From 3f0d9db67450a6ff53801ed01c489f0938b9c4f1 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 15:38:30 +0800 Subject: [PATCH] chore: update examples to new version and fix errors --- examples/alarm.conf.example | 2 +- examples/broker.conf.example | 30 -------- examples/cluster-with-dns.conf.example | 2 +- examples/cluster-with-etcd-ssl.conf.example | 2 +- examples/cluster-with-etcd.conf.example | 2 +- examples/cluster-with-k8s.conf.example | 4 +- examples/cluster-with-manual.conf.example | 2 +- examples/cluster-with-static.conf.example | 4 +- examples/dashboard-with-http.conf.example | 5 +- examples/dashboard-with-https.conf.example | 32 ++++----- examples/listeners.quic.conf.example | 31 ++++----- examples/listeners.ssl.conf.example | 71 ++++++++++--------- examples/listeners.tcp.conf.example | 57 ++++++++-------- examples/listeners.ws.conf.example | 67 +++++++++--------- examples/listeners.wss.conf.example | 71 +++++++++---------- examples/mqtt.conf.example | 11 +++ examples/rpc-with-ssl.conf.example | 76 --------------------- examples/rpc-with-tcp.conf.example | 67 ------------------ rel/i18n/emqx_prometheus_schema.hocon | 2 +- 19 files changed, 183 insertions(+), 355 deletions(-) delete mode 100644 examples/broker.conf.example delete mode 100644 examples/rpc-with-ssl.conf.example delete mode 100644 examples/rpc-with-tcp.conf.example diff --git a/examples/alarm.conf.example b/examples/alarm.conf.example index 84c92f974..537341ea2 100644 --- a/examples/alarm.conf.example +++ b/examples/alarm.conf.example @@ -11,7 +11,7 @@ alarm { ## Type: Array of the below enum ## - log :: write the alarm to log ## - publish :: publish the alarm as an MQTT message to the system topics - actions = [log] + actions = [log, publish] ## Maximum total number of deactivated alarms to keep as history ## Type: Range from 1 to 3000 diff --git a/examples/broker.conf.example b/examples/broker.conf.example deleted file mode 100644 index be898128c..000000000 --- a/examples/broker.conf.example +++ /dev/null @@ -1,30 +0,0 @@ -##-------------------------------------------------------------------- -## Broker -## -## Message broker options -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: If you and finding how to configure EMQX itself, have a look at the node.conf.example - -broker { - ## Session locking strategy in a cluster - ## Type: - ## - local :: only lock the session on the current node - ## - leader :: select only one remote node to lock the session - ## - quorum :: select some nodes to lock the session - ## - all :: lock the session on all the nodes in the cluster - session_locking_strategy = quorum - - ## Dispatch strategy for shared subscription - ## Type: - ## - random :: dispatch the message to a random selected subscriber - ## - round_robin :: select the subscribers in a round-robin manner - ## - round_robin_per_group :: select the subscribers in round-robin fashion within each shared subscriber group - ## - local :: select random local subscriber otherwise select random cluster-wide - ## - sticky :: always use the last selected subscriber to dispatch, until the subscriber disconnects. - ## - hash_clientid :: select the subscribers by hashing the `clientIds` - ## - hash_topic :: select the subscribers by hashing the source topic""" - shared_subscription_strategy = round_robin - } diff --git a/examples/cluster-with-dns.conf.example b/examples/cluster-with-dns.conf.example index f17ce8303..f979eb689 100644 --- a/examples/cluster-with-dns.conf.example +++ b/examples/cluster-with-dns.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = dns ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-etcd-ssl.conf.example b/examples/cluster-with-etcd-ssl.conf.example index 2d4ce35ac..b7c642770 100644 --- a/examples/cluster-with-etcd-ssl.conf.example +++ b/examples/cluster-with-etcd-ssl.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = etcd ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-etcd.conf.example b/examples/cluster-with-etcd.conf.example index b13313438..17ab604d6 100644 --- a/examples/cluster-with-etcd.conf.example +++ b/examples/cluster-with-etcd.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = etcd ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-k8s.conf.example b/examples/cluster-with-k8s.conf.example index ea94818c0..4fd329b24 100644 --- a/examples/cluster-with-k8s.conf.example +++ b/examples/cluster-with-k8s.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = k8s ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m @@ -24,7 +24,7 @@ cluster { k8s { ## Kubernetes API endpoint URL - apiserver = "http://10.110.111.204:8080" + apiserver = "https://kubernetes.default.svc:443" ## EMQX broker service name service_name = emqx diff --git a/examples/cluster-with-manual.conf.example b/examples/cluster-with-manual.conf.example index 17bc92346..f075ea389 100644 --- a/examples/cluster-with-manual.conf.example +++ b/examples/cluster-with-manual.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = manual ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-static.conf.example b/examples/cluster-with-static.conf.example index 7851b260f..76a9d9980 100644 --- a/examples/cluster-with-static.conf.example +++ b/examples/cluster-with-static.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = static ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m @@ -23,5 +23,5 @@ cluster { autoheal = true ## List EMQX node names in the static cluster - static.seeds = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + static.seeds = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] } diff --git a/examples/dashboard-with-http.conf.example b/examples/dashboard-with-http.conf.example index 292c56212..8cf68ab33 100644 --- a/examples/dashboard-with-http.conf.example +++ b/examples/dashboard-with-http.conf.example @@ -14,10 +14,7 @@ dashboard { cors = false listeners.http { - ## Whether to enable the listener - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:18083" ## or just a port number, e.g. 18083 ## Socket acceptor pool size for TCP protocols diff --git a/examples/dashboard-with-https.conf.example b/examples/dashboard-with-https.conf.example index cf7cc28a5..6f399dea3 100644 --- a/examples/dashboard-with-https.conf.example +++ b/examples/dashboard-with-https.conf.example @@ -14,10 +14,8 @@ dashboard { cors = false listeners.https { - ## Whether to enable the listener - enable = true - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084 ## Socket acceptor pool size for TCP protocols @@ -43,48 +41,48 @@ dashboard { ## Trusted PEM format CA certificates bundle file cacertfile = "data/certs/cacert.pem" - + ## PEM format certificates chain file certfile = "data/certs/cert.pem" - + ## PEM format private key file keyfile = "data/certs/key.pem" - + ## Enable or disable peer verification verify = verify_none ## use verify_peer to enable - + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send fail_if_no_peer_cert = false - + ## Enable TLS session reuse reuse_sessions = true - + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path depth = 10 - + ## Which versions are to be supported versions = [tlsv1.3, tlsv1.2] - + ## TLS cipher suite names ## Note: By default, all available suites are supported, you do not need to set this ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] - + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly secure_renegotiate = true - + ## Log level for SSL communication ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all log_level = notice - + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint hibernate_after = 5s - + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order honor_cipher_order = true - + ## Setting this to false to disable client-initiated renegotiation client_renegotiation = true - + ## Maximum time duration allowed for the handshake to complete handshake_timeout = 15s } diff --git a/examples/listeners.quic.conf.example b/examples/listeners.quic.conf.example index 2f4fca0b8..49d4f58a1 100644 --- a/examples/listeners.quic.conf.example +++ b/examples/listeners.quic.conf.example @@ -8,10 +8,7 @@ ## Note: Modifying the 'quicname' to what you need listeners.quic.quicname { - ## Whether to enable the listener - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = 14567 ## or with an IP, e.g. "127.0.0.1:14567" ## When publishing or subscribing, prefix all topics with a mountpoint string @@ -31,18 +28,20 @@ listeners.quic.quicname { ## Type: infinity | Integer max_connections = infinity - ## Trusted PEM format CA certificates bundle file - cacertfile = "data/certs/cacert.pem" - - ## PEM format certificates chain file - certfile = "data/certs/cert.pem" - - ## PEM format private key file - keyfile = "data/certs/key.pem" - - ## Enable or disable peer verification - verify = verify_none ## to verify_peer to enable - ## TLS cipher suite names ciphers = ["TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"] + + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## to verify_peer to enable + } } diff --git a/examples/listeners.ssl.conf.example b/examples/listeners.ssl.conf.example index bf7d3817a..e86bd6b4d 100644 --- a/examples/listeners.ssl.conf.example +++ b/examples/listeners.ssl.conf.example @@ -11,56 +11,55 @@ ## Note: Modifying the 'sslname' to what you need listeners.ssl.sslname { - ## Whether to enable the listener - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = 8883 ## or with an IP e.g. "127.0.0.1:8883" - ## Trusted PEM format CA certificates bundle file - cacertfile = "data/certs/cacert.pem" + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" - ## PEM format certificates chain file - certfile = "data/certs/cert.pem" + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" - ## PEM format private key file - keyfile = "data/certs/key.pem" + ## PEM format private key file + keyfile = "data/certs/key.pem" - ## Enable or disable peer verification - verify = verify_none ## use verify_peer to enable + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send - fail_if_no_peer_cert = false + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false - ## Enable TLS session reuse - reuse_sessions = true + ## Enable TLS session reuse + reuse_sessions = true - ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path - depth = 10 + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 - ## Which versions are to be supported - versions = [tlsv1.3, tlsv1.2] + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] - ## TLS cipher suite names - ## Note: By default, all available suites are supported, you do not need to set this - ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] - ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly - secure_renegotiate = true + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true - ## Log level for SSL communication - ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all - log_level = notice + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice - ## Hibernate the SSL process after idling for amount of time reducing its memory footprint - hibernate_after = 5s + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s - ## Forces the cipher to be set based on the server-specified order instead of the client-specified order - honor_cipher_order = true + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true - ## Setting this to false to disable client-initiated renegotiation - client_renegotiation = true + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true - ## Maximum time duration allowed for the handshake to complete - handshake_timeout = 15s + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s + } } diff --git a/examples/listeners.tcp.conf.example b/examples/listeners.tcp.conf.example index d7392962b..42e98b071 100644 --- a/examples/listeners.tcp.conf.example +++ b/examples/listeners.tcp.conf.example @@ -8,10 +8,7 @@ ## Note: Modifying the 'tcpname' to what you need listeners.tcp.tcpname { - ## false to disable this - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = 1883 ## or with an IP e.g. "127.0.0.1:1883" ## Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx @@ -41,38 +38,40 @@ listeners.tcp.tcpname { ## Type: infinity | Integer max_connections = infinity - ## TCP backlog defines the maximum length that the queue of pending connections can grow to - backlog = 1024 + tcp_options { + ## TCP backlog defines the maximum length that the queue of pending connections can grow to + backlog = 1024 - ## The TCP send timeout for the connections - send_timeout = 15s + ## The TCP send timeout for the connections + send_timeout = 15s - ## Timeout for proxy protocol - send_timeout_close = true + ## Timeout for proxy protocol + send_timeout_close = true - ## The TCP receive buffer (OS kernel) for the connections - recbuf = 2KB + ## The TCP receive buffer (OS kernel) for the connections + recbuf = 2KB - ## The TCP send buffer (OS kernel) for the connections - sndbuf = 4KB + ## The TCP send buffer (OS kernel) for the connections + sndbuf = 4KB - ## The size of the user-space buffer used by the driver - buffer = 4KB + ## The size of the user-space buffer used by the driver + buffer = 4KB - ## The socket is set to a busy state when the amount of data queued internally by the VM socket implementation reaches this limit - high_watermark = 1MB + ## The socket is set to a busy state when the amount of data queued internally by the VM socket implementation reaches this limit + high_watermark = 1MB - ## The TCP_NODELAY flag for the connections - nodelay = true + ## The TCP_NODELAY flag for the connections + nodelay = true - ## The SO_REUSEADDR flag for the connections - reuseaddr = true + ## The SO_REUSEADDR flag for the connections + reuseaddr = true - ## Enable TCP keepalive for MQTT connections over TCP or SSL - ## Type: three comma separated numbers in the format of 'Idle,Interval,Probes' - ## - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200). - ## - Interval: The number of seconds between TCP keep-alive probes (Linux default 75). - ## - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9). - ## For example "240,30,5" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection - keepalive = "none" + ## Enable TCP keepalive for MQTT connections over TCP or SSL + ## Type: three comma separated numbers in the format of 'Idle,Interval,Probes' + ## - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200). + ## - Interval: The number of seconds between TCP keep-alive probes (Linux default 75). + ## - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9). + ## For example "240,30,5" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection + keepalive = "none" + } } diff --git a/examples/listeners.ws.conf.example b/examples/listeners.ws.conf.example index 7e1176518..ad9ddbf8a 100644 --- a/examples/listeners.ws.conf.example +++ b/examples/listeners.ws.conf.example @@ -11,52 +11,49 @@ ## Note: Modifying the 'wsname' to what you need listeners.ws.wsname { - ## for to disable this - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:8083" # or just a port number, e.g. 8083 - ## WebSocket's MQTT protocol path - ## Type: String - ## For Example: - ## with the default value, the address of EMQX Broker's WebSocket is: ws://8083/mqtt - mqtt_path = "/mqtt" + websocket { + ## WebSocket's MQTT protocol path + ## Type: String + ## For Example: + ## with the default value, the address of EMQX Broker's WebSocket is: ws://8083/mqtt + mqtt_path = "/mqtt" - ## Whether a WebSocket message is allowed to contain multiple MQTT packets - ## Type: single | multiple - mqtt_piggyback = multiple + ## Whether a WebSocket message is allowed to contain multiple MQTT packets + ## Type: single | multiple + mqtt_piggyback = multiple - ## If true, compress WebSocket messages using zlib - compress = false + ## If true, compress WebSocket messages using zlib + compress = false - ## Close transport-layer connections from the clients that have not sent MQTT CONNECT message within this interval - idle_timeout = 7200s + ## Close transport-layer connections from the clients that have not sent MQTT CONNECT message within this interval + idle_timeout = 7200s - ## The maximum length of a single MQTT packet - ## Type: infinity | Integer - max_frame_size = infinity + ## The maximum length of a single MQTT packet + ## Type: infinity | Integer + max_frame_size = infinity - ## If true, the server will return an error when the client does not carry the Sec-WebSocket-Protocol field - fail_if_no_subprotocol = true + ## If true, the server will return an error when the client does not carry the Sec-WebSocket-Protocol field + fail_if_no_subprotocol = true - ## Comma-separated list of supported subprotocols - ## Type: Comma Separated List - supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" + ## Comma-separated list of supported subprotocols + supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" - ## If true, origin HTTP header will be validated against the list of allowed origins configured in check_origins parameter - check_origin_enable = false + ## If true, origin HTTP header will be validated against the list of allowed origins configured in check_origins parameter + check_origin_enable = false - ## If false and check_origin_enable is true, the server will reject requests that don't have origin HTTP header - allow_origin_absence = true + ## If false and check_origin_enable is true, the server will reject requests that don't have origin HTTP header + allow_origin_absence = true - ## List of allowed origins - ## Type: Comma Separated List - check_origins = "http://localhost:18083, http://127.0.0.1:18083" + ## List of allowed origins + check_origins = "http://localhost:18083, http://127.0.0.1:18083" - ## HTTP header used to pass information about the client IP address - proxy_address_header = "x-forwarded-for" + ## HTTP header used to pass information about the client IP address + proxy_address_header = "x-forwarded-for" - ## The maximum length of a single MQTT packet - proxy_port_header = "x-forwarded-port" + ## The maximum length of a single MQTT packet + proxy_port_header = "x-forwarded-port" + } } diff --git a/examples/listeners.wss.conf.example b/examples/listeners.wss.conf.example index 1f41ccd64..a5801b160 100644 --- a/examples/listeners.wss.conf.example +++ b/examples/listeners.wss.conf.example @@ -11,54 +11,55 @@ ## Note: Modifying the 'wssname' to what you need listeners.wss.wssname { - ## false to disable this - enable = true - - ## Port or Address to listen on - ## Default: 8084 + ## Port or Address to listen on, 0 means disable bind = 8084 ## or with an IP, e.g. "127.0.0.1:8084" - ## PEM format certificates chain file - certfile = "data/certs/cert.pem" + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" - ## PEM format private key file - keyfile = "data/certs/key.pem" + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" - ## Enable or disable peer verification - verify = verify_none ## use verify_peer to enable + ## PEM format private key file + keyfile = "data/certs/key.pem" - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send - fail_if_no_peer_cert = false + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable - ## Enable TLS session reuse - reuse_sessions = true + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false - ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path - depth = 10 + ## Enable TLS session reuse + reuse_sessions = true - ## Which versions are to be supported - versions = [tlsv1.3, tlsv1.2] + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 - ## TLS cipher suite names - ## Note: By default, all available suites are supported, you do not need to set this - ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] - ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly - secure_renegotiate = true + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] - ## Log level for SSL communication - ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all - log_level = notice + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true - ## Hibernate the SSL process after idling for amount of time reducing its memory footprint - hibernate_after = 5s + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice - ## Forces the cipher to be set based on the server-specified order instead of the client-specified order - honor_cipher_order = true + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s - ## Setting this to false to disable client-initiated renegotiation - client_renegotiation = true + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true - ## Maximum time duration allowed for the handshake to complete - handshake_timeout = 15s + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true + + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s + } } diff --git a/examples/mqtt.conf.example b/examples/mqtt.conf.example index a07877f9d..c5f81f753 100644 --- a/examples/mqtt.conf.example +++ b/examples/mqtt.conf.example @@ -110,4 +110,15 @@ mqtt { ## Use the CN, DN field in the peer certificate or the entire certificate content as Client ID ## Type: See the above peer_cert_as_clientid = disabled + + ## Dispatch strategy for shared subscription + ## Type: + ## - random :: dispatch the message to a random selected subscriber + ## - round_robin :: select the subscribers in a round-robin manner + ## - round_robin_per_group :: select the subscribers in round-robin fashion within each shared subscriber group + ## - local :: select random local subscriber otherwise select random cluster-wide + ## - sticky :: always use the last selected subscriber to dispatch, until the subscriber disconnects. + ## - hash_clientid :: select the subscribers by hashing the `clientIds` + ## - hash_topic :: select the subscribers by hashing the source topic""" + shared_subscription_strategy = round_robin } diff --git a/examples/rpc-with-ssl.conf.example b/examples/rpc-with-ssl.conf.example deleted file mode 100644 index 89695d748..000000000 --- a/examples/rpc-with-ssl.conf.example +++ /dev/null @@ -1,76 +0,0 @@ -##-------------------------------------------------------------------- -## RPC With SSL -## See rpc-with-tcp.conf.example for RPC with TCP -## EMQX inter-broker communication -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: Most of the time the default config should work -## you do not need to modify it unless you know what it is for -rpc { - ## Communication mode - ## Type: async | sync - mode = async - - ## Transport protocol used for inter-broker communication - ## Type: tcp | ssl - protocol = ssl - - ## The maximum number of batch messages sent in asynchronous mode - ## Type: Integer - async_batch_size = 256 - - ## Port discovery strategy - ## Type: - ## - manual :: discover ports by tcp_server_port - ## - stateless :: discover ports in a stateless manner, using the following algorithm: - ## If node name is emqxN@127.0.0.1, where the N is an integer, then the listening port will be 5370 + N - port_discovery = stateless - - ## Listening port used by RPC local service - ssl_server_port = 5369 - - ## Set the maximum number of RPC communication channels initiated by this node to each remote node - ## Type: Range from 1 to 256 - tcp_client_num = 10 - - ## Timeout for establishing an RPC connection - connect_timeout = 5s - - ## Path to TLS certificate file used to validate identity of the cluster nodes - certfile = "data/cert.pem" - - ## Path to the private key file - keyfile = "data/key.pem" - - ## Path to certification authority TLS certificate file - cacertfile = "data/cacert.pem" - - ## Timeout for sending the RPC request - send_timeout = 5s - - ## Timeout for the remote node authentication - authentication_timeout = 5s - - ## Timeout for the reply to a synchronous RPC - call_receive_timeout = 15s - - ## How long the connections between the brokers should remain open after the last message is sent - socket_keepalive_idle = 15m - - ## The interval between keepalive messages - socket_keepalive_interval = 75s - - ## How many times the keepalive probe message can fail to receive a reply until the RPC connection is considered lost - socket_keepalive_count = 9 - - ## TCP sending buffer size - socket_sndbuf = 1MB - - ## TCP receiving buffer size - socket_recbuf = 1MB - - ## Socket buffer size in user mode - socket_buffer = 1MB -} diff --git a/examples/rpc-with-tcp.conf.example b/examples/rpc-with-tcp.conf.example deleted file mode 100644 index 26de872e5..000000000 --- a/examples/rpc-with-tcp.conf.example +++ /dev/null @@ -1,67 +0,0 @@ -##-------------------------------------------------------------------- -## RPC With TCP -## See rpc-with-ssl.conf.example for RPC with SSL -## EMQX inter-broker communication -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: Most of the time the default config should work -## you do not need to modify it unless you know what it is for -rpc { - ## Communication mode - ## Type: sync | async - mode = async - - ## Transport protocol used for inter-broker communication - ## Type: tcp | ssl - protocol = tcp - - ## The maximum number of batch messages sent in asynchronous mode - ## Type: Integer - async_batch_size = 256 - - ## Port discovery strategy - ## Type: - ## - manual :: discover ports by tcp_server_port - ## - stateless :: discover ports in a stateless manner, using the following algorithm: - ## If node name is emqxN@127.0.0.1, where the N is an integer, then the listening port will be 5370 + N - port_discovery = stateless - - ## Listening port used by RPC local service - tcp_server_port = 5369 - - ## Set the maximum number of RPC communication channels initiated by this node to each remote node - ## Type: Range from 1 to 256 - tcp_client_num = 10 - - ## Timeout for establishing an RPC connection - connect_timeout = 5s - - ## Timeout for sending the RPC request - send_timeout = 5s - - ## Timeout for the remote node authentication - authentication_timeout = 5s - - ## Timeout for the reply to a synchronous RPC - call_receive_timeout = 15s - - ## How long the connections between the brokers should remain open after the last message is sent - socket_keepalive_idle = 15m - - ## The interval between keepalive messages - socket_keepalive_interval = 75s - - ## How many times the keepalive probe message can fail to receive a reply until the RPC connection is considered lost - socket_keepalive_count = 9 - - ## TCP sending buffer size - socket_sndbuf = 1MB - - ## TCP receiving buffer size - socket_recbuf = 1MB - - ## Socket buffer size in user mode - socket_buffer = 1MB -} diff --git a/rel/i18n/emqx_prometheus_schema.hocon b/rel/i18n/emqx_prometheus_schema.hocon index a0c4d899c..d68e1d418 100644 --- a/rel/i18n/emqx_prometheus_schema.hocon +++ b/rel/i18n/emqx_prometheus_schema.hocon @@ -4,7 +4,7 @@ enable.desc: """Turn Prometheus data pushing on or off""" headers.desc: -"""A HTTP Headers when pushing to Push Gateway.
+"""An HTTP Headers when pushing to Push Gateway.
For example, { Authorization = "some-authz-tokens"}""" interval.desc: