chore: increase line width to 120
and fix bad formats from erlfmt
This commit is contained in:
parent
f9bad0412b
commit
7a9ad86574
|
@ -118,13 +118,11 @@ roots(high) ->
|
||||||
map("name", ref("zone")),
|
map("name", ref("zone")),
|
||||||
#{
|
#{
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"A zone is a set of configs grouped by the zone <code>name</code>.<br>\n"
|
"A zone is a set of configs grouped by the zone <code>name</code>.<br>\n"
|
||||||
"For flexible configuration mapping, the <code>name</code>\n"
|
"For flexible configuration mapping, the <code>name</code>\n"
|
||||||
"can be set to a listener's <code>zone</code> config.<br>\n"
|
"can be set to a listener's <code>zone</code> config.<br>\n"
|
||||||
"NOTE: A built-in zone named <code>default</code> is auto created\n"
|
"NOTE: A built-in zone named <code>default</code> is auto created\n"
|
||||||
"and can not be deleted."
|
"and can not be deleted."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"mqtt",
|
{"mqtt",
|
||||||
|
@ -132,16 +130,13 @@ roots(high) ->
|
||||||
ref("mqtt"),
|
ref("mqtt"),
|
||||||
#{
|
#{
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Global MQTT configuration.<br>\n"
|
"Global MQTT configuration.<br>\n"
|
||||||
"The configs here work as default values which can be overridden\n"
|
"The configs here work as default values which can be overridden\n"
|
||||||
"in <code>zone</code> configs"
|
"in <code>zone</code> configs"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME,
|
{?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME,
|
||||||
authentication(
|
authentication(
|
||||||
""
|
|
||||||
"Default authentication configs for all MQTT listeners.\n"
|
"Default authentication configs for all MQTT listeners.\n"
|
||||||
"<br>\n"
|
"<br>\n"
|
||||||
"For per-listener overrides see <code>authentication</code>\n"
|
"For per-listener overrides see <code>authentication</code>\n"
|
||||||
|
@ -161,7 +156,6 @@ roots(high) ->
|
||||||
"per the configured order, until an 'allow' or 'deny' decision can be made.\n"
|
"per the configured order, until an 'allow' or 'deny' decision can be made.\n"
|
||||||
"<br>\n"
|
"<br>\n"
|
||||||
"If there is no decision after a full chain exhaustion, the login is rejected.\n"
|
"If there is no decision after a full chain exhaustion, the login is rejected.\n"
|
||||||
""
|
|
||||||
)},
|
)},
|
||||||
%% NOTE: authorization schema here is only to keep emqx app prue
|
%% NOTE: authorization schema here is only to keep emqx app prue
|
||||||
%% the full schema for EMQX node is injected in emqx_conf_schema.
|
%% the full schema for EMQX node is injected in emqx_conf_schema.
|
||||||
|
@ -253,10 +247,7 @@ roots(low) ->
|
||||||
ref("trace"),
|
ref("trace"),
|
||||||
#{
|
#{
|
||||||
desc =>
|
desc =>
|
||||||
""
|
"Real-time filtering logs for the ClientID or Topic or IP for debugging."
|
||||||
"\n"
|
|
||||||
"Real-time filtering logs for the ClientID or Topic or IP for debugging.\n"
|
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
].
|
].
|
||||||
|
@ -268,13 +259,10 @@ fields("persistent_session_store") ->
|
||||||
boolean(),
|
boolean(),
|
||||||
#{
|
#{
|
||||||
default => false,
|
default => false,
|
||||||
description =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"Use the database to store information about persistent sessions.\n"
|
"Use the database to store information about persistent sessions.\n"
|
||||||
"This makes it possible to migrate a client connection to another\n"
|
"This makes it possible to migrate a client connection to another\n"
|
||||||
"cluster node if a node is stopped.\n"
|
"cluster node if a node is stopped.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"storage_type",
|
{"storage_type",
|
||||||
|
@ -282,15 +270,12 @@ fields("persistent_session_store") ->
|
||||||
hoconsc:union([ram, disc]),
|
hoconsc:union([ram, disc]),
|
||||||
#{
|
#{
|
||||||
default => disc,
|
default => disc,
|
||||||
description =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"Store information about persistent sessions on disc or in ram.\n"
|
"Store information about persistent sessions on disc or in ram.\n"
|
||||||
"If ram is chosen, all information about persistent sessions remains\n"
|
"If ram is chosen, all information about persistent sessions remains\n"
|
||||||
"as long as at least one node in a cluster is alive to keep the information.\n"
|
"as long as at least one node in a cluster is alive to keep the information.\n"
|
||||||
"If disc is chosen, the information is persisted on disc and will survive\n"
|
"If disc is chosen, the information is persisted on disc and will survive\n"
|
||||||
"cluster restart, at the price of more disc usage and less throughput.\n"
|
"cluster restart, at the price of more disc usage and less throughput.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"max_retain_undelivered",
|
{"max_retain_undelivered",
|
||||||
|
@ -298,13 +283,10 @@ fields("persistent_session_store") ->
|
||||||
duration(),
|
duration(),
|
||||||
#{
|
#{
|
||||||
default => "1h",
|
default => "1h",
|
||||||
description =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"The time messages that was not delivered to a persistent session\n"
|
"The time messages that was not delivered to a persistent session\n"
|
||||||
"is stored before being garbage collected if the node the previous\n"
|
"is stored before being garbage collected if the node the previous\n"
|
||||||
"session was handled on restarts of is stopped.\n"
|
"session was handled on restarts of is stopped.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"message_gc_interval",
|
{"message_gc_interval",
|
||||||
|
@ -312,13 +294,10 @@ fields("persistent_session_store") ->
|
||||||
duration(),
|
duration(),
|
||||||
#{
|
#{
|
||||||
default => "1h",
|
default => "1h",
|
||||||
description =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"The starting interval for garbage collection of undelivered messages to\n"
|
"The starting interval for garbage collection of undelivered messages to\n"
|
||||||
"a persistent session. This affects how often the \"max_retain_undelivered\"\n"
|
"a persistent session. This affects how often the \"max_retain_undelivered\"\n"
|
||||||
"is checked for removal.\n"
|
"is checked for removal.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"session_message_gc_interval",
|
{"session_message_gc_interval",
|
||||||
|
@ -326,13 +305,10 @@ fields("persistent_session_store") ->
|
||||||
duration(),
|
duration(),
|
||||||
#{
|
#{
|
||||||
default => "1m",
|
default => "1m",
|
||||||
description =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"The starting interval for garbage collection of transient data for\n"
|
"The starting interval for garbage collection of transient data for\n"
|
||||||
"persistent session messages. This does not affect the life time length\n"
|
"persistent session messages. This does not affect the life time length\n"
|
||||||
"of persistent session messages.\n"
|
"of persistent session messages.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
];
|
];
|
||||||
|
@ -402,10 +378,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => "15s",
|
default => "15s",
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Close TCP connections from the clients that have not sent MQTT CONNECT\n"
|
"Close TCP connections from the clients that have not sent MQTT CONNECT\n"
|
||||||
"message within this interval."
|
"message within this interval."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"max_packet_size",
|
{"max_packet_size",
|
||||||
|
@ -498,10 +472,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => "",
|
default => "",
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Specify the response information returned to the client\n"
|
"Specify the response information returned to the client\n"
|
||||||
"This feature is disabled if is set to \"\"."
|
"This feature is disabled if is set to \"\"."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"server_keepalive",
|
{"server_keepalive",
|
||||||
|
@ -510,11 +482,9 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => disabled,
|
default => disabled,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"'Server Keep Alive' of MQTT 5.0.\n"
|
"'Server Keep Alive' of MQTT 5.0.\n"
|
||||||
"If the server returns a 'Server Keep Alive' in the CONNACK packet,\n"
|
"If the server returns a 'Server Keep Alive' in the CONNACK packet,\n"
|
||||||
"the client MUST use that value instead of the value it sent as the 'Keep Alive'."
|
"the client MUST use that value instead of the value it sent as the 'Keep Alive'."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"keepalive_backoff",
|
{"keepalive_backoff",
|
||||||
|
@ -523,10 +493,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => 0.75,
|
default => 0.75,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"The backoff for MQTT keepalive timeout. The broker will close the connection\n"
|
"The backoff for MQTT keepalive timeout. The broker will close the connection\n"
|
||||||
"after idling for 'Keepalive * backoff * 2'."
|
"after idling for 'Keepalive * backoff * 2'."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"max_subscriptions",
|
{"max_subscriptions",
|
||||||
|
@ -551,8 +519,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => 32,
|
default => 32,
|
||||||
desc =>
|
desc =>
|
||||||
"Maximum size of the Inflight Window storing QoS1/2"
|
"Maximum size of the Inflight Window storing QoS1/2 "
|
||||||
" messages delivered but un-acked."
|
"messages delivered but un-acked."
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"retry_interval",
|
{"retry_interval",
|
||||||
|
@ -577,8 +545,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => "300s",
|
default => "300s",
|
||||||
desc =>
|
desc =>
|
||||||
"The QoS2 messages (Client -> Broker) will be dropped"
|
"The QoS2 messages (Client -> Broker) will be dropped "
|
||||||
" if awaiting PUBREL timeout."
|
"if awaiting PUBREL timeout."
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"session_expiry_interval",
|
{"session_expiry_interval",
|
||||||
|
@ -595,10 +563,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => 1000,
|
default => 1000,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Maximum queue length. Enqueued messages when persistent client disconnected,\n"
|
"Maximum queue length. Enqueued messages when persistent client disconnected,\n"
|
||||||
"or inflight window is full."
|
"or inflight window is full."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"mqueue_priorities",
|
{"mqueue_priorities",
|
||||||
|
@ -607,7 +573,6 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => disabled,
|
default => disabled,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Topic priorities.<br>\n"
|
"Topic priorities.<br>\n"
|
||||||
"There's no priority table by default, hence all messages are treated equal.<br>\n"
|
"There's no priority table by default, hence all messages are treated equal.<br>\n"
|
||||||
"Priority number [1-255]<br>\n"
|
"Priority number [1-255]<br>\n"
|
||||||
|
@ -620,7 +585,6 @@ fields("mqtt") ->
|
||||||
"**Examples**:\n"
|
"**Examples**:\n"
|
||||||
"To configure <code>\"topic/1\" > \"topic/2\"</code>:<br/>\n"
|
"To configure <code>\"topic/1\" > \"topic/2\"</code>:<br/>\n"
|
||||||
"<code>mqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}</code>"
|
"<code>mqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}</code>"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"mqueue_default_priority",
|
{"mqueue_default_priority",
|
||||||
|
@ -654,10 +618,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => disabled,
|
default => disabled,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Use the CN, DN or CRT field from the client certificate as a username.\n"
|
"Use the CN, DN or CRT field from the client certificate as a username.\n"
|
||||||
"Only works for the TLS connection."
|
"Only works for the TLS connection."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"peer_cert_as_clientid",
|
{"peer_cert_as_clientid",
|
||||||
|
@ -666,10 +628,8 @@ fields("mqtt") ->
|
||||||
#{
|
#{
|
||||||
default => disabled,
|
default => disabled,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Use the CN, DN or CRT field from the client certificate as a clientid.\n"
|
"Use the CN, DN or CRT field from the client certificate as a clientid.\n"
|
||||||
"Only works for the TLS connection."
|
"Only works for the TLS connection."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
];
|
];
|
||||||
|
@ -1184,7 +1144,6 @@ fields("sys_topics") ->
|
||||||
ref("event_names"),
|
ref("event_names"),
|
||||||
#{
|
#{
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Whether to enable Client lifecycle event messages publish.<br/>\n"
|
"Whether to enable Client lifecycle event messages publish.<br/>\n"
|
||||||
"The following options are not only for enabling MQTT client event messages\n"
|
"The following options are not only for enabling MQTT client event messages\n"
|
||||||
"publish but also for Gateway clients. However, these kinds of clients type\n"
|
"publish but also for Gateway clients. However, these kinds of clients type\n"
|
||||||
|
@ -1193,7 +1152,6 @@ fields("sys_topics") ->
|
||||||
" <code>$SYS/broker/<node>/clients/<clientid>/<event></code><br/>\n"
|
" <code>$SYS/broker/<node>/clients/<clientid>/<event></code><br/>\n"
|
||||||
"- For the Gateway client, it is\n"
|
"- For the Gateway client, it is\n"
|
||||||
" <code>$SYS/broker/<node>/gateway/<gateway-name>/clients/<clientid>/<event></code>"
|
" <code>$SYS/broker/<node>/gateway/<gateway-name>/clients/<clientid>/<event></code>"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
];
|
];
|
||||||
|
@ -1415,14 +1373,14 @@ fields("alarm") ->
|
||||||
validator => fun ?MODULE:validate_alarm_actions/1,
|
validator => fun ?MODULE:validate_alarm_actions/1,
|
||||||
example => [log, publish],
|
example => [log, publish],
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"The actions triggered when the alarm is activated.<br/>\n"
|
"The actions triggered when the alarm is activated.<br/>\n"
|
||||||
"Currently, the following actions are supported: <code>log</code> and <code>publish</code>.\n"
|
"Currently, the following actions are supported: <code>log</code> and "
|
||||||
|
"<code>publish</code>.\n"
|
||||||
"<code>log</code> is to write the alarm to log (console or file).\n"
|
"<code>log</code> is to write the alarm to log (console or file).\n"
|
||||||
"<code>publish</code> is to publish the alarm as an MQTT message to the system topics:\n"
|
"<code>publish</code> is to publish the alarm as an MQTT message to "
|
||||||
|
"the system topics:\n"
|
||||||
"<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate</code> and\n"
|
"<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate</code> and\n"
|
||||||
"<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate</code>"
|
"<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate</code>"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"size_limit",
|
{"size_limit",
|
||||||
|
@ -1432,10 +1390,9 @@ fields("alarm") ->
|
||||||
default => 1000,
|
default => 1000,
|
||||||
example => 1000,
|
example => 1000,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"The maximum total number of deactivated alarms to keep as history.<br>\n"
|
"The maximum total number of deactivated alarms to keep as history.<br>\n"
|
||||||
"When this limit is exceeded, the oldest deactivated alarms are deleted to cap the total number.\n"
|
"When this limit is exceeded, the oldest deactivated alarms are "
|
||||||
""
|
"deleted to cap the total number.\n"
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"validity_period",
|
{"validity_period",
|
||||||
|
@ -1458,15 +1415,12 @@ fields("trace") ->
|
||||||
sc(hoconsc:enum([hex, text, hidden]), #{
|
sc(hoconsc:enum([hex, text, hidden]), #{
|
||||||
default => text,
|
default => text,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"Determine the format of the payload format in the trace file.<br>\n"
|
"Determine the format of the payload format in the trace file.<br>\n"
|
||||||
"`text`: Text-based protocol or plain text protocol.\n"
|
"`text`: Text-based protocol or plain text protocol.\n"
|
||||||
" It is recommended when payload is JSON encoded.<br>\n"
|
" It is recommended when payload is JSON encoded.<br>\n"
|
||||||
"`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.<br>\n"
|
"`hex`: Binary hexadecimal encode. It is recommended when payload is "
|
||||||
|
"a custom binary protocol.<br>\n"
|
||||||
"`hidden`: payload is obfuscated as `******`\n"
|
"`hidden`: payload is obfuscated as `******`\n"
|
||||||
" "
|
|
||||||
""
|
|
||||||
})}
|
})}
|
||||||
].
|
].
|
||||||
|
|
||||||
|
@ -1565,7 +1519,6 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
default => D("cacertfile"),
|
default => D("cacertfile"),
|
||||||
required => false,
|
required => false,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Trusted PEM format CA certificates bundle file.<br>\n"
|
"Trusted PEM format CA certificates bundle file.<br>\n"
|
||||||
"The certificates in this file are used to verify the TLS peer's certificates.\n"
|
"The certificates in this file are used to verify the TLS peer's certificates.\n"
|
||||||
"Append new certificates to the file if new CAs are to be trusted.\n"
|
"Append new certificates to the file if new CAs are to be trusted.\n"
|
||||||
|
@ -1573,7 +1526,6 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
"the system regularly checks if file has been updated (and reload).<br>\n"
|
"the system regularly checks if file has been updated (and reload).<br>\n"
|
||||||
"NOTE: invalidating (deleting) a certificate from the file will not affect\n"
|
"NOTE: invalidating (deleting) a certificate from the file will not affect\n"
|
||||||
"already established connections.\n"
|
"already established connections.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"certfile",
|
{"certfile",
|
||||||
|
@ -1583,14 +1535,12 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
default => D("certfile"),
|
default => D("certfile"),
|
||||||
required => false,
|
required => false,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"PEM format certificates chain file.<br>\n"
|
"PEM format certificates chain file.<br>\n"
|
||||||
"The certificates in this file should be in reversed order of the certificate\n"
|
"The certificates in this file should be in reversed order of the certificate\n"
|
||||||
"issue chain. That is, the host's certificate should be placed in the beginning\n"
|
"issue chain. That is, the host's certificate should be placed in the beginning\n"
|
||||||
"of the file, followed by the immediate issuer certificate and so on.\n"
|
"of the file, followed by the immediate issuer certificate and so on.\n"
|
||||||
"Although the root CA certificate is optional, it should be placed at the end of\n"
|
"Although the root CA certificate is optional, it should be placed at the end of\n"
|
||||||
"the file if it is to be added.\n"
|
"the file if it is to be added.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"keyfile",
|
{"keyfile",
|
||||||
|
@ -1600,7 +1550,7 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
default => D("keyfile"),
|
default => D("keyfile"),
|
||||||
required => false,
|
required => false,
|
||||||
desc =>
|
desc =>
|
||||||
"" "PEM format private key file.<br>\n" ""
|
"PEM format private key file.<br>\n"
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"verify",
|
{"verify",
|
||||||
|
@ -1625,10 +1575,8 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
sensitive => true,
|
sensitive => true,
|
||||||
required => false,
|
required => false,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"String containing the user's password. Only used if the private\n"
|
"String containing the user's password. Only used if the private\n"
|
||||||
"key file is password-protected."
|
"key file is password-protected."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"versions",
|
{"versions",
|
||||||
|
@ -1637,12 +1585,10 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
#{
|
#{
|
||||||
default => default_tls_vsns(maps:get(versions, Defaults, tls_all_available)),
|
default => default_tls_vsns(maps:get(versions, Defaults, tls_all_available)),
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"All TLS/DTLS versions to be supported.<br>\n"
|
"All TLS/DTLS versions to be supported.<br>\n"
|
||||||
"NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br>\n"
|
"NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br>\n"
|
||||||
"In case PSK cipher suites are intended, make sure to configured\n"
|
"In case PSK cipher suites are intended, make sure to configured\n"
|
||||||
"<code>['tlsv1.2', 'tlsv1.1']</code> here.\n"
|
"<code>['tlsv1.2', 'tlsv1.1']</code> here.\n",
|
||||||
"",
|
|
||||||
validator => fun validate_tls_versions/1
|
validator => fun validate_tls_versions/1
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
|
@ -1661,13 +1607,10 @@ common_ssl_opts_schema(Defaults) ->
|
||||||
#{
|
#{
|
||||||
default => Df("secure_renegotiate", true),
|
default => Df("secure_renegotiate", true),
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"SSL parameter renegotiation is a feature that allows a client and a server\n"
|
"SSL parameter renegotiation is a feature that allows a client and a server\n"
|
||||||
"to renegotiate the parameters of the SSL connection on the fly.\n"
|
"to renegotiate the parameters of the SSL connection on the fly.\n"
|
||||||
"RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\n"
|
"RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\n"
|
||||||
"you drop support for the insecure renegotiation, prone to MitM attacks.\n"
|
"you drop support for the insecure renegotiation, prone to MitM attacks.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
].
|
].
|
||||||
|
@ -1687,13 +1630,11 @@ server_ssl_opts_schema(Defaults, IsRanchListener) ->
|
||||||
default => D("dhfile"),
|
default => D("dhfile"),
|
||||||
required => false,
|
required => false,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Path to a file containing PEM-encoded Diffie Hellman parameters\n"
|
"Path to a file containing PEM-encoded Diffie Hellman parameters\n"
|
||||||
"to be used by the server if a cipher suite using Diffie Hellman\n"
|
"to be used by the server if a cipher suite using Diffie Hellman\n"
|
||||||
"key exchange is negotiated. If not specified, default parameters\n"
|
"key exchange is negotiated. If not specified, default parameters\n"
|
||||||
"are used.<br>\n"
|
"are used.<br>\n"
|
||||||
"NOTE: The <code>dhfile</code> option is not supported by TLS 1.3."
|
"NOTE: The <code>dhfile</code> option is not supported by TLS 1.3."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"fail_if_no_peer_cert",
|
{"fail_if_no_peer_cert",
|
||||||
|
@ -1702,14 +1643,11 @@ server_ssl_opts_schema(Defaults, IsRanchListener) ->
|
||||||
#{
|
#{
|
||||||
default => Df("fail_if_no_peer_cert", false),
|
default => Df("fail_if_no_peer_cert", false),
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"Used together with {verify, verify_peer} by an TLS/DTLS server.\n"
|
"Used together with {verify, verify_peer} by an TLS/DTLS server.\n"
|
||||||
"If set to true, the server fails if the client does not have a\n"
|
"If set to true, the server fails if the client does not have a\n"
|
||||||
"certificate to send, that is, sends an empty certificate.\n"
|
"certificate to send, that is, sends an empty certificate.\n"
|
||||||
"If set to false, it fails only if the client sends an invalid\n"
|
"If set to false, it fails only if the client sends an invalid\n"
|
||||||
"certificate (an empty certificate is considered valid).\n"
|
"certificate (an empty certificate is considered valid).\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)},
|
)},
|
||||||
{"honor_cipher_order",
|
{"honor_cipher_order",
|
||||||
|
@ -1723,17 +1661,16 @@ server_ssl_opts_schema(Defaults, IsRanchListener) ->
|
||||||
#{
|
#{
|
||||||
default => Df("client_renegotiation", true),
|
default => Df("client_renegotiation", true),
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"\n"
|
|
||||||
"In protocols that support client-initiated renegotiation,\n"
|
"In protocols that support client-initiated renegotiation,\n"
|
||||||
"the cost of resources of such an operation is higher for the server than the client.\n"
|
"the cost of resources of such an operation is higher for the "
|
||||||
|
"server than the client.\n"
|
||||||
"This can act as a vector for denial of service attacks.\n"
|
"This can act as a vector for denial of service attacks.\n"
|
||||||
"The SSL application already takes measures to counter-act such attempts,\n"
|
"The SSL application already takes measures to counter-act such attempts,\n"
|
||||||
"but client-initiated renegotiation can be strictly disabled by setting this option to false.\n"
|
"but client-initiated renegotiation can be strictly disabled by setting "
|
||||||
|
"this option to false.\n"
|
||||||
"The default value is true. Note that disabling renegotiation can result in\n"
|
"The default value is true. Note that disabling renegotiation can result in\n"
|
||||||
"long-lived connections becoming unusable due to limits on\n"
|
"long-lived connections becoming unusable due to limits on\n"
|
||||||
"the number of messages the underlying cipher suite can encipher.\n"
|
"the number of messages the underlying cipher suite can encipher.\n"
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
| [
|
| [
|
||||||
|
@ -1760,7 +1697,6 @@ client_ssl_opts_schema(Defaults) ->
|
||||||
#{
|
#{
|
||||||
required => false,
|
required => false,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"Specify the host name to be used in TLS Server Name Indication extension.<br>\n"
|
"Specify the host name to be used in TLS Server Name Indication extension.<br>\n"
|
||||||
"For instance, when connecting to \"server.example.net\", the genuine server\n"
|
"For instance, when connecting to \"server.example.net\", the genuine server\n"
|
||||||
"which accepts the connection and performs TLS handshake may differ from the\n"
|
"which accepts the connection and performs TLS handshake may differ from the\n"
|
||||||
|
@ -1772,7 +1708,6 @@ client_ssl_opts_schema(Defaults) ->
|
||||||
"certificate.<br> The special value 'disable' prevents the Server Name\n"
|
"certificate.<br> The special value 'disable' prevents the Server Name\n"
|
||||||
"Indication extension from being sent and disables the hostname\n"
|
"Indication extension from being sent and disables the hostname\n"
|
||||||
"verification check."
|
"verification check."
|
||||||
""
|
|
||||||
}
|
}
|
||||||
)}
|
)}
|
||||||
].
|
].
|
||||||
|
@ -1802,7 +1737,6 @@ ciphers_schema(Default) ->
|
||||||
false -> fun validate_ciphers/1
|
false -> fun validate_ciphers/1
|
||||||
end,
|
end,
|
||||||
desc =>
|
desc =>
|
||||||
""
|
|
||||||
"This config holds TLS cipher suite names separated by comma,\n"
|
"This config holds TLS cipher suite names separated by comma,\n"
|
||||||
"or as an array of strings. e.g.\n"
|
"or as an array of strings. e.g.\n"
|
||||||
"<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n"
|
"<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n"
|
||||||
|
@ -1885,12 +1819,12 @@ ref(Module, Field) -> hoconsc:ref(Module, Field).
|
||||||
mk_duration(Desc, OverrideMeta) ->
|
mk_duration(Desc, OverrideMeta) ->
|
||||||
DefaultMeta = #{
|
DefaultMeta = #{
|
||||||
desc => Desc ++
|
desc => Desc ++
|
||||||
" time span. A text string with number followed by time units:\n"
|
"time span. A text string with number followed by time units:\n"
|
||||||
" `ms` for milliseconds,\n"
|
"- `ms` for milliseconds,\n"
|
||||||
" `s` for seconds,\n"
|
"- `s` for seconds,\n"
|
||||||
" `m` for minutes,\n"
|
"- `m` for minutes,\n"
|
||||||
" `h` for hours;\n"
|
"- `h` for hours;\n"
|
||||||
" or combined representation like `1h5m0s`"
|
"or combined representation like `1h5m0s`"
|
||||||
},
|
},
|
||||||
hoconsc:mk(typerefl:alias("string", duration()), maps:merge(DefaultMeta, OverrideMeta)).
|
hoconsc:mk(typerefl:alias("string", duration()), maps:merge(DefaultMeta, OverrideMeta)).
|
||||||
|
|
||||||
|
@ -2070,12 +2004,10 @@ authentication(Desc) ->
|
||||||
end,
|
end,
|
||||||
desc => iolist_to_binary([
|
desc => iolist_to_binary([
|
||||||
Desc,
|
Desc,
|
||||||
""
|
"Authentication can be one single authenticator instance or a chain of "
|
||||||
"\n"
|
"authenticators as an array.\n"
|
||||||
"Authentication can be one single authenticator instance or a chain of authenticators as an array.\n"
|
"When authenticating a login (username, client ID, etc.) "
|
||||||
"When authenticating a login (username, client ID, etc.) the authenticators are checked\n"
|
"the authenticators are checked in the configured order.<br>\n"
|
||||||
"in the configured order.<br>\n"
|
|
||||||
""
|
|
||||||
])
|
])
|
||||||
}.
|
}.
|
||||||
|
|
||||||
|
|
|
@ -36,8 +36,8 @@ node {
|
||||||
Another equivalent representation is flat, such as
|
Another equivalent representation is flat, such as
|
||||||
|
|
||||||
```
|
```
|
||||||
node.name="127.0.0.1"
|
node.name = "127.0.0.1"
|
||||||
node.cookie="mysecret"
|
node.cookie = "mysecret"
|
||||||
```
|
```
|
||||||
|
|
||||||
This flat format is almost backward compatible with EMQX's config file format
|
This flat format is almost backward compatible with EMQX's config file format
|
||||||
|
@ -46,10 +46,10 @@ in 4.x series (the so called 'cuttlefish' format).
|
||||||
It is 'almost' compatible because the often HOCON requires strings to be quoted,
|
It is 'almost' compatible because the often HOCON requires strings to be quoted,
|
||||||
while cuttlefish treats all characters to the right of the `=` mark as the value.
|
while cuttlefish treats all characters to the right of the `=` mark as the value.
|
||||||
|
|
||||||
e.g. cuttlefish: `node.name = emqx@127.0.0.1`, HOCON: `node.name = "emqx@127.0.0.1"`
|
e.g. cuttlefish: `node.name = emqx@127.0.0.1`, HOCON: `node.name = "emqx@127.0.0.1"`.
|
||||||
|
|
||||||
Strings without special characters in them can be unquoted in HOCON too,
|
Strings without special characters in them can be unquoted in HOCON too,
|
||||||
e.g. `foo`, `foo_bar`, `foo_bar_1`:
|
e.g. `foo`, `foo_bar` and `foo_bar_1`.
|
||||||
|
|
||||||
For more HOCON syntax, please refer to the [specification](https://github.com/lightbend/config/blob/main/HOCON.md)
|
For more HOCON syntax, please refer to the [specification](https://github.com/lightbend/config/blob/main/HOCON.md)
|
||||||
|
|
||||||
|
@ -103,9 +103,9 @@ For Array elements, 1-based index is used.
|
||||||
below are some examples
|
below are some examples
|
||||||
|
|
||||||
```
|
```
|
||||||
node.name="emqx.127.0.0.1"
|
node.name = "emqx.127.0.0.1"
|
||||||
zone.zone1.max_packet_size="10M"
|
zone.zone1.max_packet_size = "10M"
|
||||||
authentication.1.enable=true
|
authentication.1.enable = true
|
||||||
```
|
```
|
||||||
|
|
||||||
### Environment variables
|
### Environment variables
|
||||||
|
|
|
@ -21,13 +21,16 @@
|
||||||
{right, "||"},
|
{right, "||"},
|
||||||
{left, "||"}]}},
|
{left, "||"}]}},
|
||||||
{elvis_style, dont_repeat_yourself, #{ min_complexity => 20 }},
|
{elvis_style, dont_repeat_yourself, #{ min_complexity => 20 }},
|
||||||
{elvis_style, god_modules, #{limit => 100}}
|
{elvis_style, god_modules, #{limit => 100}},
|
||||||
|
{elvis_text_style, line_length, #{ limit => 120 % trust erlfmt
|
||||||
|
, skip_comments => false
|
||||||
|
}}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
#{dirs => ["test", "apps/**/test"],
|
#{dirs => ["test", "apps/**/test"],
|
||||||
filter => "*.erl",
|
filter => "*.erl",
|
||||||
rules => [
|
rules => [
|
||||||
{elvis_text_style, line_length, #{ limit => 100
|
{elvis_text_style, line_length, #{ limit => 120
|
||||||
, skip_comments => false
|
, skip_comments => false
|
||||||
}},
|
}},
|
||||||
{elvis_style, dont_repeat_yourself, #{ min_complexity => 100 }},
|
{elvis_style, dont_repeat_yourself, #{ min_complexity => 100 }},
|
||||||
|
|
Loading…
Reference in New Issue