From 79902be40e53ac2e3146870bda5f81289670bdec Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Fri, 16 Feb 2018 18:40:03 +0800 Subject: [PATCH 1/7] Fix issue #1492 - add 'node.ssl_dist_optfile' to support ssl distributation --- etc/emq.conf | 8 ++++++++ priv/emq.schema | 10 +++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/etc/emq.conf b/etc/emq.conf index a5ca15d9c..3eddac216 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -236,10 +236,18 @@ node.crash_dump = {{ platform_log_dir }}/crash.dump ## Value: Enum ## - inet_tcp: the default; handles TCP streams with IPv4 addressing. ## - inet6_tcp: handles TCP with IPv6 addressing. +## - inet_ssl: using SSL for Erlang Distribution. ## ## vm.args: -proto_dist inet_tcp node.proto_dist = inet_tcp +## Specify SSL Options in the file if using SSL for Erlang Distribution. +## +## Value: File +## +## vm.args: -ssl_dist_optfile +node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf + ## Sets the net_kernel tick time. TickTime is specified in seconds. ## Notice that all communicating nodes are to have the same TickTime ## value specified. diff --git a/priv/emq.schema b/priv/emq.schema index 8c1e64a9f..969e803ba 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -170,7 +170,15 @@ end}. %% @doc The erlang distributed protocol {mapping, "node.proto_dist", "vm_args.-proto_dist", [ - %%{default, "inet_tcp"} + {default, "inet_tcp"}, + {datatype, {enum, [inet_tcp, inet6_tcp, inet_ssl]}}, + hidden +]}. + +%% @doc Specify SSL Options in the file if using SSL for erlang distribution +{mapping, "node.ssl_dist_optfile", "vm_args.-ssl_dist_optfile", [ + {datatype, string}, + hidden ]}. %% @doc Secret cookie for distributed erlang node From 6c4ec4588804f0f316bc5f1716c6a702f83f1bc9 Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Fri, 16 Feb 2018 18:41:15 +0800 Subject: [PATCH 2/7] Add etc/ssl_dist.conf file to configure SSL distribution --- etc/ssl_dist.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 etc/ssl_dist.conf diff --git a/etc/ssl_dist.conf b/etc/ssl_dist.conf new file mode 100644 index 000000000..acdf0aa67 --- /dev/null +++ b/etc/ssl_dist.conf @@ -0,0 +1,11 @@ +%% The options in the {server, Opts} tuple are used when calling ssl:ssl_accept/3, +%% and the options in the {client, Opts} tuple are used when calling ssl:connect/4. +%% +%% More information at: http://erlang.org/doc/apps/ssl/ssl_distribution.html +[{server, + [{certfile, "{{ platform_etc_dir }}/certs/cert.pem"}, + {keyfile, "{{ platform_etc_dir }}/certs/key.pem"}, + {secure_renegotiate, true}, + {depth, 0}]}, + {client, + [{secure_renegotiate, true}]}]. From 2674c145a947737d76a4e71734705c1cb8ccaa3c Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Fri, 16 Feb 2018 20:40:44 +0800 Subject: [PATCH 3/7] Fix the 'inet_ssl' distribution module --- etc/emq.conf | 2 +- priv/emq.schema | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/emq.conf b/etc/emq.conf index 3eddac216..684dbf328 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -236,7 +236,7 @@ node.crash_dump = {{ platform_log_dir }}/crash.dump ## Value: Enum ## - inet_tcp: the default; handles TCP streams with IPv4 addressing. ## - inet6_tcp: handles TCP with IPv6 addressing. -## - inet_ssl: using SSL for Erlang Distribution. +## - inet_tls: using TLS for Erlang Distribution. ## ## vm.args: -proto_dist inet_tcp node.proto_dist = inet_tcp diff --git a/priv/emq.schema b/priv/emq.schema index 969e803ba..169445005 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -171,7 +171,7 @@ end}. %% @doc The erlang distributed protocol {mapping, "node.proto_dist", "vm_args.-proto_dist", [ {default, "inet_tcp"}, - {datatype, {enum, [inet_tcp, inet6_tcp, inet_ssl]}}, + {datatype, {enum, [inet_tcp, inet6_tcp, inet_tls]}}, hidden ]}. From 93e161f83b5c335f74644c760850aec0f7ac4432 Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Fri, 16 Feb 2018 21:09:25 +0800 Subject: [PATCH 4/7] Version 2.3.5 --- src/emqttd.app.src | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/emqttd.app.src b/src/emqttd.app.src index c1291446a..fbbc9fd6a 100644 --- a/src/emqttd.app.src +++ b/src/emqttd.app.src @@ -1,6 +1,6 @@ {application,emqttd, [{description,"Erlang MQTT Broker"}, - {vsn,"2.3.4"}, + {vsn,"2.3.5"}, {modules,[]}, {registered,[emqttd_sup]}, {applications,[kernel,stdlib,gproc,lager,esockd,mochiweb, From 98d63a14541abfb5c2d56415a61fdc0c1089fc81 Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Fri, 16 Feb 2018 21:15:30 +0800 Subject: [PATCH 5/7] Comment 'node.ssl_dist_optfile' option by default --- etc/emq.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/emq.conf b/etc/emq.conf index 684dbf328..13be72968 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -246,7 +246,7 @@ node.proto_dist = inet_tcp ## Value: File ## ## vm.args: -ssl_dist_optfile -node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf +## node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf ## Sets the net_kernel tick time. TickTime is specified in seconds. ## Notice that all communicating nodes are to have the same TickTime From a864aa9743f0273e052c851373bf4af2e609c6e7 Mon Sep 17 00:00:00 2001 From: turtled Date: Fri, 23 Feb 2018 21:23:55 +0800 Subject: [PATCH 6/7] Modify tcp buffer config --- etc/emq.conf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/etc/emq.conf b/etc/emq.conf index 13be72968..acac4e5b5 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -704,7 +704,7 @@ listener.tcp.external.send_timeout_close = on ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## Value: on | off -listener.tcp.external.tune_buffer = on +## listener.tcp.external.tune_buffer = off ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are ## sent immediately if the option is enabled. @@ -783,28 +783,28 @@ listener.tcp.external.send_timeout_close = on ## See: listener.tcp..recbuf ## ## Value: Bytes -listener.tcp.internal.recbuf = 16KB +## listener.tcp.internal.recbuf = 4KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes -listener.tcp.internal.sndbuf = 16KB +## listener.tcp.internal.sndbuf = 4KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp..buffer ## ## Value: Bytes -listener.tcp.internal.buffer = 16KB +## listener.tcp.internal.buffer = 4KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.tcp..tune_buffer ## ## Value: on | off -listener.tcp.internal.tune_buffer = on +## listener.tcp.internal.tune_buffer = off ## The TCP_NODELAY flag for internal MQTT connections. ## @@ -1038,7 +1038,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## See: listener.tcp..tune_buffer ## ## Value: on | off -## listener.ssl.external.tune_buffer = on +## listener.ssl.external.tune_buffer = off ## The TCP_NODELAY flag for SSL connections. ## @@ -1166,7 +1166,7 @@ listener.ws.external.send_timeout_close = on ## See: listener.tcp..tune_buffer ## ## Value: on | off -listener.ws.external.tune_buffer = on +## listener.ws.external.tune_buffer = off ## The TCP_NODELAY flag for external MQTT/WebSocket connections. ## From 91b64813facbc279d02cb01add6c7f9609d048d4 Mon Sep 17 00:00:00 2001 From: turtled Date: Sat, 24 Feb 2018 09:15:18 +0800 Subject: [PATCH 7/7] Modify tcp buffer config --- etc/emq.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/emq.conf b/etc/emq.conf index acac4e5b5..3bcadfaf8 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -783,21 +783,21 @@ listener.tcp.external.send_timeout_close = on ## See: listener.tcp..recbuf ## ## Value: Bytes -## listener.tcp.internal.recbuf = 4KB +## listener.tcp.internal.recbuf = 16KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes -## listener.tcp.internal.sndbuf = 4KB +## listener.tcp.internal.sndbuf = 16KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp..buffer ## ## Value: Bytes -## listener.tcp.internal.buffer = 4KB +## listener.tcp.internal.buffer = 16KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ##