From 4b87594839cb0d3acc5cc0a3a85ddd7a70280e6a Mon Sep 17 00:00:00 2001 From: Turtle Date: Fri, 2 Jul 2021 14:05:38 +0800 Subject: [PATCH] =?UTF-8?q?feat(conf):=20sys=E3=80=81mon=E3=80=81alarm?= =?UTF-8?q?=E3=80=81plugins=E3=80=81broker=E3=80=81mqtt=20conf=20to=20hoco?= =?UTF-8?q?n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/emqx/etc/emqx.conf | 1174 ++++++++++++++++----------------- apps/emqx/src/emqx_schema.erl | 47 +- 2 files changed, 571 insertions(+), 650 deletions(-) diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf index 86b9566ba..f40ecd8e5 100644 --- a/apps/emqx/etc/emqx.conf +++ b/apps/emqx/etc/emqx.conf @@ -64,12 +64,12 @@ cluster: { ## IP Multicast Address. ## ## Value: IP Address - ## addr = "239.192.0.1" + ## addr: "239.192.0.1" ## Multicast Ports. ## ## Value: Port List - ## ports = "4369,4370" + ## ports: "4369,4370" ## Multicast Iface. ## @@ -291,7 +291,7 @@ node: { ## Value: File ## ## vm.args: -ssl_dist_optfile - ## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf" + ## node.ssl_dist_optfile: "{{ platform_etc_dir }}/ssl_dist.conf" ## Sets the net_kernel tick time. TickTime is specified in seconds. ## Notice that all communicating nodes are to have the same TickTime @@ -331,7 +331,7 @@ rpc: { ## Value: Integer ## Zero or negative value disables rpc batching. ## - ## NOTE: RPC batch won't work when rpc.mode = sync + ## NOTE: RPC batch won't work when rpc.mode: sync async_batch_size: 256 ## RPC port discovery @@ -349,7 +349,7 @@ rpc: { ## TCP port number for RPC server to listen on. ## - ## Only takes effect when `rpc.port_discovery` = `manual`. + ## Only takes effect when `rpc.port_discovery`: `manual`. ## ## NOTE: All nodes in the cluster should agree to this same config. ## @@ -503,7 +503,7 @@ log: { ## To create additional log files for specific log levels. ## ## Value: File Name - ## Format: log.$level.file = $filename, + ## Format: log.$level.file: $filename, ## where "$level" can be one of: debug, info, notice, warning, ## error, critical, alert, emergency ## Note: Log files for a specific log level will only contain all the logs @@ -610,116 +610,119 @@ log: { ##-------------------------------------------------------------------- ## Authentication/Access Control ##-------------------------------------------------------------------- +acl: { + ## Allow anonymous authentication by default if no auth plugins loaded. + ## Notice: Disable the option in production deployment! + ## + ## Value: true | false + allow_anonymous: true -## Allow anonymous authentication by default if no auth plugins loaded. -## Notice: Disable the option in production deployment! -## -## Value: true | false -acl.allow_anonymous = true + ## Allow or deny if no ACL rules matched. + ## + ## Value: allow | deny + acl_nomatch: allow -## Allow or deny if no ACL rules matched. -## -## Value: allow | deny -acl.acl_nomatch = allow + ## Default ACL File. + ## + ## Value: File Name + acl_file: "{{ platform_etc_dir }}/acl.conf" -## Default ACL File. -## -## Value: File Name -acl.acl_file = "{{ platform_etc_dir }}/acl.conf" + ## Whether to enable ACL cache. + ## + ## If enabled, ACLs roles for each client will be cached in the memory + ## + ## Value: on | off + enable_acl_cache: on -## Whether to enable ACL cache. -## -## If enabled, ACLs roles for each client will be cached in the memory -## -## Value: on | off -acl.enable_acl_cache = on + ## The maximum count of ACL entries can be cached for a client. + ## + ## Value: Integer greater than 0 + ## Default: 32 + acl_cache_max_size: 32 -## The maximum count of ACL entries can be cached for a client. -## -## Value: Integer greater than 0 -## Default: 32 -acl.acl_cache_max_size = 32 + ## The time after which an ACL cache entry will be deleted + ## + ## Value: Duration + ## Default: 1 minute + acl_cache_ttl: 1m -## The time after which an ACL cache entry will be deleted -## -## Value: Duration -## Default: 1 minute -acl.acl_cache_ttl = 1m + ## The action when acl check reject current operation + ## + ## Value: ignore | disconnect + ## Default: ignore + acl_deny_action: ignore -## The action when acl check reject current operation -## -## Value: ignore | disconnect -## Default: ignore -acl.acl_deny_action = ignore + ## Specify the global flapping detect policy. + ## The value is a string composed of flapping threshold, duration and banned interval. + ## 1. threshold: an integer to specfify the disconnected times of a MQTT Client; + ## 2. duration: the time window for flapping detect; + ## 3. banned interval: the banned interval if a flapping is detected. + ## + ## Value: Integer,Duration,Duration + flapping_detect_policy: "30, 1m, 5m" -## Specify the global flapping detect policy. -## The value is a string composed of flapping threshold, duration and banned interval. -## 1. threshold: an integer to specfify the disconnected times of a MQTT Client; -## 2. duration: the time window for flapping detect; -## 3. banned interval: the banned interval if a flapping is detected. -## -## Value: Integer,Duration,Duration -acl.flapping_detect_policy = "30, 1m, 5m" +} ##-------------------------------------------------------------------- ## MQTT Protocol ##-------------------------------------------------------------------- +mqtt: { + ## Maximum MQTT packet size allowed. + ## + ## Value: Bytes + ## Default: 1MB + max_packet_size: "1MB" -## Maximum MQTT packet size allowed. -## -## Value: Bytes -## Default: 1MB -mqtt.max_packet_size = 1MB + ## Maximum length of MQTT clientId allowed. + ## + ## Value: Number [23-65535] + max_clientid_len: 65535 -## Maximum length of MQTT clientId allowed. -## -## Value: Number [23-65535] -mqtt.max_clientid_len = 65535 + ## Maximum topic levels allowed. 0 means no limit. + ## + ## Value: Number + max_topic_levels: 0 -## Maximum topic levels allowed. 0 means no limit. -## -## Value: Number -mqtt.max_topic_levels = 0 + ## Maximum QoS allowed. + ## + ## Value: 0 | 1 | 2 + max_qos_allowed: 2 -## Maximum QoS allowed. -## -## Value: 0 | 1 | 2 -mqtt.max_qos_allowed = 2 + ## Maximum Topic Alias, 0 means no topic alias supported. + ## + ## Value: 0-65535 + max_topic_alias: 65535 -## Maximum Topic Alias, 0 means no topic alias supported. -## -## Value: 0-65535 -mqtt.max_topic_alias = 65535 + ## Whether the Server supports MQTT retained messages. + ## + ## Value: boolean + retain_available: true -## Whether the Server supports MQTT retained messages. -## -## Value: boolean -mqtt.retain_available = true + ## Whether the Server supports MQTT Wildcard Subscriptions + ## + ## Value: boolean + wildcard_subscription: true -## Whether the Server supports MQTT Wildcard Subscriptions -## -## Value: boolean -mqtt.wildcard_subscription = true + ## Whether the Server supports MQTT Shared Subscriptions. + ## + ## Value: boolean + shared_subscription: true -## Whether the Server supports MQTT Shared Subscriptions. -## -## Value: boolean -mqtt.shared_subscription = true + ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) + ## + ## Value: true | false + ignore_loop_deliver: false -## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) -## -## Value: true | false -mqtt.ignore_loop_deliver = false + ## Whether to parse the MQTT frame in strict mode + ## + ## Value: true | false + strict_mode: false -## Whether to parse the MQTT frame in strict mode -## -## Value: true | false -mqtt.strict_mode = false - -## Specify the response information returned to the client -## -## Value: String -## mqtt.response_information = example + ## Specify the response information returned to the client + ## + ## Value: String + ## response_information: example +} ##-------------------------------------------------------------------- ## External Zone @@ -727,34 +730,34 @@ zone.external { ## Idle timeout of the external MQTT connections. ## ## Value: duration - idle_timeout = 15s + idle_timeout: 15s ## Enable ACL check. ## ## Value: Flag - enable_acl = on + enable_acl: on ## Enable ban check. ## ## Value: Flag - enable_ban = on + enable_ban: on ## Enable per connection statistics. ## ## Value: on | off - enable_stats = on + enable_stats: on ## The action when acl check reject current operation ## ## Value: ignore | disconnect ## Default: ignore - acl_deny_action = ignore + acl_deny_action: ignore ## Force the MQTT connection process GC after this number of ## messages | bytes passed through. ## ## Numbers delimited by `|'. Zero or negative is to disable. - force_gc_policy = "16000|16MB" + force_gc_policy: "16000|16MB" ## Max message queue length and total heap size to force shutdown ## connection/session process. @@ -766,89 +769,89 @@ zone.external { ## Default: ## - "10000|64MB" on ARCH_64 system ## - "1000|32MB" on ARCH_32 sytem - #force_shutdown_policy = "10000|64MB" + #force_shutdown_policy: "10000|64MB" ## Maximum MQTT packet size allowed. ## ## Value: Bytes ## Default: 1MB - ## max_packet_size = 64KB + ## max_packet_size: 64KB ## Maximum length of MQTT clientId allowed. ## ## Value: Number [23-65535] - ## max_clientid_len = 1024 + ## max_clientid_len: 1024 ## Maximum topic levels allowed. 0 means no limit. ## ## Value: Number - ## max_topic_levels = 7 + ## max_topic_levels: 7 ## Maximum QoS allowed. ## ## Value: 0 | 1 | 2 - ## max_qos_allowed = 2 + ## max_qos_allowed: 2 ## Maximum Topic Alias, 0 means no limit. ## ## Value: 0-65535 - ## max_topic_alias = 65535 + ## max_topic_alias: 65535 ## Whether the Server supports retained messages. ## ## Value: boolean - ## retain_available = true + ## retain_available: true ## Whether the Server supports Wildcard Subscriptions ## ## Value: boolean - ## wildcard_subscription = false + ## wildcard_subscription: false ## Whether the Server supports Shared Subscriptions ## ## Value: boolean - ## shared_subscription = false + ## shared_subscription: false ## Server Keep Alive ## ## Value: Number - ## server_keepalive = 0 + ## server_keepalive: 0 ## The backoff for MQTT keepalive timeout. The broker will kick a connection out ## until 'Keepalive * backoff * 2' timeout. ## ## Value: Float > 0.5 - keepalive_backoff = 0.75 + keepalive_backoff: 0.75 ## Maximum number of subscriptions allowed, 0 means no limit. ## ## Value: Number - max_subscriptions = 0 + max_subscriptions: 0 ## Force to upgrade QoS according to subscription. ## ## Value: on | off - upgrade_qos = off + upgrade_qos: off ## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked. ## ## Value: Number - max_inflight = 32 + max_inflight: 32 ## Retry interval for QoS1/2 message delivering. ## ## Value: Duration - retry_interval = 30s + retry_interval: 30s ## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit. ## ## Value: Number - max_awaiting_rel = 100 + max_awaiting_rel: 100 ## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout. ## ## Value: Duration - await_rel_timeout = 300s + await_rel_timeout: 300s ## Default session expiry interval for MQTT V3.1.1 connections. ## @@ -859,13 +862,13 @@ zone.external { ## -s: second ## ## Default: 2h, 2 hours - session_expiry_interval = 2h + session_expiry_interval: 2h ## Maximum queue length. Enqueued messages when persistent client disconnected, ## or inflight window is full. 0 means no limit. ## ## Value: Number >= 0 - max_mqueue_len = 1000 + max_mqueue_len: 1000 ## Topic priorities. ## 'none' to indicate no priority table (by default), hence all messages @@ -878,34 +881,34 @@ zone.external { ## either highest or lowest priority depending on the configured ## value for mqueue_default_priority ## - mqueue_priorities = none + mqueue_priorities: none ## Default to highest priority for topics not matching priority table ## ## Value: highest | lowest - mqueue_default_priority = highest + mqueue_default_priority: highest ## Whether to enqueue QoS0 messages. ## ## Value: false | true - mqueue_store_qos0 = true + mqueue_store_qos0: true ## Whether to turn on flapping detect ## ## Value: on | off - enable_flapping_detect = off + enable_flapping_detect: off ## Message limit for the a external MQTT connection. ## ## Value: Number,Duration ## Example: 100 messages per 10 seconds. - #rate_limit.conn_messages_in = "100,10s" + #rate_limit.conn_messages_in: "100,10s" ## Bytes limit for a external MQTT connections. ## ## Value: Number,Duration ## Example: 100KB incoming per 10 seconds. - #rate_limit.conn_bytes_in = "100KB,10s" + #rate_limit.conn_bytes_in: "100KB,10s" ## Whether to alarm the congested connections. ## @@ -921,7 +924,7 @@ zone.external { ## Where the is the client-id of the congested MQTT connection. ## And the is the username or "unknown_user" of not provided by the client. ## Default: off - #conn_congestion.alarm = off + #conn_congestion.alarm: off ## Won't clear the congested alarm in how long time. ## The alarm is cleared only when there're no pending bytes in the queue, and also it has been @@ -929,7 +932,7 @@ zone.external { ## ## This is to avoid clearing and sending the alarm again too often. ## Default: 1m - #conn_congestion.min_alarm_sustain_duration = 1m + #conn_congestion.min_alarm_sustain_duration: 1m ## Messages quota for the each of external MQTT connection. ## This value consumed by the number of recipient on a message. @@ -937,7 +940,7 @@ zone.external { ## Value: Number, Duration ## ## Example: 100 messages per 1s - #quota.conn_messages_routing = "100,1s" + #quota.conn_messages_routing: "100,1s" ## Messages quota for the all of external MQTT connections. ## This value consumed by the number of recipient on a message. @@ -945,7 +948,7 @@ zone.external { ## Value: Number, Duration ## ## Example: 200000 messages per 1s - #quota.overall_messages_routing = "200000,1s" + #quota.overall_messages_routing: "200000,1s" ## All the topics will be prefixed with the mountpoint path if this option is enabled. ## @@ -954,28 +957,28 @@ zone.external { ## - %u: username ## ## Value: String - ## mountpoint = "devicebound/" + ## mountpoint: "devicebound/" ## Whether use username replace client id ## ## Value: boolean ## Default: false - use_username_as_clientid = false + use_username_as_clientid: false ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) ## ## Value: true | false - ignore_loop_deliver = false + ignore_loop_deliver: false ## Whether to parse the MQTT frame in strict mode ## ## Value: true | false - strict_mode = false + strict_mode: false ## Specify the response information returned to the client ## ## Value: String - #response_information = example + #response_information: example } ##-------------------------------------------------------------------- @@ -985,73 +988,73 @@ zone.internal { ## Notice: Disable the option in production deployment! ## ## Value: true | false - allow_anonymous = true + allow_anonymous: true ## Enable per connection stats. ## ## Value: Flag - enable_stats = on + enable_stats: on ## Enable ACL check. ## ## Value: Flag - enable_acl = off + enable_acl: off ## The action when acl check reject current operation ## ## Value: ignore | disconnect ## Default: ignore - acl_deny_action = ignore + acl_deny_action: ignore ## See zone.$name.force_gc_policy - ## force_gc_policy = "128000|128MB" + ## force_gc_policy: "128000|128MB" ## See zone.$name.wildcard_subscription. ## ## Value: boolean - ## wildcard_subscription = true + ## wildcard_subscription: true ## See zone.$name.shared_subscription. ## ## Value: boolean - ## shared_subscription = true + ## shared_subscription: true ## See zone.$name.max_subscriptions. ## ## Value: Integer - max_subscriptions = 0 + max_subscriptions: 0 ## See zone.$name.max_inflight ## ## Value: Number - max_inflight = 128 + max_inflight: 128 ## See zone.$name.max_awaiting_rel ## ## Value: Number - max_awaiting_rel = 1000 + max_awaiting_rel: 1000 ## See zone.$name.max_mqueue_len ## ## Value: Number >= 0 - max_mqueue_len = 10000 + max_mqueue_len: 10000 ## Whether to enqueue Qos0 messages. ## ## Value: false | true - mqueue_store_qos0 = true + mqueue_store_qos0: true ## Whether to turn on flapping detect ## ## Value: on | off - enable_flapping_detect = off + enable_flapping_detect: off ## See zone.$name.force_shutdown_policy ## ## Default: ## - "10000|64MB" on ARCH_64 system ## - "1000|32MB" on ARCH_32 sytem - #force_shutdown_policy = 10000|64MB + #force_shutdown_policy: 10000|64MB ## All the topics will be prefixed with the mountpoint path if this option is enabled. ## @@ -1060,27 +1063,27 @@ zone.internal { ## - %u: username ## ## Value: String - ## mountpoint = "cloudbound/" + ## mountpoint: "cloudbound/" ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) ## ## Value: true | false - ignore_loop_deliver = false + ignore_loop_deliver: false ## Whether to parse the MQTT frame in strict mode ## ## Value: true | false - strict_mode = false + strict_mode: false ## Specify the response information returned to the client ## ## Value: String - ## response_information = example + ## response_information: example ## Allow the zone's clients to bypass authentication step ## ## Value: true | false - bypass_auth_plugins = true + bypass_auth_plugins: true } ##-------------------------------------------------------------------- @@ -1092,34 +1095,34 @@ listener.tcp.external { ## Value: IP:Port | Port ## ## Examples: 1883, "127.0.0.1:1883", "::1:1883" - endpoint = "0.0.0.0:1883" + endpoint: "0.0.0.0:1883" ## The acceptor pool for external MQTT/TCP listener. ## ## Value: Number - acceptors = 8 + acceptors: 8 ## Maximum number of concurrent MQTT/TCP connections. ## ## Value: Number - max_connections = 1024000 + max_connections: 1024000 ## Maximum external connections per second. ## ## Value: Number - max_conn_rate = 1000 + max_conn_rate: 1000 ## Specify the {active, N} option for the external MQTT/TCP Socket. ## ## Value: Number - active_n = 100 + active_n: 100 ## Zone of the external MQTT/TCP listener belonged to. ## ## See: zone.$name.* ## ## Value: String - zone = external + zone: external ## The access control rules for the MQTT/TCP listener. ## @@ -1128,7 +1131,7 @@ listener.tcp.external { ## Value: ACL Rule ## ## Example: "allow 192.168.0.0/24" - access.1 = "allow all" + access.1: "allow all" ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed ## behind HAProxy or Nginx. @@ -1136,57 +1139,57 @@ listener.tcp.external { ## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/ ## ## Value: on | off - ## proxy_protocol = on + ## proxy_protocol: on ## Sets the timeout for proxy protocol. EMQ X will close the TCP connection ## if no proxy protocol packet recevied within the timeout. ## ## Value: Duration - ## proxy_protocol_timeout = 3s + ## proxy_protocol_timeout: 3s ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT username. ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info ## ## Value: cn - ## peer_cert_as_username = cn + ## peer_cert_as_username: cn ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT clientid. ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info ## ## Value: cn - ## peer_cert_as_clientid = cn + ## peer_cert_as_clientid: cn ## The TCP backlog defines the maximum length that the queue of pending ## connections can grow to. ## ## Value: Number >= 0 - backlog = 1024 + backlog: 1024 ## The TCP send timeout for external MQTT connections. ## ## Value: Duration - send_timeout = 15s + send_timeout: 15s ## Close the TCP connection if send timeout. ## ## Value: on | off - send_timeout_close = on + send_timeout_close: on ## The TCP receive buffer(os kernel) for MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes - ## recbuf = 2KB + ## recbuf: 2KB ## The TCP send buffer(os kernel) for MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes - ## sndbuf = 2KB + ## sndbuf: 2KB ## The size of the user-level software buffer used by the driver. ## Not to be confused with options sndbuf and recbuf, which correspond @@ -1198,30 +1201,30 @@ listener.tcp.external { ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes - ## buffer = 2KB + ## buffer: 2KB - ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. + ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled. ## ## Value: on | off - ## tune_buffer = off + ## tune_buffer: off ## The socket is set to a busy state when the amount of data queued internally ## by the ERTS socket implementation reaches this limit. ## ## Value: on | off ## Defaults to 1MB - ## high_watermark = 1MB + ## high_watermark: 1MB ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are ## sent immediately if the option is enabled. ## ## Value: true | false - nodelay = true + nodelay: true ## The SO_REUSEADDR flag for TCP listener. ## ## Value: true | false - reuseaddr = true + reuseaddr: true } ##-------------------------------------------------------------------- @@ -1234,93 +1237,93 @@ listener.tcp.internal { ## Value: IP:Port, Port ## ## Examples: 11883, "127.0.0.1:11883", "::1:11883" - endpoint = "127.0.0.1:11883" + endpoint: "127.0.0.1:11883" ## The acceptor pool for internal MQTT/TCP listener. ## ## Value: Number - acceptors = 4 + acceptors: 4 ## Maximum number of concurrent MQTT/TCP connections. ## ## Value: Number - max_connections = 1024000 + max_connections: 1024000 ## Maximum internal connections per second. ## ## Value: Number - max_conn_rate = 1000 + max_conn_rate: 1000 ## Specify the {active, N} option for the internal MQTT/TCP Socket. ## ## Value: Number - active_n = 1000 + active_n: 1000 ## Zone of the internal MQTT/TCP listener belonged to. ## ## Value: String - zone = internal + zone: internal ## The TCP backlog of internal MQTT/TCP Listener. ## ## See: listener.tcp.$name.backlog ## ## Value: Number >= 0 - backlog = 512 + backlog: 512 ## The TCP send timeout for internal MQTT connections. ## ## See: listener.tcp.$name.send_timeout ## ## Value: Duration - send_timeout = 5s + send_timeout: 5s ## Close the MQTT/TCP connection if send timeout. ## ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off - send_timeout_close = on + send_timeout_close: on ## The TCP receive buffer(os kernel) for internal MQTT connections. ## ## See: listener.tcp.$name.recbuf ## ## Value: Bytes - recbuf = 64KB + recbuf: 64KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes - sndbuf = 64KB + sndbuf: 64KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp.$name.buffer ## ## Value: Bytes - ## buffer = 16KB + ## buffer: 16KB - ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. + ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.tcp.$name.tune_buffer ## ## Value: on | off - ## tune_buffer = off + ## tune_buffer: off ## The TCP_NODELAY flag for internal MQTT connections. ## ## See: listener.tcp.$name.nodelay ## ## Value: true | false - nodelay = false + nodelay: false ## The SO_REUSEADDR flag for MQTT/TCP Listener. ## ## Value: true | false - reuseaddr = true + reuseaddr: true } ##-------------------------------------------------------------------- @@ -1332,39 +1335,39 @@ listener.ssl.external { ## Value: IP:Port | Port ## ## Examples: 8883, "127.0.0.1:8883", "::1:8883" - endpoint = 8883 + endpoint: 8883 ## The acceptor pool for external MQTT/SSL listener. ## ## Value: Number - acceptors = 16 + acceptors: 16 ## Maximum number of concurrent MQTT/SSL connections. ## ## Value: Number - max_connections = 102400 + max_connections: 102400 ## Maximum MQTT/SSL connections per second. ## ## Value: Number - max_conn_rate = 500 + max_conn_rate: 500 ## Specify the {active, N} option for the internal MQTT/SSL Socket. ## ## Value: Number - active_n = 100 + active_n: 100 ## Zone of the external MQTT/SSL listener belonged to. ## ## Value: String - zone = external + zone: external ## The access control rules for the MQTT/SSL listener. ## ## See: listener.tcp.$name.access ## ## Value: ACL Rule - access.1 = "allow all" + access.1: "allow all" ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind ## HAProxy or Nginx. @@ -1372,14 +1375,14 @@ listener.ssl.external { ## See: listener.tcp.$name.proxy_protocol ## ## Value: on | off - ## proxy_protocol = on + ## proxy_protocol: on ## Sets the timeout for proxy protocol. ## ## See: listener.tcp.$name.proxy_protocol_timeout ## ## Value: Duration - ## proxy_protocol_timeout = 3s + ## proxy_protocol_timeout: 3s ## TLS versions only to protect from POODLE attack. ## @@ -1387,44 +1390,44 @@ listener.ssl.external { ## ## Value: String, seperated by ',' ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier - ## tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1" + ## tls_versions: "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1" ## TLS Handshake timeout. ## ## Value: Duration - handshake_timeout = 15s + handshake_timeout: 15s ## Maximum number of non-self-issued intermediate certificates that ## can follow the peer certificate in a valid certification path. ## ## Value: Number - ## depth = 10 + ## depth: 10 ## String containing the user's password. Only used if the private keyfile ## is password-protected. ## ## Value: String - ## key_password = yourpass + ## key_password: yourpass ## Path to the file containing the user's private PEM-encoded key. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File - keyfile = "{{ platform_etc_dir }}/certs/key.pem" + keyfile: "{{ platform_etc_dir }}/certs/key.pem" ## Path to a file containing the user certificate. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File - certfile = "{{ platform_etc_dir }}/certs/cert.pem" + certfile: "{{ platform_etc_dir }}/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. The CA certificates ## are used during server authentication and when building the client certificate chain. ## ## Value: File - ## cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" + ## cacertfile: "{{ platform_etc_dir }}/certs/cacert.pem" ## The Ephemeral Diffie-Helman key exchange is a very effective way of ## ensuring Forward Secrecy by exchanging a set of keys that never hit @@ -1441,7 +1444,7 @@ listener.ssl.external { ## openssl dhparam -out dh-params.pem 2048 ## ## Value: File - ## dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem" + ## dhfile: "{{ platform_etc_dir }}/certs/dh-params.pem" ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this @@ -1450,14 +1453,14 @@ listener.ssl.external { ## More information at: http://erlang.org/doc/man/ssl.html ## ## Value: verify_peer | verify_none - ## verify = verify_peer + ## verify: verify_peer ## Used together with {verify, verify_peer} by an SSL server. If set to true, ## the server fails if the client does not have a certificate to send, that is, ## sends an empty certificate. ## ## Value: true | false - ## fail_if_no_peer_cert = true + ## fail_if_no_peer_cert: true ## This is the single most important configuration option of an Erlang SSL ## application. Ciphers (and their ordering) define the way the client and @@ -1476,13 +1479,13 @@ listener.ssl.external { ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers - ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" + ciphers: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## Note that 'ciphers' and 'psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. - #psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" + #psk_ciphers: "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" ## SSL parameter renegotiation is a feature that allows a client and a server ## to renegotiate the parameters of the SSL connection on the fly. @@ -1490,7 +1493,7 @@ listener.ssl.external { ## you drop support for the insecure renegotiation, prone to MitM attacks. ## ## Value: on | off - ## secure_renegotiate = off + ## secure_renegotiate: off ## A performance optimization setting, it allows clients to reuse ## pre-existing sessions, instead of initializing new ones. @@ -1499,7 +1502,7 @@ listener.ssl.external { ## See: http://erlang.org/doc/man/ssl.html ## ## Value: on | off - ## reuse_sessions = on + ## reuse_sessions: on ## An important security setting, it forces the cipher to be set based ## on the server-specified order instead of the client-specified order, @@ -1507,82 +1510,82 @@ listener.ssl.external { ## ordering of the server administrator. ## ## Value: on | off - ## honor_cipher_order = on + ## honor_cipher_order: on ## Use the CN, DN or CRT field from the client certificate as a username. ## Notice that 'verify' should be set as 'verify_peer'. ## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT. ## ## Value: cn | dn | crt | pem | md5 - ## peer_cert_as_username = cn + ## peer_cert_as_username: cn ## Use the CN, DN or CRT field from the client certificate as a username. ## Notice that 'verify' should be set as 'verify_peer'. ## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT. ## ## Value: cn | dn | crt | pem | md5 - ## peer_cert_as_clientid = cn + ## peer_cert_as_clientid: cn ## TCP backlog for the SSL connection. ## ## See listener.tcp.$name.backlog ## ## Value: Number >= 0 - ## backlog = 1024 + ## backlog: 1024 ## The TCP send timeout for the SSL connection. ## ## See listener.tcp.$name.send_timeout ## ## Value: Duration - ## send_timeout = 15s + ## send_timeout: 15s ## Close the SSL connection if send timeout. ## ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off - ## send_timeout_close = on + ## send_timeout_close: on ## The TCP receive buffer(os kernel) for the SSL connections. ## ## See: listener.tcp.$name.recbuf ## ## Value: Bytes - ## recbuf = 4KB + ## recbuf: 4KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: listener.tcp.$name.sndbuf ## ## Value: Bytes - ## sndbuf = 4KB + ## sndbuf: 4KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp.$name.buffer ## ## Value: Bytes - ## buffer = 4KB + ## buffer: 4KB - ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. + ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.tcp.$name.tune_buffer ## ## Value: on | off - ## tune_buffer = off + ## tune_buffer: off ## The TCP_NODELAY flag for SSL connections. ## ## See: listener.tcp.$name.nodelay ## ## Value: true | false - ## nodelay = true + ## nodelay: true ## The SO_REUSEADDR flag for MQTT/SSL Listener. ## ## Value: true | false - reuseaddr = true + reuseaddr: true } ##-------------------------------------------------------------------- @@ -1595,67 +1598,67 @@ listener.ws.external { ## Value: IP:Port | Port ## ## Examples: 8083, "127.0.0.1:8083", "::1:8083" - endpoint = 8083 + endpoint: 8083 ## The path of WebSocket MQTT endpoint ## ## Value: URL Path - mqtt_path = "/mqtt" + mqtt_path: "/mqtt" ## The acceptor pool for external MQTT/WebSocket listener. ## ## Value: Number - acceptors = 4 + acceptors: 4 ## Maximum number of concurrent MQTT/WebSocket connections. ## ## Value: Number - max_connections = 102400 + max_connections: 102400 ## Maximum MQTT/WebSocket connections per second. ## ## Value: Number - max_conn_rate = 1000 + max_conn_rate: 1000 ## Simulate the {active, N} option for the MQTT/WebSocket connections. ## ## Value: Number - active_n = 100 + active_n: 100 ## Zone of the external MQTT/WebSocket listener belonged to. ## ## Value: String - zone = external + zone: external ## The access control for the MQTT/WebSocket listener. ## ## See: $name.access ## ## Value: ACL Rule - access.1 = "allow all" + access.1: "allow all" ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send. ## Set to false for WeChat MiniApp. ## ## Value: true | false - ## fail_if_no_subprotocol = true + ## fail_if_no_subprotocol: true ## Supported subprotocols ## ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5 - ## supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" + ## supported_subprotocols: "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" ## Specify which HTTP header for real source IP if the EMQ X cluster is ## deployed behind NGINX or HAProxy. ## ## Default: X-Forwarded-For - ## proxy_address_header = X-Forwarded-For + ## proxy_address_header: X-Forwarded-For ## Specify which HTTP header for real source port if the EMQ X cluster is ## deployed behind NGINX or HAProxy. ## ## Default: X-Forwarded-Port - ## proxy_port_header = X-Forwarded-Port + ## proxy_port_header: X-Forwarded-Port ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind ## HAProxy or Nginx. @@ -1663,158 +1666,158 @@ listener.ws.external { ## See: $name.proxy_protocol ## ## Value: on | off - ## proxy_protocol = on + ## proxy_protocol: on ## Sets the timeout for proxy protocol. ## ## See: $name.proxy_protocol_timeout ## ## Value: Duration - ## proxy_protocol_timeout = 3s + ## proxy_protocol_timeout: 3s ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT username. ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info ## ## Value: cn - ## peer_cert_as_username = cn + ## peer_cert_as_username: cn ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT clientid. ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info ## ## Value: cn - ## peer_cert_as_clientid = cn + ## peer_cert_as_clientid: cn ## The TCP backlog of external MQTT/WebSocket Listener. ## ## See: $name.backlog ## ## Value: Number >= 0 - backlog = 1024 + backlog: 1024 ## The TCP send timeout for external MQTT/WebSocket connections. ## ## See: $name.send_timeout ## ## Value: Duration - send_timeout = 15s + send_timeout: 15s ## Close the MQTT/WebSocket connection if send timeout. ## ## See: $name.send_timeout_close ## ## Value: on | off - send_timeout_close = on + send_timeout_close: on ## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections. ## ## See: $name.recbuf ## ## Value: Bytes - ## recbuf = 2KB + ## recbuf: 2KB ## The TCP send buffer(os kernel) for external MQTT/WebSocket connections. ## ## See: $name.sndbuf ## ## Value: Bytes - ## sndbuf = 2KB + ## sndbuf: 2KB ## The size of the user-level software buffer used by the driver. ## ## See: $name.buffer ## ## Value: Bytes - ## buffer = 2KB + ## buffer: 2KB - ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. + ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled. ## ## See: $name.tune_buffer ## ## Value: on | off - ## tune_buffer = off + ## tune_buffer: off ## The TCP_NODELAY flag for external MQTT/WebSocket connections. ## ## See: $name.nodelay ## ## Value: true | false - nodelay = true + nodelay: true ## The compress flag for external MQTT/WebSocket connections. ## ## If this Value is set true,the websocket message would be compressed ## ## Value: true | false - ## compress = true + ## compress: true ## The level of deflate options for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.level ## ## Value: none | default | best_compression | best_speed - ## deflate_opts.level = default + ## deflate_opts.level: default ## The mem_level of deflate options for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.mem_level ## ## Valid range is 1-9 - ## deflate_opts.mem_level = 8 + ## deflate_opts.mem_level: 8 ## The strategy of deflate options for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.strategy ## ## Value: default | filtered | huffman_only | rle - ## deflate_opts.strategy = default + ## deflate_opts.strategy: default ## The deflate option for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.server_context_takeover ## ## Value: takeover | no_takeover - ## deflate_opts.server_context_takeover = takeover + ## deflate_opts.server_context_takeover: takeover ## The deflate option for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.client_context_takeover ## ## Value: takeover | no_takeover - ## deflate_opts.client_context_takeover = takeover + ## deflate_opts.client_context_takeover: takeover ## The deflate options for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.server_max_window_bits ## ## Valid range is 8-15 - ## deflate_opts.server_max_window_bits = 15 + ## deflate_opts.server_max_window_bits: 15 ## The deflate options for external MQTT/WebSocket connections. ## ## See: $name.deflate_opts.client_max_window_bits ## ## Valid range is 8-15 - ## deflate_opts.client_max_window_bits = 15 + ## deflate_opts.client_max_window_bits: 15 ## The idle timeout for external MQTT/WebSocket connections. ## ## See: $name.idle_timeout ## ## Value: Duration - ## idle_timeout = 60s + ## idle_timeout: 60s ## The max frame size for external MQTT/WebSocket connections. ## ## ## Value: Number - ## max_frame_size = 0 + ## max_frame_size: 0 ## Whether a WebSocket message is allowed to contain multiple MQTT packets ## ## Value: single | multiple - mqtt_piggyback = multiple + mqtt_piggyback: multiple ## By default, EMQX web socket connection does not restrict connections to specific origins. ## It also, by default, does not enforce the presence of origin in request headers for WebSocket connections. @@ -1823,32 +1826,32 @@ listener.ws.external { ## To prevent this, users can set allowed origin headers in their ws connection to EMQX. ## Example for WS connection ## To enables origin check in header for websocket connnection, - ## set `check_origin_enable = true`. By default it is false, + ## set `check_origin_enable: true`. By default it is false, ## When it is set to true and no origin is present in the header of a ws connection request, the request fails. ## To allow origins to be absent in header in the websocket connection when check_origin_enable is true, - ## set `allow_origin_absence = true` + ## set `allow_origin_absence: true` ## Enabling origin check implies there are specific valid origins allowed for ws connection. ## To set the list of allowed origins in header for websocket connection - ## check_origins = http://localhost:18083(localhost dashboard url), http://yourapp.com` + ## check_origins: http://localhost:18083(localhost dashboard url), http://yourapp.com` ## check_origins config allows a comma separated list of origins so you can specify as many origins are you want. ## With these configs, you can allow only connections from only authorized origins to your broker ## Enable origin check in header for websocket connection ## ## Value: true | false (default false) - check_origin_enable = false + check_origin_enable: false ## Allow origin to be absent in header in websocket connection when check_origin_enable is true ## ## Value: true | false (default true) - allow_origin_absence = true + allow_origin_absence: true ## Comma separated list of allowed origin in header for websocket connection ## ## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083 - check_origins = "http://localhost:18083, http://127.0.0.1:18083" + check_origins: "http://localhost:18083, http://127.0.0.1:18083" } ##-------------------------------------------------------------------- @@ -1860,83 +1863,83 @@ listener.wss.external { ## Value: IP:Port | Port ## ## Examples: 8084, "127.0.0.1:8084", "::1:8084" - endpoint = 8084 + endpoint: 8084 ## The path of WebSocket MQTT endpoint ## ## Value: URL Path - mqtt_path = "/mqtt" + mqtt_path: "/mqtt" ## The acceptor pool for external MQTT/WebSocket/SSL listener. ## ## Value: Number - acceptors = 4 + acceptors: 4 ## Maximum number of concurrent MQTT/Webwocket/SSL connections. ## ## Value: Number - max_connections = 16 + max_connections: 16 ## Maximum MQTT/WebSocket/SSL connections per second. ## ## See: listener.tcp.$name.max_conn_rate ## ## Value: Number - max_conn_rate = 1000 + max_conn_rate: 1000 ## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections. ## ## Value: Number - active_n = 100 + active_n: 100 ## Zone of the external MQTT/WebSocket/SSL listener belonged to. ## ## Value: String - zone = external + zone: external ## The access control rules for the MQTT/WebSocket/SSL listener. ## ## See: listener.tcp.$name.access. ## ## Value: ACL Rule - access.1 = "allow all" + access.1: "allow all" ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send. ## Set to false for WeChat MiniApp. ## ## Value: true | false - ## fail_if_no_subprotocol = true + ## fail_if_no_subprotocol: true ## Supported subprotocols ## ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5 - ## supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" + ## supported_subprotocols: "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" ## Specify which HTTP header for real source IP if the EMQ X cluster is ## deployed behind NGINX or HAProxy. ## ## Default: X-Forwarded-For - ## proxy_address_header = X-Forwarded-For + ## proxy_address_header: X-Forwarded-For ## Specify which HTTP header for real source port if the EMQ X cluster is ## deployed behind NGINX or HAProxy. ## ## Default: X-Forwarded-Port - ## proxy_port_header = X-Forwarded-Port + ## proxy_port_header: X-Forwarded-Port ## Enable the Proxy Protocol V1/2 support. ## ## See: listener.tcp.$name.proxy_protocol ## ## Value: on | off - ## proxy_protocol = on + ## proxy_protocol: on ## Sets the timeout for proxy protocol. ## ## See: listener.tcp.$name.proxy_protocol_timeout ## ## Value: Duration - ## proxy_protocol_timeout = 3s + ## proxy_protocol_timeout: 3s ## TLS versions only to protect from POODLE attack. ## @@ -1944,28 +1947,28 @@ listener.wss.external { ## ## Value: String, seperated by ',' ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier - ## tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1" + ## tls_versions: "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1" ## Path to the file containing the user's private PEM-encoded key. ## ## See: listener.ssl.$name.keyfile ## ## Value: File - keyfile = "{{ platform_etc_dir }}/certs/key.pem" + keyfile: "{{ platform_etc_dir }}/certs/key.pem" ## Path to a file containing the user certificate. ## ## See: listener.ssl.$name.certfile ## ## Value: File - certfile = "{{ platform_etc_dir }}/certs/cert.pem" + certfile: "{{ platform_etc_dir }}/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. ## ## See: listener.ssl.$name.cacert ## ## Value: File - ## cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" + ## cacertfile: "{{ platform_etc_dir }}/certs/cacert.pem" ## Maximum number of non-self-issued intermediate certificates that ## can follow the peer certificate in a valid certification path. @@ -1973,7 +1976,7 @@ listener.wss.external { ## See: listener.ssl.external.depth ## ## Value: Number - ## depth = 10 + ## depth: 10 ## String containing the user's password. Only used if the private keyfile ## is password-protected. @@ -1981,192 +1984,192 @@ listener.wss.external { ## See: listener.ssl.$name.key_password ## ## Value: String - ## key_password = yourpass + ## key_password: yourpass ## See: listener.ssl.$name.dhfile ## ## Value: File - ## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem" + ## listener.ssl.external.dhfile: "{{ platform_etc_dir }}/certs/dh-params.pem" ## See: listener.ssl.$name.verify ## ## Value: verify_peer | verify_none - ## verify = verify_peer + ## verify: verify_peer ## See: listener.ssl.$name.fail_if_no_peer_cert ## ## Value: false | true - ## fail_if_no_peer_cert = true + ## fail_if_no_peer_cert: true ## See: listener.ssl.$name.ciphers ## ## Value: Ciphers - ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" + ciphers: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## Note that 'ciphers' and 'psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. - ## psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" + ## psk_ciphers: "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" ## See: listener.ssl.$name.secure_renegotiate ## ## Value: on | off - ## secure_renegotiate = off + ## secure_renegotiate: off ## See: listener.ssl.$name.reuse_sessions ## ## Value: on | off - ## reuse_sessions = on + ## reuse_sessions: on ## See: listener.ssl.$name.honor_cipher_order ## ## Value: on | off - ## honor_cipher_order = on + ## honor_cipher_order: on ## See: listener.ssl.$name.peer_cert_as_username ## ## Value: cn | dn | crt | pem | md5 - ## peer_cert_as_username = cn + ## peer_cert_as_username: cn ## See: listener.ssl.$name.peer_cert_as_clientid ## ## Value: cn | dn | crt | pem | md5 - ## peer_cert_as_clientid = cn + ## peer_cert_as_clientid: cn ## TCP backlog for the WebSocket/SSL connection. ## ## See: listener.tcp.$name.backlog ## ## Value: Number >= 0 - backlog = 1024 + backlog: 1024 ## The TCP send timeout for the WebSocket/SSL connection. ## ## See: listener.tcp.$name.send_timeout ## ## Value: Duration - send_timeout = 15s + send_timeout: 15s ## Close the WebSocket/SSL connection if send timeout. ## ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off - send_timeout_close = on + send_timeout_close: on ## The TCP receive buffer(os kernel) for the WebSocket/SSL connections. ## ## See: listener.tcp.$name.recbuf ## ## Value: Bytes - ## recbuf = 4KB + ## recbuf: 4KB ## The TCP send buffer(os kernel) for the WebSocket/SSL connections. ## ## See: listener.tcp.$name.sndbuf ## ## Value: Bytes - ## sndbuf = 4KB + ## sndbuf: 4KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp.$name.buffer ## ## Value: Bytes - ## buffer = 4KB + ## buffer: 4KB ## The TCP_NODELAY flag for WebSocket/SSL connections. ## ## See: listener.tcp.$name.nodelay ## ## Value: true | false - ## nodelay = true + ## nodelay: true ## The compress flag for external WebSocket/SSL connections. ## ## If this Value is set true,the websocket message would be compressed ## ## Value: true | false - ## compress = true + ## compress: true ## The level of deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.level ## ## Value: none | default | best_compression | best_speed - ## deflate_opts.level = default + ## deflate_opts.level: default ## The mem_level of deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.mem_level ## ## Valid range is 1-9 - ## deflate_opts.mem_level = 8 + ## deflate_opts.mem_level: 8 ## The strategy of deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.strategy ## ## Value: default | filtered | huffman_only | rle - ## deflate_opts.strategy = default + ## deflate_opts.strategy: default ## The deflate option for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.server_context_takeover ## ## Value: takeover | no_takeover - ## deflate_opts.server_context_takeover = takeover + ## deflate_opts.server_context_takeover: takeover ## The deflate option for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.client_context_takeover ## ## Value: takeover | no_takeover - ## deflate_opts.client_context_takeover = takeover + ## deflate_opts.client_context_takeover: takeover ## The deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.server_max_window_bits ## ## Valid range is 8-15 - ## deflate_opts.server_max_window_bits = 15 + ## deflate_opts.server_max_window_bits: 15 ## The deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.client_max_window_bits ## ## Valid range is 8-15 - ## deflate_opts.client_max_window_bits = 15 + ## deflate_opts.client_max_window_bits: 15 ## The idle timeout for external WebSocket/SSL connections. ## ## See: listener.wss.$name.idle_timeout ## ## Value: Duration - ## idle_timeout = 60s + ## idle_timeout: 60s ## The max frame size for external WebSocket/SSL connections. ## ## Value: Number - ## max_frame_size = 0 + ## max_frame_size: 0 ## Whether a WebSocket message is allowed to contain multiple MQTT packets ## ## Value: single | multiple - mqtt_piggyback = multiple + mqtt_piggyback: multiple ## Enable origin check in header for secure websocket connection ## ## Value: true | false (default false) - check_origin_enable = false + check_origin_enable: false ## Allow origin to be absent in header in secure websocket connection when check_origin_enable is true ## ## Value: true | false (default true) - allow_origin_absence = true + allow_origin_absence: true ## Comma separated list of allowed origin in header for secure websocket connection ## ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084 - check_origins = "https://localhost:8084, https://127.0.0.1:8084" + check_origins: "https://localhost:8084, https://127.0.0.1:8084" } ##-------------------------------------------------------------------- @@ -2179,55 +2182,55 @@ listener.quic.external { ## Value: IP:Port | Port ## ## Examples: 14567, 127.0.0.1:14567, ::1:14567 - endpoint = 14567 + endpoint: 14567 ## The acceptor pool for external MQTT/QUIC listener. ## ## Value: Number - acceptors = 4 + acceptors: 4 ## Maximum number of concurrent MQTT/Webwocket/SSL connections. ## ## Value: Number - max_connections = 16 + max_connections: 16 ## Maximum MQTT/QUIC connections per second. ## ## See: listener.tcp.$name.max_conn_rate ## ## Value: Number - max_conn_rate = 1000 + max_conn_rate: 1000 ## Simulate the {active, N} option for the MQTT/QUIC connections. ## @todo ## Value: Number - ## active_n = 100 + ## active_n: 100 ## Zone of the external MQTT/QUIC listener belonged to. ## ## Value: String - zone = external + zone: external ## Path to the file containing the user's private PEM-encoded key. ## ## See: listener.ssl.$name.keyfile ## ## Value: File - keyfile = "{{ platform_etc_dir }}/certs/key.pem" + keyfile: "{{ platform_etc_dir }}/certs/key.pem" ## Path to a file containing the user certificate. ## ## See: listener.ssl.$name.certfile ## ## Value: File - certfile = "{{ platform_etc_dir }}/certs/cert.pem" + certfile: "{{ platform_etc_dir }}/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. ## @todo ## See: listener.ssl.$name.cacert ## ## Value: File - ## cacertfile = {{ platform_etc_dir }}/certs/cacert.pem + ## cacertfile: {{ platform_etc_dir }}/certs/cacert.pem ## String containing the user's password. Only used if the private keyfile ## is password-protected. @@ -2235,382 +2238,333 @@ listener.quic.external { ## See: listener.ssl.$name.key_password ## ## Value: String - ## key_password = yourpass + ## key_password: yourpass ## See: listener.ssl.$name.verify ## @todo ## Value: verify_peer | verify_none - ## verify = verify_peer + ## verify: verify_peer ## See: listener.ssl.$name.fail_if_no_peer_cert ## @todo ## Value: false | true - ## fail_if_no_peer_cert = true + ## fail_if_no_peer_cert: true ## See: listener.ssl.$name.ciphers ## @todo ## Value: Ciphers - ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256" + ciphers: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256" ## Ciphers for TLS PSK. ## @todo ## Note that 'ciphers' and 'psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. - ## psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA + ## psk_ciphers: PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA ## See: listener.ssl.$name.honor_cipher_order ## @todo ## Value: on | off - ## honor_cipher_order = on + ## honor_cipher_order: on ## The send timeout for the QUIC stream. ## @todo ## ## Value: Duration - # send_timeout = 15s + # send_timeout: 15s ## Close the QUIC connection if send timeout. ## @todo ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off - ## send_timeout_close = on + ## send_timeout_close: on ## The receive buffer for the QUIC connections. ## @todo ## See: listener.tcp.$name.recbuf ## ## Value: Bytes - ## recbuf = 4KB + ## recbuf: 4KB ## The TCP send buffer(os kernel) for the QUIC connections. ## @todo ## See: listener.tcp.$name.sndbuf ## ## Value: Bytes - ## sndbuf = 4KB + ## sndbuf: 4KB ## The size of the user-level software buffer used by the driver. ## @todo ## See: listener.tcp.$name.buffer ## ## Value: Bytes - ## buffer = 4KB + ## buffer: 4KB ## The idle timeout for external QUIC connections. ## @todo ## See: listener.quic.$name.idle_timeout ## ## Value: Duration - ## idle_timeout = 60s + ## idle_timeout: 60s ## The max frame size for external QUIC connections. ## @todo ## Value: Number - ## max_frame_size = 0 + ## max_frame_size: 0 } -## CONFIG_SECTION_BGN=modules ================================================== - -## The file to store loaded module names. -## -## Value: File -module.loaded_file = "{{ platform_data_dir }}/loaded_modules" - -##-------------------------------------------------------------------- -## Presence Module - -## Sets the QoS for presence MQTT message. -## -## Value: 0 | 1 | 2 -module.presence.qos = 1 - -##-------------------------------------------------------------------- -## Subscription Module - -## Subscribe the Topics automatically when client connected. -## -## Value: String -## module.subscription.1.topic = "connected/%c/%u" - -## Qos of the proxy subscription. -## -## Value: 0 | 1 | 2 -## Default: 0 -## module.subscription.1.qos = 0 - -## No Local of the proxy subscription options. -## This configuration only takes effect in the MQTT V5 protocol. -## -## Value: 0 | 1 -## Default: 0 -## module.subscription.1.nl = 0 - -## Retain As Published of the proxy subscription options. -## This configuration only takes effect in the MQTT V5 protocol. -## -## Value: 0 | 1 -## Default: 0 -## module.subscription.1.rap = 0 - -## Retain Handling of the proxy subscription options. -## This configuration only takes effect in the MQTT V5 protocol. -## -## Value: 0 | 1 | 2 -## Default: 0 -## module.subscription.1.rh = 0 - -##-------------------------------------------------------------------- -## Rewrite Module - -## {rewrite, Topic, Re, Dest} -## module.rewrite.pub_rule.1 = "x/# ^x/y/(.+)$ z/y/$1" -## module.rewrite.sub_rule.1 = "y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2" - -## CONFIG_SECTION_END=modules ================================================== - ##------------------------------------------------------------------- ## Plugins ##------------------------------------------------------------------- +plugins: { + ## The etc dir for plugins' config. + ## + ## Value: Folder + etc_dir: "{{ platform_etc_dir }}/plugins/" -## The etc dir for plugins' config. -## -## Value: Folder -plugins.etc_dir = "{{ platform_etc_dir }}/plugins/" + ## The file to store loaded plugin names. + ## + ## Value: File + loaded_file: "{{ platform_data_dir }}/loaded_plugins" -## The file to store loaded plugin names. -## -## Value: File -plugins.loaded_file = "{{ platform_data_dir }}/loaded_plugins" + ## The directory of extension plugins. + ## + ## Value: File + expand_plugins_dir: "{{ platform_plugins_dir }}/" -## The directory of extension plugins. -## -## Value: File -plugins.expand_plugins_dir = "{{ platform_plugins_dir }}/" +} ##-------------------------------------------------------------------- ## Broker ##-------------------------------------------------------------------- +broker: { + ## System interval of publishing $SYS messages. + ## + ## Value: Duration + ## Default: 1m, 1 minute + sys_interval: "1m" -## System interval of publishing $SYS messages. -## -## Value: Duration -## Default: 1m, 1 minute -broker.sys_interval = 1m + ## System heartbeat interval of publishing following heart beat message: + ## - "$SYS/brokers//uptime" + ## - "$SYS/brokers//datetime" + ## + ## Value: Duration + ## Default: 30s + sys_heartbeat: "30s" -## System heartbeat interval of publishing following heart beat message: -## - "$SYS/brokers//uptime" -## - "$SYS/brokers//datetime" -## -## Value: Duration -## Default: 30s -broker.sys_heartbeat = 30s + ## Session locking strategy in a cluster. + ## + ## Value: Enum + ## - local + ## - leader + ## - quorum + ## - all + session_locking_strategy: quorum -## Session locking strategy in a cluster. -## -## Value: Enum -## - local -## - leader -## - quorum -## - all -broker.session_locking_strategy = quorum + ## Dispatch strategy for shared subscription + ## + ## Value: Enum + ## - random + ## - round_robin + ## - sticky + ## - hash # same as hash_clientid + ## - hash_clientid + ## - hash_topic + shared_subscription_strategy: random -## Dispatch strategy for shared subscription -## -## Value: Enum -## - random -## - round_robin -## - sticky -## - hash # same as hash_clientid -## - hash_clientid -## - hash_topic -broker.shared_subscription_strategy = random + ## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages + ## This should allow messages to be dispatched to a different subscriber in + ## the group in case the picked (based on shared_subscription_strategy) one # is offline + ## + ## Value: Enum + ## - true + ## - false + shared_dispatch_ack_enabled: false -## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages -## This should allow messages to be dispatched to a different subscriber in -## the group in case the picked (based on shared_subscription_strategy) one # is offline -## -## Value: Enum -## - true -## - false -broker.shared_dispatch_ack_enabled = false + ## Enable batch clean for deleted routes. + ## + ## Value: Flag + route_batch_clean: off -## Enable batch clean for deleted routes. -## -## Value: Flag -broker.route_batch_clean = off + perf: { + ## Performance toggle for subscribe/unsubscribe wildcard topic. + ## Change this toggle only when there are many wildcard topics. + ## Value: Enum + ## - key: mnesia translational updates with per-key locks. recommended for single node setup. + ## - tab: mnesia translational updates with table lock. recommended for multi-nodes setup. + ## - global: global lock protected updates. recommended for larger cluster. + ## NOTE: when changing from/to 'global' lock, it requires all nodes in the cluster + ## to be stopped before the change. + # route_lock_type: key -## Performance toggle for subscribe/unsubscribe wildcard topic. -## Change this toggle only when there are many wildcard topics. -## Value: Enum -## - key: mnesia translational updates with per-key locks. recommended for single node setup. -## - tab: mnesia translational updates with table lock. recommended for multi-nodes setup. -## - global: global lock protected updates. recommended for larger cluster. -## NOTE: when changing from/to 'global' lock, it requires all nodes in the cluster -## to be stopped before the change. -# broker.perf.route_lock_type = key + ## Enable trie path compaction. + ## Enabling it significantly improves wildcard topic subscribe rate, + ## if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/', + ## where ID is unique per subscriber. + ## + ## Topic match performance (when publishing) may degrade if messages + ## are mostly published to topics with large number of levels. + ## + ## NOTE: This is a cluster-wide configuration. + ## It rquires all nodes to be stopped before changing it. + ## + ## Value: Enum + ## - true: enable trie path compaction + ## - false: disable trie path compaction + # trie_compaction: true + } +} -## Enable trie path compaction. -## Enabling it significantly improves wildcard topic subscribe rate, -## if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/', -## where ID is unique per subscriber. -## -## Topic match performance (when publishing) may degrade if messages -## are mostly published to topics with large number of levels. -## -## NOTE: This is a cluster-wide configuration. -## It rquires all nodes to be stopped before changing it. -## -## Value: Enum -## - true: enable trie path compaction -## - false: disable trie path compaction -# broker.perf.trie_compaction = true +sysmon: { + ## Enable Long GC monitoring. Disable if the value is 0. + ## Notice: don't enable the monitor in production for: + ## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421 + ## + ## Value: Duration + ## - h: hour + ## - m: minute + ## - s: second + ## - ms: milliseconds + ## + ## Examples: + ## - 2h: 2 hours + ## - 30m: 30 minutes + ## - 0.1s: 0.1 seconds + ## - 100ms : 100 milliseconds + ## + ## Default: 0ms + long_gc: 0 -## CONFIG_SECTION_BGN=sys_mon ================================================== + ## Enable Long Schedule(ms) monitoring. + ## + ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 + ## + ## Value: Duration + ## - h: hour + ## - m: minute + ## - s: second + ## - ms: milliseconds + ## + ## Examples: + ## - 2h: 2 hours + ## - 30m: 30 minutes + ## - 100ms: 100 milliseconds + ## + ## Default: 0ms + long_schedule: "240ms" -## Enable Long GC monitoring. Disable if the value is 0. -## Notice: don't enable the monitor in production for: -## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421 -## -## Value: Duration -## - h: hour -## - m: minute -## - s: second -## - ms: milliseconds -## -## Examples: -## - 2h: 2 hours -## - 30m: 30 minutes -## - 0.1s: 0.1 seconds -## - 100ms : 100 milliseconds -## -## Default: 0ms -sysmon.long_gc = 0 + ## Enable Large Heap monitoring. + ## + ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 + ## + ## Value: bytes + ## + ## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM. + large_heap: "8MB" -## Enable Long Schedule(ms) monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: Duration -## - h: hour -## - m: minute -## - s: second -## - ms: milliseconds -## -## Examples: -## - 2h: 2 hours -## - 30m: 30 minutes -## - 100ms: 100 milliseconds -## -## Default: 0ms -sysmon.long_schedule = 240ms + ## Enable Busy Port monitoring. + ## + ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 + ## + ## Value: true | false + busy_port: false -## Enable Large Heap monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: bytes -## -## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM. -sysmon.large_heap = 8MB + ## Enable Busy Dist Port monitoring. + ## + ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 + ## + ## Value: true | false + busy_dist_port: true +} -## Enable Busy Port monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: true | false -sysmon.busy_port = false +os_mon: { + ## The time interval for the periodic cpu check + ## + ## Value: Duration + ## -h: hour, e.g. '2h' for 2 hours + ## -m: minute, e.g. '5m' for 5 minutes + ## -s: second, e.g. '30s' for 30 seconds + ## + ## Default: 60s + cpu_check_interval: "60s" -## Enable Busy Dist Port monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: true | false -sysmon.busy_dist_port = true + ## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set. + ## + ## Default: 80% + cpu_high_watermark: "80%" -## The time interval for the periodic cpu check -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 60s -os_mon.cpu_check_interval = 60s + ## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear. + ## + ## Default: 60% + cpu_low_watermark: "60%" -## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set. -## -## Default: 80% -os_mon.cpu_high_watermark = 80% + ## The time interval for the periodic memory check + ## + ## Value: Duration + ## -h: hour, e.g. '2h' for 2 hours + ## -m: minute, e.g. '5m' for 5 minutes + ## -s: second, e.g. '30s' for 30 seconds + ## + ## Default: 60s + mem_check_interval: "60s" -## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear. -## -## Default: 60% -os_mon.cpu_low_watermark = 60% + ## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set. + ## + ## Default: 70% + sysmem_high_watermark: "70%" -## The time interval for the periodic memory check -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 60s -os_mon.mem_check_interval = 60s + ## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set. + ## + ## Default: 5% + procmem_high_watermark: "5%" -## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set. -## -## Default: 70% -os_mon.sysmem_high_watermark = 70% +} -## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set. -## -## Default: 5% -os_mon.procmem_high_watermark = 5% +vm_mon: { + ## The time interval for the periodic process limit check + ## + ## Value: Duration + ## + ## Default: 30s + check_interval: "30s" -## The time interval for the periodic process limit check -## -## Value: Duration -## -## Default: 30s -vm_mon.check_interval = 30s + ## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set. + ## + ## Default: 80% + process_high_watermark: "80%" -## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set. -## -## Default: 80% -vm_mon.process_high_watermark = 80% + ## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear. + ## + ## Default: 60% + process_low_watermark: "60%" +} -## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear. -## -## Default: 60% -vm_mon.process_low_watermark = 60% +alarm: { + ## Specifies the actions to take when an alarm is activated + ## + ## Value: String + ## - log + ## - publish + ## + ## Default: "log,publish" + actions: "log,publish" -## Specifies the actions to take when an alarm is activated -## -## Value: String -## - log -## - publish -## -## Default: "log,publish" -alarm.actions = "log,publish" + ## The maximum number of deactivated alarms + ## + ## Value: Integer + ## + ## Default: 1000 + size_limit: 1000 -## The maximum number of deactivated alarms -## -## Value: Integer -## -## Default: 1000 -alarm.size_limit = 1000 - -## Validity Period of deactivated alarms -## -## Value: Duration -## - h: hour -## - m: minute -## - s: second -## - ms: milliseconds -## -## Default: 24h -alarm.validity_period = 24h - -## CONFIG_SECTION_END=sys_mon ================================================== + ## Validity Period of deactivated alarms + ## + ## Value: Duration + ## - h: hour + ## - m: minute + ## - s: second + ## - ms: milliseconds + ## + ## Default: 24h + validity_period: "24h" +} diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl index cdc20762e..440dd8117 100644 --- a/apps/emqx/src/emqx_schema.erl +++ b/apps/emqx/src/emqx_schema.erl @@ -54,7 +54,7 @@ -export([includes/0]). structs() -> ["cluster", "node", "rpc", "log", "lager", - "acl", "mqtt", "zone", "listener", "module", "broker", + "acl", "mqtt", "zone", "listener", "broker", "plugins", "sysmon", "os_mon", "vm_mon", "alarm"] ++ includes(). @@ -65,6 +65,12 @@ includes() -> [ "emqx_data_bridge" , "emqx_telemetry" , "emqx_retainer" + , "emqx_statsd" + , "emqx_authn" + , "emqx_authz" + , "emqx_bridge_mqtt" + , "emqx_modules" + , "emqx_management" ]. -endif. @@ -424,12 +430,6 @@ fields("deflate_opts") -> , {"client_max_window_bits", t(integer())} ]; -fields("module") -> - [ {"loaded_file", t(string(), "emqx.modules_loaded_file", undefined)} - , {"presence", ref("presence")} - , {"subscription", ref("subscription")} - , {"rewrite", ref("rewrite")} - ]; fields("presence") -> [ {"qos", t(range(0, 2), undefined, 1)}]; @@ -533,7 +533,6 @@ translation("emqx") -> [ {"flapping_detect_policy", fun tr_flapping_detect_policy/1} , {"zones", fun tr_zones/1} , {"listeners", fun tr_listeners/1} - , {"modules", fun tr_modules/1} , {"sysmon", fun tr_sysmon/1} , {"os_mon", fun tr_os_mon/1} , {"vm_mon", fun tr_vm_mon/1} @@ -827,38 +826,6 @@ tr_listeners(Conf) -> ++ [SslListeners("quic", Name) || Name <- keys("listener.quic", Conf)] ). -tr_modules(Conf) -> - Subscriptions = fun() -> - List = keys("module.subscription", Conf), - TopicList = [{N, conf_get(["module", "subscription", N, "topic"], Conf)}|| N <- List], - [{list_to_binary(T), #{ qos => conf_get("module.subscription." ++ N ++ ".qos", Conf, 0), - nl => conf_get("module.subscription." ++ N ++ ".nl", Conf, 0), - rap => conf_get("module.subscription." ++ N ++ ".rap", Conf, 0), - rh => conf_get("module.subscription." ++ N ++ ".rh", Conf, 0) - }} || {N, T} <- TopicList] - end, - Rewrites = fun() -> - Rules = keys("module.rewrite.rule", Conf), - PubRules = keys("module.rewrite.pub_rule", Conf), - SubRules = keys("module.rewrite.sub_rule", Conf), - TotalRules = - [ {["module", "rewrite", "pub", "rule", R], conf_get(["module.rewrite.rule", R], Conf)} || R <- Rules] ++ - [ {["module", "rewrite", "pub", "rule", R], conf_get(["module.rewrite.pub_rule", R], Conf)} || R <- PubRules] ++ - [ {["module", "rewrite", "sub", "rule", R], conf_get(["module.rewrite.rule", R], Conf)} || R <- Rules] ++ - [ {["module", "rewrite", "sub", "rule", R], conf_get(["module.rewrite.sub_rule", R], Conf)} || R <- SubRules], - lists:map(fun({[_, "rewrite", PubOrSub, "rule", _], Rule}) -> - [Topic, Re, Dest] = string:tokens(Rule, " "), - {rewrite, list_to_atom(PubOrSub), list_to_binary(Topic), list_to_binary(Re), list_to_binary(Dest)} - end, TotalRules) - end, - lists:append([ - [{emqx_mod_presence, [{qos, conf_get("module.presence.qos", Conf, 1)}]}], - [{emqx_mod_subscription, Subscriptions()}], - [{emqx_mod_rewrite, Rewrites()}], - [{emqx_mod_topic_metrics, []}], - [{emqx_mod_delayed, []}] - ]). - tr_sysmon(Conf) -> Keys = maps:to_list(conf_get("sysmon", Conf, #{})), [{binary_to_atom(K, utf8), maps:get(value, V)} || {K, V} <- Keys].