duration"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_schema.rate_limit": {
- "properties": {
- "max_conn_rate": {
- "default": 1000,
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "conn_messages_in": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "conn_bytes_in": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_schema.sysmon_top": {
- "properties": {
- "num_items": {
- "default": 10,
- "description": "The number of top processes per monitoring group",
- "minimum": 1,
- "type": "number"
- },
- "sample_interval": {
- "default": "2s",
- "description": "Specifies how often process top should be collected",
- "type": "duration"
- },
- "max_procs": {
- "default": 1000000,
- "description": "Stop collecting data when the number of processes\nin the VM exceeds this value",
- "minimum": 1,
- "type": "number"
- },
- "db_hostname": {
- "default": "",
- "description": "Hostname of the PostgreSQL database that collects the data points",
- "type": "string"
- },
- "db_port": {
- "default": 5432,
- "description": "Port of the PostgreSQL database that collects the data points",
- "type": "number"
- },
- "db_username": {
- "default": "system_monitor",
- "description": "EMQX username in the PostgreSQL database",
- "type": "string"
- },
- "db_password": {
- "default": "system_monitor_password",
- "description": "EMQX user password in the PostgreSQL database",
- "type": "string"
- },
- "db_name": {
- "default": "postgres",
- "description": "PostgreSQL database name",
- "type": "string"
- }
- },
- "type": "object"
- },
- "authn-redis.standalone": {
- "required": [
- "server",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "redis"
- ],
- "type": "enum"
- },
- "cmd": {
- "type": "string"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "server": {
- "description": "\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe Redis default port 6379 is used if '[:Port]' isn't present",
- "type": "ip_port"
- },
- "redis_type": {
- "default": "single",
- "symbols": [
- "single"
- ],
- "type": "enum"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "password": {
- "type": "string"
- },
- "database": {
- "default": 0,
- "type": "number"
- },
- "auto_reconnect": {
- "default": true,
- "type": "boolean"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "authn-jwt.public-key": {
- "required": [
- "mechanism"
- ],
- "properties": {
- "use_jwks": {
- "symbols": [
- false
- ],
- "type": "enum"
- },
- "algorithm": {
- "symbols": [
- "public-key"
- ],
- "type": "enum"
- },
- "certificate": {
- "type": "string"
- },
- "mechanism": {
- "symbols": [
- "jwt"
- ],
- "type": "enum"
- },
- "verify_claims": {
- "default": {},
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.cluster_static": {
- "properties": {
- "seeds": {
- "default": "",
- "items": {
- "type": "string"
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "authn-redis.sentinel": {
- "required": [
- "servers",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "redis"
- ],
- "type": "enum"
- },
- "cmd": {
- "type": "string"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "servers": {
- "description": "A Node list for Cluster to connect to. The nodes should be split with ',', such as: 'Node[,Node]'
\nFor each Node should be:
\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe Redis default port 6379 is used if '[:Port]' isn't present",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "redis_type": {
- "default": "sentinel",
- "symbols": [
- "sentinel"
- ],
- "type": "enum"
- },
- "sentinel": {
- "type": "string"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "password": {
- "type": "string"
- },
- "database": {
- "default": 0,
- "type": "number"
- },
- "auto_reconnect": {
- "default": true,
- "type": "boolean"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.cluster_call": {
- "properties": {
- "retry_interval": {
- "default": "1s",
- "description": "Time interval to retry after a failed call.",
- "type": "duration"
- },
- "max_history": {
- "default": 100,
- "description": "Retain the maximum number of completed transactions (for queries).",
- "maximum": 500,
- "minimum": 1,
- "type": "number"
- },
- "cleanup_interval": {
- "default": "5m",
- "description": "Time interval to clear completed but stale transactions.\nEnsure that the number of completed transactions is less than the max_history.",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "zone.overload_protection": {
- "properties": {
- "enable": {
- "description": "React on system overload or not",
- "type": "boolean"
- },
- "backoff_delay": {
- "description": "Some unimportant tasks could be delayed for execution, here set the delays in ms",
- "minimum": 0,
- "type": "number"
- },
- "backoff_gc": {
- "description": "Skip forceful GC if necessary",
- "type": "boolean"
- },
- "backoff_hibernation": {
- "description": "Skip process hibernation if necessary",
- "type": "boolean"
- },
- "backoff_new_conn": {
- "description": "Close new incoming connections if necessary",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "configuration.cluster": {
- "properties": {
- "name": {
- "default": "emqxcl",
- "type": "string"
- },
- "discovery_strategy": {
- "default": "manual",
- "symbols": [
- "manual",
- "static",
- "mcast",
- "dns",
- "etcd",
- "k8s"
- ],
- "type": "enum"
- },
- "autoclean": {
- "default": "5m",
- "type": "duration"
- },
- "autoheal": {
- "default": true,
- "type": "boolean"
- },
- "static": {
- "$ref": "#/components/schemas/emqx_conf_schema.cluster_static"
- },
- "mcast": {
- "$ref": "#/components/schemas/emqx_conf_schema.cluster_mcast"
- },
- "proto_dist": {
- "default": "inet_tcp",
- "symbols": [
- "inet_tcp",
- "inet6_tcp",
- "inet_tls"
- ],
- "type": "enum"
- },
- "dns": {
- "$ref": "#/components/schemas/emqx_conf_schema.cluster_dns"
- },
- "etcd": {
- "$ref": "#/components/schemas/emqx_conf_schema.cluster_etcd"
- },
- "k8s": {
- "$ref": "#/components/schemas/emqx_conf_schema.cluster_k8s"
- }
- },
- "type": "object"
- },
- "emqx_schema.force_gc": {
- "properties": {
- "enable": {
- "default": true,
- "type": "boolean"
- },
- "count": {
- "default": 16000,
- "description": "GC the process after this many received messages.",
- "minimum": 0,
- "type": "number"
- },
- "bytes": {
- "default": "16MB",
- "description": "GC the process after specified number of bytes have passed through.",
- "type": "byteSize"
- }
- },
- "type": "object"
- },
- "authn-hash.other_algorithms": {
- "properties": {
- "name": {
- "symbols": [
- "plain",
- "md5",
- "sha",
- "sha256",
- "sha512"
- ],
- "type": "enum"
- },
- "salt_position": {
- "default": "prefix",
- "symbols": [
- "prefix",
- "suffix"
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "modules.topic_metrics": {
- "properties": {
- "topic": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "authn-http.get": {
- "required": [
- "url",
- "backend",
- "mechanism"
- ],
- "properties": {
- "method": {
- "default": "post",
- "symbols": [
- "get"
- ],
- "type": "enum"
- },
- "headers": {
- "default": {
- "accept": "application/json",
- "cache-control": "no-cache",
- "connection": "keep-alive",
- "keep-alive": "timeout=30, max=1000"
- },
- "type": "string"
- },
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "http"
- ],
- "type": "enum"
- },
- "url": {
- "type": "string"
- },
- "body": {
- "type": "string"
- },
- "request_timeout": {
- "default": "5s",
- "type": "duration"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "connect_timeout": {
- "default": "15s",
- "description": "The timeout when connecting to the HTTP server",
- "type": "duration"
- },
- "enable_pipelining": {
- "default": true,
- "description": "Enable the HTTP pipeline",
- "type": "boolean"
- },
- "max_retries": {
- "default": 5,
- "description": "Max retry times if error on sending request",
- "minimum": 1,
- "type": "number"
- },
- "pool_size": {
- "default": 8,
- "description": "The pool size",
- "minimum": 1,
- "type": "number"
- },
- "request": {
- "description": "\nIf the request is provided, the caller can send HTTP requests via\nemqx_resource:query(ResourceId, {send_message, BridgeId, Message})\n",
- "$ref": "#/components/schemas/connector-http.request"
- },
- "retry_interval": {
- "default": "1s",
- "description": "Interval before next retry if error on sending request",
- "type": "duration"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "limiter.client_bucket": {
- "properties": {
- "rate": {
- "type": "string"
- },
- "initial": {
- "default": "0",
- "type": "string"
- },
- "low_water_mark": {
- "default": "0",
- "description": "If the remaining tokens are lower than this value,\nthe check/consume will succeed, but it will be forced to wait for a short period of time.",
- "type": "string"
- },
- "capacity": {
- "description": "The capacity of the token bucket.",
- "type": "string"
- },
- "divisible": {
- "default": false,
- "description": "Is it possible to split the number of requested tokens?",
- "type": "boolean"
- },
- "max_retry_time": {
- "default": "5s",
- "description": "The maximum retry time when acquire failed.",
- "type": "duration"
- },
- "failure_strategy": {
- "default": "force",
- "description": "The strategy when all the retries failed.",
- "symbols": [
- "force",
- "drop",
- "throw"
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "authn-postgresql.authentication": {
- "required": [
- "database",
- "server",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "postgresql"
- ],
- "type": "enum"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "query": {
- "type": "string"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "server": {
- "description": "\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe PostgreSQL default port 5432 is used if '[:Port]' isn't present",
- "type": "ip_port"
- },
- "database": {
- "type": "string"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "auto_reconnect": {
- "default": true,
- "type": "boolean"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "emqx_schema.alarm": {
- "properties": {
- "actions": {
- "default": [
- "log",
- "publish"
- ],
- "description": "The actions triggered when the alarm is activated.
\nCurrently, the following actions are supported: log and publish.\nlog is to write the alarm to log (console or file).\npublish is to publish the alarm as an MQTT message to the system topics:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate",
- "example": [
- "log",
- "publish"
- ],
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "size_limit": {
- "default": 1000,
- "description": "The maximum total number of deactivated alarms to keep as history.
\nWhen this limit is exceeded, the oldest deactivated alarms are deleted to cap the total number.\n",
- "example": 1000,
- "maximum": 3000,
- "minimum": 1,
- "type": "number"
- },
- "validity_period": {
- "default": "24h",
- "description": "Retention time of deactivated alarms. Alarms are not deleted immediately\nwhen deactivated, but after the retention time.\n",
- "example": "24h",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "authn-jwt.jwks": {
- "required": [
- "mechanism"
- ],
- "properties": {
- "use_jwks": {
- "symbols": [
- true
- ],
- "type": "enum"
- },
- "endpoint": {
- "type": "string"
- },
- "refresh_interval": {
- "default": 300,
- "type": "number"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-jwt.ssl_disable"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.ssl_enable"
- }
- ]
- },
- "mechanism": {
- "symbols": [
- "jwt"
- ],
- "type": "enum"
- },
- "verify_claims": {
- "default": {},
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_schema.sysmon": {
- "properties": {
- "vm": {
- "description": "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc.",
- "$ref": "#/components/schemas/emqx_schema.sysmon_vm"
- },
- "os": {
- "description": "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc.",
- "$ref": "#/components/schemas/emqx_schema.sysmon_os"
- },
- "top": {
- "description": "This part of the configuration is responsible for monitoring\n the Erlang processes in the VM. This information can be sent to an external\n PostgreSQL database. This feature is inactive unless the PostgreSQL sink is configured.",
- "$ref": "#/components/schemas/emqx_schema.sysmon_top"
- }
- },
- "type": "object"
- },
- "authn-mongodb.standalone": {
- "required": [
- "database",
- "server",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "mongodb"
- ],
- "type": "enum"
- },
- "collection": {
- "type": "string"
- },
- "selector": {
- "type": "string"
- },
- "password_hash_field": {
- "type": "string"
- },
- "salt_field": {
- "type": "string"
- },
- "is_superuser_field": {
- "type": "string"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "mongo_type": {
- "default": "single",
- "symbols": [
- "single"
- ],
- "type": "enum"
- },
- "server": {
- "description": "\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe MongoDB default port 27017 is used if '[:Port]' isn't present",
- "type": "ip_port"
- },
- "w_mode": {
- "default": "unsafe",
- "symbols": [
- "unsafe",
- "safe"
- ],
- "type": "enum"
- },
- "srv_record": {
- "default": false,
- "type": "boolean"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "auth_source": {
- "type": "string"
- },
- "database": {
- "type": "string"
- },
- "topology": {
- "$ref": "#/components/schemas/emqx_connector_mongo.topology"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "configuration.log": {
- "properties": {
- "console_handler": {
- "$ref": "#/components/schemas/emqx_conf_schema.console_handler"
- },
- "file_handlers": {
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_conf_schema.log_file_handler"
- }
- },
- "type": "object"
- },
- "error_logger": {
- "default": "silent",
- "type": "string"
- }
- },
- "type": "object"
- },
- "prometheus.prometheus": {
- "properties": {
- "push_gateway_server": {
- "default": "http://127.0.0.1:9091",
- "type": "string"
- },
- "interval": {
- "default": "15s",
- "type": "duration"
- },
- "enable": {
- "default": false,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "authn-hash.bcrypt": {
- "properties": {
- "name": {
- "symbols": [
- "bcrypt"
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "emqx_schema.quota": {
- "properties": {
- "conn_messages_routing": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "overall_messages_routing": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "comma_separated_string"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- }
- },
- "type": "object"
- },
- "emqx_schema.conn_congestion": {
- "properties": {
- "enable_alarm": {
- "default": false,
- "type": "boolean"
- },
- "min_alarm_sustain_duration": {
- "default": "1m",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "authn-jwt.ssl_disable": {
- "properties": {
- "enable": {
- "symbols": [
- false
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "emqx_schema.listener_wss_opts": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "cacertfile": {
- "description": "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.\n",
- "type": "string"
- },
- "certfile": {
- "description": "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.\n",
- "type": "string"
- },
- "keyfile": {
- "description": "PEM format private key file.
\n",
- "type": "string"
- },
- "verify": {
- "default": "verify_none",
- "symbols": [
- "verify_peer",
- "verify_none"
- ],
- "type": "enum"
- },
- "reuse_sessions": {
- "default": true,
- "type": "boolean"
- },
- "depth": {
- "default": 10,
- "type": "number"
- },
- "password": {
- "description": "String containing the user's password. Only used if the private\nkey file is password-protected.",
- "type": "string"
- },
- "versions": {
- "default": [
- "tlsv1.3",
- "tlsv1.2",
- "tlsv1.1",
- "tlsv1"
- ],
- "description": "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIn case PSK cipher suites are intended, make sure to configured\n['tlsv1.2', 'tlsv1.1'] here.\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "ciphers": {
- "default": [
- "TLS_AES_256_GCM_SHA384",
- "TLS_AES_128_GCM_SHA256",
- "TLS_CHACHA20_POLY1305_SHA256",
- "TLS_AES_128_CCM_SHA256",
- "TLS_AES_128_CCM_8_SHA256",
- "ECDHE-ECDSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-ECDSA-AES256-SHA384",
- "ECDHE-RSA-AES256-SHA384",
- "ECDH-ECDSA-AES256-GCM-SHA384",
- "ECDH-RSA-AES256-GCM-SHA384",
- "ECDH-ECDSA-AES256-SHA384",
- "ECDH-RSA-AES256-SHA384",
- "DHE-DSS-AES256-GCM-SHA384",
- "DHE-DSS-AES256-SHA256",
- "AES256-GCM-SHA384",
- "AES256-SHA256",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "ECDHE-RSA-AES128-GCM-SHA256",
- "ECDHE-ECDSA-AES128-SHA256",
- "ECDHE-RSA-AES128-SHA256",
- "ECDH-ECDSA-AES128-GCM-SHA256",
- "ECDH-RSA-AES128-GCM-SHA256",
- "ECDH-ECDSA-AES128-SHA256",
- "ECDH-RSA-AES128-SHA256",
- "DHE-DSS-AES128-GCM-SHA256",
- "DHE-DSS-AES128-SHA256",
- "AES128-GCM-SHA256",
- "AES128-SHA256",
- "ECDHE-ECDSA-AES256-SHA",
- "ECDHE-RSA-AES256-SHA",
- "DHE-DSS-AES256-SHA",
- "ECDH-ECDSA-AES256-SHA",
- "ECDH-RSA-AES256-SHA",
- "ECDHE-ECDSA-AES128-SHA",
- "ECDHE-RSA-AES128-SHA",
- "DHE-DSS-AES128-SHA",
- "ECDH-ECDSA-AES128-SHA",
- "ECDH-RSA-AES128-SHA",
- "RSA-PSK-AES256-GCM-SHA384",
- "RSA-PSK-AES256-CBC-SHA384",
- "RSA-PSK-AES128-GCM-SHA256",
- "RSA-PSK-AES128-CBC-SHA256",
- "RSA-PSK-AES256-CBC-SHA",
- "RSA-PSK-AES128-CBC-SHA"
- ],
- "description": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "user_lookup_fun": {
- "default": "emqx_tls_psk:lookup",
- "type": "string"
- },
- "secure_renegotiate": {
- "default": true,
- "description": "\nSSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.\n",
- "type": "boolean"
- },
- "dhfile": {
- "description": "Path to a file containing PEM-encoded Diffie Hellman parameters\nto be used by the server if a cipher suite using Diffie Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
- "type": "string"
- },
- "fail_if_no_peer_cert": {
- "default": false,
- "description": "\nUsed together with {verify, verify_peer} by an TLS/DTLS server.\nIf set to true, the server fails if the client does not have a\ncertificate to send, that is, sends an empty certificate.\nIf set to false, it fails only if the client sends an invalid\ncertificate (an empty certificate is considered valid).\n",
- "type": "boolean"
- },
- "honor_cipher_order": {
- "default": true,
- "type": "boolean"
- },
- "client_renegotiation": {
- "default": true,
- "description": "\nIn protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.\n",
- "type": "boolean"
- },
- "handshake_timeout": {
- "default": "15s",
- "description": "Maximum time duration allowed for the handshake to complete",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "modules.telemetry": {
- "properties": {
- "enable": {
- "default": false,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_schema.mqtt_tcp_listener": {
- "required": [
- "bind"
- ],
- "properties": {
- "tcp": {
- "description": "TCP listener options",
- "$ref": "#/components/schemas/emqx_schema.tcp_opts"
- },
- "bind": {
- "oneOf": [
- {
- "type": "number"
- },
- {
- "type": "ip_port"
- }
- ]
- },
- "acceptors": {
- "default": 16,
- "type": "number"
- },
- "max_connections": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "mountpoint": {
- "default": "",
- "type": "string"
- },
- "zone": {
- "default": "default",
- "type": "string"
- },
- "limiter": {
- "default": {},
- "properties": {
- "$ratelimit bucket's name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "access_rules": {
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "proxy_protocol": {
- "default": false,
- "type": "boolean"
- },
- "proxy_protocol_timeout": {
- "type": "duration"
- },
- "authentication": {
- "description": "Per-listener authentication override\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked\nin the configured order.
\n",
- "items": {
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-scram-builtin_db.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.jwks"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.public-key"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.hmac-based"
- },
- {
- "$ref": "#/components/schemas/authn-http.post"
- },
- {
- "$ref": "#/components/schemas/authn-http.get"
- },
- {
- "$ref": "#/components/schemas/authn-redis.sentinel"
- },
- {
- "$ref": "#/components/schemas/authn-redis.cluster"
- },
- {
- "$ref": "#/components/schemas/authn-redis.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.sharded-cluster"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.replica-set"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-postgresql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-mysql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-builtin_db.authentication"
- }
- ]
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "emqx_schema.broker": {
- "properties": {
- "sys_msg_interval": {
- "default": "1m",
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- }
- ]
- },
- "sys_heartbeat_interval": {
- "default": "30s",
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- }
- ]
- },
- "enable_session_registry": {
- "default": true,
- "type": "boolean"
- },
- "session_locking_strategy": {
- "default": "quorum",
- "symbols": [
- "local",
- "leader",
- "quorum",
- "all"
- ],
- "type": "enum"
- },
- "shared_subscription_strategy": {
- "default": "round_robin",
- "symbols": [
- "random",
- "round_robin",
- "sticky",
- "hash_topic",
- "hash_clientid"
- ],
- "type": "enum"
- },
- "shared_dispatch_ack_enabled": {
- "default": false,
- "type": "boolean"
- },
- "route_batch_clean": {
- "default": true,
- "type": "boolean"
- },
- "perf": {
- "description": "Broker performance tuning parameters",
- "$ref": "#/components/schemas/emqx_schema.broker_perf"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.cluster_mcast": {
- "properties": {
- "addr": {
- "default": "239.192.0.1",
- "type": "string"
- },
- "ports": {
- "default": [
- 4369,
- 4370
- ],
- "items": {
- "type": "number"
- },
- "type": "array"
- },
- "iface": {
- "default": "0.0.0.0",
- "type": "string"
- },
- "ttl": {
- "default": 255,
- "maximum": 255,
- "minimum": 0,
- "type": "number"
- },
- "loop": {
- "default": true,
- "type": "boolean"
- },
- "sndbuf": {
- "default": "16KB",
- "type": "byteSize"
- },
- "recbuf": {
- "default": "16KB",
- "type": "byteSize"
- },
- "buffer": {
- "default": "32KB",
- "type": "byteSize"
- }
- },
- "type": "object"
- },
- "zone.mqtt": {
- "properties": {
- "idle_timeout": {
- "description": "Close TCP connections from the clients that have not sent MQTT CONNECT\nmessage within this interval.",
- "oneOf": [
- {
- "type": "duration"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "max_packet_size": {
- "description": "Maximum MQTT packet size allowed.",
- "type": "byteSize"
- },
- "max_clientid_len": {
- "description": "Maximum allowed length of MQTT clientId.",
- "maximum": 65535,
- "minimum": 23,
- "type": "number"
- },
- "max_topic_levels": {
- "description": "Maximum topic levels allowed.",
- "maximum": 65535,
- "minimum": 1,
- "type": "number"
- },
- "max_qos_allowed": {
- "description": "Maximum QoS allowed.",
- "symbols": [
- 0,
- 1,
- 2
- ],
- "type": "enum"
- },
- "max_topic_alias": {
- "description": "Maximum Topic Alias, 0 means no topic alias supported.",
- "maximum": 65535,
- "minimum": 0,
- "type": "number"
- },
- "retain_available": {
- "description": "Support MQTT retained messages.",
- "type": "boolean"
- },
- "wildcard_subscription": {
- "description": "Support MQTT Wildcard Subscriptions.",
- "type": "boolean"
- },
- "shared_subscription": {
- "description": "Support MQTT Shared Subscriptions.",
- "type": "boolean"
- },
- "ignore_loop_deliver": {
- "description": "Ignore loop delivery of messages for MQTT v3.1.1.",
- "type": "boolean"
- },
- "strict_mode": {
- "description": "Parse the MQTT frame in strict mode.",
- "type": "boolean"
- },
- "response_information": {
- "description": "Specify the response information returned to the client\nThis feature is disabled if is set to \"\".",
- "type": "string"
- },
- "server_keepalive": {
- "description": "'Server Keep Alive' of MQTT 5.0.\nIf the server returns a 'Server Keep Alive' in the CONNACK packet,\nthe client MUST use that value instead of the value it sent as the 'Keep Alive'.",
- "oneOf": [
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- },
- {
- "type": "number"
- }
- ]
- },
- "keepalive_backoff": {
- "description": "The backoff for MQTT keepalive timeout. The broker will close the connection\nafter idling for 'Keepalive * backoff * 2'.",
- "type": "number"
- },
- "max_subscriptions": {
- "description": "Maximum number of subscriptions allowed.",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "minimum": 1,
- "type": "number"
- }
- ]
- },
- "upgrade_qos": {
- "description": "Force upgrade of QoS level according to subscription.",
- "type": "boolean"
- },
- "max_inflight": {
- "description": "Maximum size of the Inflight Window storing QoS1/2 messages delivered but un-acked.",
- "maximum": 65535,
- "minimum": 1,
- "type": "number"
- },
- "retry_interval": {
- "description": "Retry interval for QoS1/2 message delivering.",
- "type": "duration"
- },
- "max_awaiting_rel": {
- "description": "Maximum QoS2 packets (Client -> Broker) awaiting PUBREL.",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "type": "number"
- }
- ]
- },
- "await_rel_timeout": {
- "description": "The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.",
- "type": "duration"
- },
- "session_expiry_interval": {
- "description": "Default session expiry interval for MQTT V3.1.1 connections.",
- "type": "duration"
- },
- "max_mqueue_len": {
- "description": "Maximum queue length. Enqueued messages when persistent client disconnected,\nor inflight window is full.",
- "oneOf": [
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- },
- {
- "minimum": 0,
- "type": "number"
- }
- ]
- },
- "mqueue_priorities": {
- "description": "Topic priorities.
\nThere's no priority table by default, hence all messages are treated equal.
\nPriority number [1-255]
\n\n**NOTE**: Comma and equal signs are not allowed for priority topic names.
\n**NOTE**: Messages for topics not in the priority table are treated as\neither highest or lowest priority depending on the configured value for\nmqtt.mqueue_default_priority.\n
\n**Examples**:\nTo configure \"topic/1\" > \"topic/2\":
\nmqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}",
- "oneOf": [
- {
- "symbols": [
- "disabled"
- ],
- "type": "enum"
- },
- {
- "type": "string"
- }
- ]
- },
- "mqueue_default_priority": {
- "description": "Default to the highest priority for topics not matching priority table.",
- "symbols": [
- "highest",
- "lowest"
- ],
- "type": "enum"
- },
- "mqueue_store_qos0": {
- "description": "Support enqueue QoS0 messages.",
- "type": "boolean"
- },
- "use_username_as_clientid": {
- "description": "Replace client ID with the username.",
- "type": "boolean"
- },
- "peer_cert_as_username": {
- "description": "Use the CN, DN or CRT field from the client certificate as a username.\nOnly works for the TLS connection.",
- "symbols": [
- "disabled",
- "cn",
- "dn",
- "crt",
- "pem",
- "md5"
- ],
- "type": "enum"
- },
- "peer_cert_as_clientid": {
- "description": "Use the CN, DN or CRT field from the client certificate as a clientid.\nOnly works for the TLS connection.",
- "symbols": [
- "disabled",
- "cn",
- "dn",
- "crt",
- "pem",
- "md5"
- ],
- "type": "enum"
- }
- },
- "type": "object"
- },
- "authn-scram-builtin_db.authentication": {
- "required": [
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "scram"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "built-in-database"
- ],
- "type": "enum"
- },
- "algorithm": {
- "default": "sha256",
- "symbols": [
- "sha256",
- "sha512"
- ],
- "type": "enum"
- },
- "iteration_count": {
- "default": 4096,
- "minimum": 1,
- "type": "number"
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "zone.conn_congestion": {
- "properties": {
- "enable_alarm": {
- "type": "boolean"
- },
- "min_alarm_sustain_duration": {
- "type": "duration"
- }
- },
- "type": "object"
- },
- "limiter.limiter": {
- "properties": {
- "bytes_in": {
- "$ref": "#/components/schemas/limiter.limiter_opts"
- },
- "message_in": {
- "$ref": "#/components/schemas/limiter.limiter_opts"
- },
- "connection": {
- "$ref": "#/components/schemas/limiter.limiter_opts"
- },
- "message_routing": {
- "$ref": "#/components/schemas/limiter.limiter_opts"
- }
- },
- "type": "object"
- },
- "dashboard.https": {
- "required": [
- "bind",
- "protocol"
- ],
- "properties": {
- "protocol": {
- "default": "http",
- "description": "HTTP/HTTPS protocol.",
- "symbols": [
- "http",
- "https"
- ],
- "type": "enum"
- },
- "bind": {
- "default": 18083,
- "description": "Port without IP(18083) or port with specified IP(127.0.0.1:18083).",
- "oneOf": [
- {
- "type": "ip_port"
- },
- {
- "minimum": 1,
- "type": "number"
- }
- ]
- },
- "num_acceptors": {
- "default": 4,
- "description": "Socket acceptor pool for TCP protocols.",
- "type": "number"
- },
- "max_connections": {
- "default": 512,
- "type": "number"
- },
- "backlog": {
- "default": 1024,
- "description": "Defines the maximum length that the queue of pending connections can grow to.",
- "type": "number"
- },
- "send_timeout": {
- "default": "5s",
- "type": "duration"
- },
- "inet6": {
- "default": false,
- "type": "boolean"
- },
- "ipv6_v6only": {
- "default": false,
- "type": "boolean"
- },
- "enable": {
- "default": false,
- "type": "boolean"
- },
- "cacertfile": {
- "description": "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.\n",
- "type": "string"
- },
- "certfile": {
- "description": "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.\n",
- "type": "string"
- },
- "keyfile": {
- "description": "PEM format private key file.
\n",
- "type": "string"
- },
- "verify": {
- "default": "verify_none",
- "symbols": [
- "verify_peer",
- "verify_none"
- ],
- "type": "enum"
- },
- "reuse_sessions": {
- "default": true,
- "type": "boolean"
- },
- "depth": {
- "default": 10,
- "type": "number"
- },
- "password": {
- "description": "String containing the user's password. Only used if the private\nkey file is password-protected.",
- "type": "string"
- },
- "versions": {
- "default": [
- "tlsv1.3",
- "tlsv1.2",
- "tlsv1.1",
- "tlsv1"
- ],
- "description": "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIn case PSK cipher suites are intended, make sure to configured\n['tlsv1.2', 'tlsv1.1'] here.\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "ciphers": {
- "default": [
- "TLS_AES_256_GCM_SHA384",
- "TLS_AES_128_GCM_SHA256",
- "TLS_CHACHA20_POLY1305_SHA256",
- "TLS_AES_128_CCM_SHA256",
- "TLS_AES_128_CCM_8_SHA256",
- "ECDHE-ECDSA-AES256-GCM-SHA384",
- "ECDHE-RSA-AES256-GCM-SHA384",
- "ECDHE-ECDSA-AES256-SHA384",
- "ECDHE-RSA-AES256-SHA384",
- "ECDH-ECDSA-AES256-GCM-SHA384",
- "ECDH-RSA-AES256-GCM-SHA384",
- "ECDH-ECDSA-AES256-SHA384",
- "ECDH-RSA-AES256-SHA384",
- "DHE-DSS-AES256-GCM-SHA384",
- "DHE-DSS-AES256-SHA256",
- "AES256-GCM-SHA384",
- "AES256-SHA256",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "ECDHE-RSA-AES128-GCM-SHA256",
- "ECDHE-ECDSA-AES128-SHA256",
- "ECDHE-RSA-AES128-SHA256",
- "ECDH-ECDSA-AES128-GCM-SHA256",
- "ECDH-RSA-AES128-GCM-SHA256",
- "ECDH-ECDSA-AES128-SHA256",
- "ECDH-RSA-AES128-SHA256",
- "DHE-DSS-AES128-GCM-SHA256",
- "DHE-DSS-AES128-SHA256",
- "AES128-GCM-SHA256",
- "AES128-SHA256",
- "ECDHE-ECDSA-AES256-SHA",
- "ECDHE-RSA-AES256-SHA",
- "DHE-DSS-AES256-SHA",
- "ECDH-ECDSA-AES256-SHA",
- "ECDH-RSA-AES256-SHA",
- "ECDHE-ECDSA-AES128-SHA",
- "ECDHE-RSA-AES128-SHA",
- "DHE-DSS-AES128-SHA",
- "ECDH-ECDSA-AES128-SHA",
- "ECDH-RSA-AES128-SHA",
- "RSA-PSK-AES256-GCM-SHA384",
- "RSA-PSK-AES256-CBC-SHA384",
- "RSA-PSK-AES128-GCM-SHA256",
- "RSA-PSK-AES128-CBC-SHA256",
- "RSA-PSK-AES256-CBC-SHA",
- "RSA-PSK-AES128-CBC-SHA"
- ],
- "description": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "user_lookup_fun": {
- "default": "emqx_tls_psk:lookup",
- "type": "string"
- },
- "secure_renegotiate": {
- "default": true,
- "description": "\nSSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.\n",
- "type": "boolean"
- },
- "dhfile": {
- "description": "Path to a file containing PEM-encoded Diffie Hellman parameters\nto be used by the server if a cipher suite using Diffie Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
- "type": "string"
- },
- "honor_cipher_order": {
- "default": true,
- "type": "boolean"
- },
- "client_renegotiation": {
- "default": true,
- "description": "\nIn protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.\n",
- "type": "boolean"
- },
- "handshake_timeout": {
- "default": "15s",
- "description": "Maximum time duration allowed for the handshake to complete",
- "type": "duration"
- }
- },
- "type": "object"
- },
- "modules.event_message": {
- "properties": {
- "client_connected": {
- "default": false,
- "description": "Enable/disable client_connected event messages",
- "type": "boolean"
- },
- "client_disconnected": {
- "default": false,
- "description": "Enable/disable client_disconnected event messages",
- "type": "boolean"
- },
- "client_subscribed": {
- "default": false,
- "description": "Enable/disable client_subscribed event messages",
- "type": "boolean"
- },
- "client_unsubscribed": {
- "default": false,
- "description": "Enable/disable client_unsubscribed event messages",
- "type": "boolean"
- },
- "message_delivered": {
- "default": false,
- "description": "Enable/disable message_delivered event messages",
- "type": "boolean"
- },
- "message_acked": {
- "default": false,
- "description": "Enable/disable message_acked event messages",
- "type": "boolean"
- },
- "message_dropped": {
- "default": false,
- "description": "Enable/disable message_dropped event messages",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "limiter.limiter_opts": {
- "properties": {
- "global": {
- "$ref": "#/components/schemas/limiter.rate_burst"
- },
- "zone": {
- "properties": {
- "$zone name": {
- "$ref": "#/components/schemas/limiter.rate_burst"
- }
- },
- "type": "object"
- },
- "bucket": {
- "description": "Token bucket",
- "properties": {
- "$bucket_id": {
- "$ref": "#/components/schemas/limiter.bucket"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "emqx_conf_schema.log_rotation": {
- "properties": {
- "enable": {
- "default": true,
- "type": "boolean"
- },
- "count": {
- "default": 10,
- "maximum": 2048,
- "minimum": 1,
- "type": "number"
- }
- },
- "type": "object"
- },
- "authn-builtin_db.authentication": {
- "required": [
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "built-in-database"
- ],
- "type": "enum"
- },
- "user_id_type": {
- "default": "username",
- "symbols": [
- "clientid",
- "username"
- ],
- "type": "enum"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt_rw"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "authn-jwt.ssl_enable": {
- "properties": {
- "enable": {
- "symbols": [
- true
- ],
- "type": "enum"
- },
- "cacertfile": {
- "type": "string"
- },
- "certfile": {
- "type": "string"
- },
- "keyfile": {
- "type": "string"
- },
- "verify": {
- "default": "verify_none",
- "symbols": [
- "verify_peer",
- "verify_none"
- ],
- "type": "enum"
- },
- "server_name_indication": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "emqx_schema.broker_perf": {
- "properties": {
- "route_lock_type": {
- "default": "key",
- "symbols": [
- "key",
- "tab",
- "global"
- ],
- "type": "enum"
- },
- "trie_compaction": {
- "default": true,
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "auto_subscribe.topic": {
- "properties": {
- "topic": {
- "example": "/clientid/${clientid}/username/${username}/host/${host}/port/${port}",
- "type": "string"
- },
- "qos": {
- "default": 0,
- "symbols": [
- 0,
- 1,
- 2
- ],
- "type": "enum"
- },
- "rh": {
- "default": 0,
- "maximum": 2,
- "minimum": 0,
- "type": "number"
- },
- "rap": {
- "default": 0,
- "maximum": 1,
- "minimum": 0,
- "type": "number"
- },
- "nl": {
- "default": 0,
- "maximum": 1,
- "minimum": 0,
- "type": "number"
- }
- },
- "type": "object"
- },
- "emqx_schema.mqtt_quic_listener": {
- "required": [
- "bind"
- ],
- "properties": {
- "enabled": {
- "default": true,
- "type": "boolean"
- },
- "certfile": {
- "type": "string"
- },
- "keyfile": {
- "type": "string"
- },
- "ciphers": {
- "default": [
- "TLS_AES_256_GCM_SHA384",
- "TLS_AES_128_GCM_SHA256",
- "TLS_CHACHA20_POLY1305_SHA256"
- ],
- "description": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\nNOTE: QUIC listener supports only 'tlsv1.3' ciphers
",
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "idle_timeout": {
- "default": "15s",
- "type": "duration"
- },
- "bind": {
- "oneOf": [
- {
- "type": "number"
- },
- {
- "type": "ip_port"
- }
- ]
- },
- "acceptors": {
- "default": 16,
- "type": "number"
- },
- "max_connections": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "mountpoint": {
- "default": "",
- "type": "string"
- },
- "zone": {
- "default": "default",
- "type": "string"
- },
- "limiter": {
- "default": {},
- "properties": {
- "$ratelimit bucket's name": {
- "type": "string"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "emqx_schema.listeners": {
- "properties": {
- "tcp": {
- "description": "TCP listeners",
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.mqtt_tcp_listener"
- }
- },
- "type": "object"
- },
- "ssl": {
- "description": "SSL listeners",
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.mqtt_ssl_listener"
- }
- },
- "type": "object"
- },
- "ws": {
- "description": "HTTP websocket listeners",
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.mqtt_ws_listener"
- }
- },
- "type": "object"
- },
- "wss": {
- "description": "HTTPS websocket listeners",
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.mqtt_wss_listener"
- }
- },
- "type": "object"
- },
- "quic": {
- "description": "QUIC listeners",
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.mqtt_quic_listener"
- }
- },
- "type": "object"
- }
- },
- "type": "object"
- },
- "authn-hash.pbkdf2": {
- "required": [
- "dk_length"
- ],
- "properties": {
- "name": {
- "symbols": [
- "pbkdf2"
- ],
- "type": "enum"
- },
- "mac_fun": {
- "symbols": [
- "md4",
- "md5",
- "ripemd160",
- "sha",
- "sha224",
- "sha256",
- "sha384",
- "sha512"
- ],
- "type": "enum"
- },
- "iterations": {
- "type": "number"
- },
- "dk_length": {
- "type": "number"
- }
- },
- "type": "object"
- },
- "authn-mongodb.sharded-cluster": {
- "required": [
- "database",
- "servers",
- "backend",
- "mechanism"
- ],
- "properties": {
- "mechanism": {
- "symbols": [
- "password-based"
- ],
- "type": "enum"
- },
- "backend": {
- "symbols": [
- "mongodb"
- ],
- "type": "enum"
- },
- "collection": {
- "type": "string"
- },
- "selector": {
- "type": "string"
- },
- "password_hash_field": {
- "type": "string"
- },
- "salt_field": {
- "type": "string"
- },
- "is_superuser_field": {
- "type": "string"
- },
- "password_hash_algorithm": {
- "default": {
- "name": "sha256",
- "salt_position": "prefix"
- },
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-hash.other_algorithms"
- },
- {
- "$ref": "#/components/schemas/authn-hash.pbkdf2"
- },
- {
- "$ref": "#/components/schemas/authn-hash.bcrypt"
- }
- ]
- },
- "enable": {
- "default": true,
- "description": "Set to false to disable this auth provider",
- "type": "boolean"
- },
- "mongo_type": {
- "default": "sharded",
- "symbols": [
- "sharded"
- ],
- "type": "enum"
- },
- "servers": {
- "description": "A Node list for Cluster to connect to. The nodes should be split with ',', such as: 'Node[,Node]'
\nFor each Node should be:
\nThe IPv4 or IPv6 address or host name to connect to.
\nA host entry has the following form: 'Host[:Port]'
\nThe MongoDB default port 27017 is used if '[:Port]' isn't present",
- "type": "string"
- },
- "w_mode": {
- "default": "unsafe",
- "symbols": [
- "unsafe",
- "safe"
- ],
- "type": "enum"
- },
- "srv_record": {
- "default": false,
- "type": "boolean"
- },
- "pool_size": {
- "default": 8,
- "type": "number"
- },
- "username": {
- "type": "string"
- },
- "password": {
- "type": "string"
- },
- "auth_source": {
- "type": "string"
- },
- "database": {
- "type": "string"
- },
- "topology": {
- "$ref": "#/components/schemas/emqx_connector_mongo.topology"
- },
- "ssl": {
- "default": {
- "enable": false
- },
- "$ref": "#/components/schemas/emqx_schema.ssl_client_opts"
- }
- },
- "type": "object"
- },
- "limiter.bucket_aggregated": {
- "properties": {
- "rate": {
- "type": "string"
- },
- "initial": {
- "default": "0",
- "type": "string"
- },
- "capacity": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "dashboard.dashboard": {
- "required": [
- "default_password",
- "default_username"
- ],
- "properties": {
- "listeners": {
- "description": "HTTP(s) listeners are identified by their protocol type and are\nused to serve dashboard UI and restful HTTP API.
\nListeners must have a unique combination of port number and IP address.
\nFor example, an HTTP listener can listen on all configured IP addresses\non a given port for a machine by specifying the IP address 0.0.0.0.
\nAlternatively, the HTTP listener can specify a unique IP address for each listener,\nbut use the same port.\n",
- "items": {
- "oneOf": [
- {
- "$ref": "#/components/schemas/dashboard.https"
- },
- {
- "$ref": "#/components/schemas/dashboard.http"
- }
- ]
- },
- "type": "array"
- },
- "default_username": {
- "default": "admin",
- "type": "string"
- },
- "default_password": {
- "default": "public",
- "description": "\nThe initial default password for dashboard 'admin' user.\nFor safety, it should be changed as soon as possible.",
- "type": "string"
- },
- "sample_interval": {
- "default": "10s",
- "type": "duration"
- },
- "token_expired_time": {
- "default": "30m",
- "type": "duration"
- },
- "cors": {
- "default": false,
- "description": "Support Cross-Origin Resource Sharing (CORS).\nAllows a server to indicate any origins (domain, scheme, or port) other than\nits own from which a browser should permit loading resources.",
- "type": "boolean"
- }
- },
- "type": "object"
- },
- "emqx_schema.mqtt_ws_listener": {
- "required": [
- "bind"
- ],
- "properties": {
- "tcp": {
- "$ref": "#/components/schemas/emqx_schema.tcp_opts"
- },
- "websocket": {
- "$ref": "#/components/schemas/emqx_schema.ws_opts"
- },
- "bind": {
- "oneOf": [
- {
- "type": "number"
- },
- {
- "type": "ip_port"
- }
- ]
- },
- "acceptors": {
- "default": 16,
- "type": "number"
- },
- "max_connections": {
- "default": "infinity",
- "oneOf": [
- {
- "type": "number"
- },
- {
- "symbols": [
- "infinity"
- ],
- "type": "enum"
- }
- ]
- },
- "mountpoint": {
- "default": "",
- "type": "string"
- },
- "zone": {
- "default": "default",
- "type": "string"
- },
- "limiter": {
- "default": {},
- "properties": {
- "$ratelimit bucket's name": {
- "type": "string"
- }
- },
- "type": "object"
- },
- "access_rules": {
- "items": {
- "type": "string"
- },
- "type": "array"
- },
- "proxy_protocol": {
- "default": false,
- "type": "boolean"
- },
- "proxy_protocol_timeout": {
- "type": "duration"
- },
- "authentication": {
- "description": "Per-listener authentication override\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked\nin the configured order.
\n",
- "items": {
- "oneOf": [
- {
- "$ref": "#/components/schemas/authn-scram-builtin_db.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.jwks"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.public-key"
- },
- {
- "$ref": "#/components/schemas/authn-jwt.hmac-based"
- },
- {
- "$ref": "#/components/schemas/authn-http.post"
- },
- {
- "$ref": "#/components/schemas/authn-http.get"
- },
- {
- "$ref": "#/components/schemas/authn-redis.sentinel"
- },
- {
- "$ref": "#/components/schemas/authn-redis.cluster"
- },
- {
- "$ref": "#/components/schemas/authn-redis.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.sharded-cluster"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.replica-set"
- },
- {
- "$ref": "#/components/schemas/authn-mongodb.standalone"
- },
- {
- "$ref": "#/components/schemas/authn-postgresql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-mysql.authentication"
- },
- {
- "$ref": "#/components/schemas/authn-builtin_db.authentication"
- }
- ]
- },
- "type": "array"
- }
- },
- "type": "object"
- },
- "zone.force_shutdown": {
- "properties": {
- "enable": {
- "type": "boolean"
- },
- "max_message_queue_len": {
- "minimum": 0,
- "type": "number"
- },
- "max_heap_size": {
- "type": "byteSize"
- }
- },
- "type": "object"
- }
- }
- },
- "info": {
- "title": "EMQX Hot Conf Schema",
- "version": "0.1.0"
- },
- "paths": {
- "/configs": {
- "get": {
- "properties": {
- "listeners": {
- "description": "MQTT listeners identified by their protocol type and assigned names",
- "$ref": "#/components/schemas/emqx_schema.listeners"
- },
- "zones": {
- "description": "A zone is a set of configs grouped by the zone name.
\nFor flexible configuration mapping, the name\ncan be set to a listener's zone config.
\nNOTE: A built-in zone named default is auto created\nand can not be deleted.",
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.zone"
- }
- },
- "type": "object"
- },
- "mqtt": {
- "description": "Global MQTT configuration.
\nThe configs here work as default values which can be overridden\nin zone configs",
- "$ref": "#/components/schemas/emqx_schema.mqtt"
- },
- "node": {
- "description": "Node name, cookie, config & data directories and the Erlang virtual machine (BEAM) boot parameters.",
- "$ref": "#/components/schemas/configuration.node"
- },
- "cluster": {
- "description": "EMQX nodes can form a cluster to scale up the total capacity.
Here holds the configs to instruct how individual nodes can discover each other.",
- "$ref": "#/components/schemas/configuration.cluster"
- },
- "log": {
- "description": "Configure logging backends (to console or to file), and logging level for each logger backend.",
- "$ref": "#/components/schemas/configuration.log"
- },
- "broker": {
- "$ref": "#/components/schemas/emqx_schema.broker"
- },
- "rate_limit": {
- "$ref": "#/components/schemas/emqx_schema.rate_limit"
- },
- "force_shutdown": {
- "$ref": "#/components/schemas/emqx_schema.force_shutdown"
- },
- "overload_protection": {
- "$ref": "#/components/schemas/emqx_schema.overload_protection"
- },
- "force_gc": {
- "description": "Force the MQTT connection process garbage collection after\nthis number of messages or bytes have passed through.",
- "$ref": "#/components/schemas/emqx_schema.force_gc"
- },
- "conn_congestion": {
- "$ref": "#/components/schemas/emqx_schema.conn_congestion"
- },
- "quota": {
- "$ref": "#/components/schemas/emqx_schema.quota"
- },
- "stats": {
- "$ref": "#/components/schemas/emqx_schema.stats"
- },
- "sysmon": {
- "$ref": "#/components/schemas/emqx_schema.sysmon"
- },
- "alarm": {
- "$ref": "#/components/schemas/emqx_schema.alarm"
- },
- "flapping_detect": {
- "$ref": "#/components/schemas/emqx_schema.flapping_detect"
- },
- "persistent_session_store": {
- "$ref": "#/components/schemas/emqx_schema.persistent_session_store"
- },
- "trace": {
- "description": "\nReal-time filtering logs for the ClientID or Topic or IP for debugging.\n",
- "$ref": "#/components/schemas/emqx_schema.trace"
- },
- "retainer": {
- "$ref": "#/components/schemas/retainer.retainer"
- },
- "statsd": {
- "$ref": "#/components/schemas/statsd.statsd"
- },
- "auto_subscribe": {
- "$ref": "#/components/schemas/auto_subscribe.auto_subscribe"
- },
- "delayed": {
- "$ref": "#/components/schemas/modules.delayed"
- },
- "telemetry": {
- "$ref": "#/components/schemas/modules.telemetry"
- },
- "event_message": {
- "$ref": "#/components/schemas/modules.event_message"
- },
- "rewrite": {
- "items": {
- "$ref": "#/components/schemas/modules.rewrite"
- },
- "type": "array"
- },
- "topic_metrics": {
- "items": {
- "$ref": "#/components/schemas/modules.topic_metrics"
- },
- "type": "array"
- },
- "dashboard": {
- "$ref": "#/components/schemas/dashboard.dashboard"
- },
- "prometheus": {
- "$ref": "#/components/schemas/prometheus.prometheus"
- },
- "limiter": {
- "$ref": "#/components/schemas/limiter.limiter"
- }
- },
- "type": "object"
- }
- },
- "/configs/alarm": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.alarm"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.alarm"
- }
- },
- "/configs/auto_subscribe": {
- "get": {
- "$ref": "#/components/schemas/auto_subscribe.auto_subscribe"
- },
- "put": {
- "$ref": "#/components/schemas/auto_subscribe.auto_subscribe"
- }
- },
- "/configs/broker": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.broker"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.broker"
- }
- },
- "/configs/cluster": {
- "get": {
- "$ref": "#/components/schemas/configuration.cluster"
- },
- "put": {
- "$ref": "#/components/schemas/configuration.cluster"
- }
- },
- "/configs/conn_congestion": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.conn_congestion"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.conn_congestion"
- }
- },
- "/configs/dashboard": {
- "get": {
- "$ref": "#/components/schemas/dashboard.dashboard"
- },
- "put": {
- "$ref": "#/components/schemas/dashboard.dashboard"
- }
- },
- "/configs/delayed": {
- "get": {
- "$ref": "#/components/schemas/modules.delayed"
- },
- "put": {
- "$ref": "#/components/schemas/modules.delayed"
- }
- },
- "/configs/event_message": {
- "get": {
- "$ref": "#/components/schemas/modules.event_message"
- },
- "put": {
- "$ref": "#/components/schemas/modules.event_message"
- }
- },
- "/configs/flapping_detect": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.flapping_detect"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.flapping_detect"
- }
- },
- "/configs/force_gc": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.force_gc"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.force_gc"
- }
- },
- "/configs/force_shutdown": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.force_shutdown"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.force_shutdown"
- }
- },
- "/configs/limiter": {
- "get": {
- "$ref": "#/components/schemas/limiter.limiter"
- },
- "put": {
- "$ref": "#/components/schemas/limiter.limiter"
- }
- },
- "/configs/listeners": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.listeners"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.listeners"
- }
- },
- "/configs/log": {
- "get": {
- "$ref": "#/components/schemas/configuration.log"
- },
- "put": {
- "$ref": "#/components/schemas/configuration.log"
- }
- },
- "/configs/mqtt": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.mqtt"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.mqtt"
- }
- },
- "/configs/node": {
- "get": {
- "$ref": "#/components/schemas/configuration.node"
- },
- "put": {
- "$ref": "#/components/schemas/configuration.node"
- }
- },
- "/configs/overload_protection": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.overload_protection"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.overload_protection"
- }
- },
- "/configs/persistent_session_store": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.persistent_session_store"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.persistent_session_store"
- }
- },
- "/configs/prometheus": {
- "get": {
- "$ref": "#/components/schemas/prometheus.prometheus"
- },
- "put": {
- "$ref": "#/components/schemas/prometheus.prometheus"
- }
- },
- "/configs/quota": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.quota"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.quota"
- }
- },
- "/configs/rate_limit": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.rate_limit"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.rate_limit"
- }
- },
- "/configs/retainer": {
- "get": {
- "$ref": "#/components/schemas/retainer.retainer"
- },
- "put": {
- "$ref": "#/components/schemas/retainer.retainer"
- }
- },
- "/configs/rewrite": {
- "get": {
- "items": {
- "$ref": "#/components/schemas/modules.rewrite"
- },
- "type": "array"
- },
- "put": {
- "items": {
- "$ref": "#/components/schemas/modules.rewrite"
- },
- "type": "array"
- }
- },
- "/configs/stats": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.stats"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.stats"
- }
- },
- "/configs/statsd": {
- "get": {
- "$ref": "#/components/schemas/statsd.statsd"
- },
- "put": {
- "$ref": "#/components/schemas/statsd.statsd"
- }
- },
- "/configs/sysmon": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.sysmon"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.sysmon"
- }
- },
- "/configs/telemetry": {
- "get": {
- "$ref": "#/components/schemas/modules.telemetry"
- },
- "put": {
- "$ref": "#/components/schemas/modules.telemetry"
- }
- },
- "/configs/topic_metrics": {
- "get": {
- "items": {
- "$ref": "#/components/schemas/modules.topic_metrics"
- },
- "type": "array"
- },
- "put": {
- "items": {
- "$ref": "#/components/schemas/modules.topic_metrics"
- },
- "type": "array"
- }
- },
- "/configs/trace": {
- "get": {
- "$ref": "#/components/schemas/emqx_schema.trace"
- },
- "put": {
- "$ref": "#/components/schemas/emqx_schema.trace"
- }
- },
- "/configs/zones": {
- "get": {
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.zone"
- }
- },
- "type": "object"
- },
- "put": {
- "properties": {
- "$name": {
- "$ref": "#/components/schemas/emqx_schema.zone"
- }
- },
- "type": "object"
- }
- },
- "/configs_reset/:rootname": {}
- }
-}
\ No newline at end of file