diff --git a/etc/emq.conf b/etc/emq.conf index a5ca15d9c..3bcadfaf8 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -236,10 +236,18 @@ node.crash_dump = {{ platform_log_dir }}/crash.dump ## Value: Enum ## - inet_tcp: the default; handles TCP streams with IPv4 addressing. ## - inet6_tcp: handles TCP with IPv6 addressing. +## - inet_tls: using TLS for Erlang Distribution. ## ## vm.args: -proto_dist inet_tcp node.proto_dist = inet_tcp +## Specify SSL Options in the file if using SSL for Erlang Distribution. +## +## Value: File +## +## vm.args: -ssl_dist_optfile +## node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf + ## Sets the net_kernel tick time. TickTime is specified in seconds. ## Notice that all communicating nodes are to have the same TickTime ## value specified. @@ -696,7 +704,7 @@ listener.tcp.external.send_timeout_close = on ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## Value: on | off -listener.tcp.external.tune_buffer = on +## listener.tcp.external.tune_buffer = off ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are ## sent immediately if the option is enabled. @@ -775,28 +783,28 @@ listener.tcp.external.send_timeout_close = on ## See: listener.tcp..recbuf ## ## Value: Bytes -listener.tcp.internal.recbuf = 16KB +## listener.tcp.internal.recbuf = 16KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes -listener.tcp.internal.sndbuf = 16KB +## listener.tcp.internal.sndbuf = 16KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp..buffer ## ## Value: Bytes -listener.tcp.internal.buffer = 16KB +## listener.tcp.internal.buffer = 16KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.tcp..tune_buffer ## ## Value: on | off -listener.tcp.internal.tune_buffer = on +## listener.tcp.internal.tune_buffer = off ## The TCP_NODELAY flag for internal MQTT connections. ## @@ -1030,7 +1038,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## See: listener.tcp..tune_buffer ## ## Value: on | off -## listener.ssl.external.tune_buffer = on +## listener.ssl.external.tune_buffer = off ## The TCP_NODELAY flag for SSL connections. ## @@ -1158,7 +1166,7 @@ listener.ws.external.send_timeout_close = on ## See: listener.tcp..tune_buffer ## ## Value: on | off -listener.ws.external.tune_buffer = on +## listener.ws.external.tune_buffer = off ## The TCP_NODELAY flag for external MQTT/WebSocket connections. ## diff --git a/etc/ssl_dist.conf b/etc/ssl_dist.conf new file mode 100644 index 000000000..acdf0aa67 --- /dev/null +++ b/etc/ssl_dist.conf @@ -0,0 +1,11 @@ +%% The options in the {server, Opts} tuple are used when calling ssl:ssl_accept/3, +%% and the options in the {client, Opts} tuple are used when calling ssl:connect/4. +%% +%% More information at: http://erlang.org/doc/apps/ssl/ssl_distribution.html +[{server, + [{certfile, "{{ platform_etc_dir }}/certs/cert.pem"}, + {keyfile, "{{ platform_etc_dir }}/certs/key.pem"}, + {secure_renegotiate, true}, + {depth, 0}]}, + {client, + [{secure_renegotiate, true}]}]. diff --git a/priv/emq.schema b/priv/emq.schema index 8c1e64a9f..169445005 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -170,7 +170,15 @@ end}. %% @doc The erlang distributed protocol {mapping, "node.proto_dist", "vm_args.-proto_dist", [ - %%{default, "inet_tcp"} + {default, "inet_tcp"}, + {datatype, {enum, [inet_tcp, inet6_tcp, inet_tls]}}, + hidden +]}. + +%% @doc Specify SSL Options in the file if using SSL for erlang distribution +{mapping, "node.ssl_dist_optfile", "vm_args.-ssl_dist_optfile", [ + {datatype, string}, + hidden ]}. %% @doc Secret cookie for distributed erlang node diff --git a/src/emqttd.app.src b/src/emqttd.app.src index c1291446a..fbbc9fd6a 100644 --- a/src/emqttd.app.src +++ b/src/emqttd.app.src @@ -1,6 +1,6 @@ {application,emqttd, [{description,"Erlang MQTT Broker"}, - {vsn,"2.3.4"}, + {vsn,"2.3.5"}, {modules,[]}, {registered,[emqttd_sup]}, {applications,[kernel,stdlib,gproc,lager,esockd,mochiweb,