diff --git a/Makefile b/Makefile index 1cddc5fe2..a7bb63edc 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ PROJECT = emqttd PROJECT_DESCRIPTION = Erlang MQTT Broker -PROJECT_VERSION = 2.3.2 +PROJECT_VERSION = 2.3.3 DEPS = goldrush gproc lager esockd ekka mochiweb pbkdf2 lager_syslog bcrypt clique jsx @@ -9,7 +9,7 @@ dep_gproc = git https://github.com/uwiger/gproc dep_getopt = git https://github.com/jcomellas/getopt v0.8.2 dep_lager = git https://github.com/basho/lager master dep_esockd = git https://github.com/emqtt/esockd v5.2 -dep_ekka = git https://github.com/emqtt/ekka v0.2.1 +dep_ekka = git https://github.com/emqtt/ekka v0.2.2 dep_mochiweb = git https://github.com/emqtt/mochiweb v4.2.1 dep_pbkdf2 = git https://github.com/emqtt/pbkdf2 2.0.1 dep_lager_syslog = git https://github.com/basho/lager_syslog diff --git a/README.md b/README.md index 83fe86177..96ed87f7c 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,7 @@ Plugin | Descrip [emq_sn](https://github.com/emqtt/emq_sn) | MQTT-SN Protocol Plugin [emq_coap](https://github.com/emqtt/emq_coap) | CoAP Protocol Plugin [emq_stomp](https://github.com/emqtt/emq_stomp) | Stomp Protocol Plugin -[emq_lwm2m](https://github.com/emqtt/emq-lwm2m) | LWM2M Prototol Plugin +[emq_lwm2m](https://github.com/emqx/emqx-lwm2m) | LWM2M Prototol Plugin [emq_recon](https://github.com/emqtt/emq_recon) | Recon Plugin [emq_reloader](https://github.com/emqtt/emq_reloader) | Reloader Plugin [emq_sockjs](https://github.com/emqtt/emq_sockjs) | SockJS(Stomp) Plugin @@ -109,9 +109,7 @@ Plugin | Descrip * Issues: https://github.com/emqtt/emqttd/issues * QQ Group: 12222225 -## Partners - -[QingCloud](https://qingcloud.com) is the world’s first IaaS provider that can deliver any number of IT resources in seconds and adopts a second-based billing system. QingCloud is committed to providing a reliable, secure, on-demand and real-time IT resource platform with excellent performance, which includes all components of a complete IT infrastructure system: computing, storage, networking and security. +## Test Servers The **q.emqtt.com** hosts a public Four-Node *EMQ* cluster on [QingCloud](https://qingcloud.com): diff --git a/etc/emq.conf b/etc/emq.conf index 68cf8b6b7..b8c21dc40 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -1,117 +1,254 @@ ##==================================================================== -## EMQ Configuration R2.3.0 +## EMQ Configuration R2 ##==================================================================== ##-------------------------------------------------------------------- ## Cluster ##-------------------------------------------------------------------- -## Cluster name +## Cluster name. cluster.name = emqcl -## Cluster discovery strategy: manual | static | mcast | dns | etcd | k8s +## Cluster auto-discovery strategy. +## +## Value: Enum +## - manual: Manual join command +## - static: Static node list +## - mcast: IP Multicast +## - dns: DNS A Record +## - etcd: etcd +## - k8s: Kubernates +## +## Default: manual cluster.discovery = manual -## Cluster Autoheal: on | off +## Enable cluster autoheal from network partition. +## +## Value: on | off +## +## Default: on cluster.autoheal = on -## Clean down node of the cluster +## Autoclean down node. A down node will be removed from the cluster +## if this value > 0. +## +## Value: Duration +## -h: hour, e.g. '2h' for 2 hours +## -m: minute, e.g. '5m' for 5 minutes +## -s: second, e.g. '30s' for 30 seconds +## +## Default: 5m cluster.autoclean = 5m ##-------------------------------------------------------------------- -## Cluster with static node list +## Cluster using static node list +## Node list of the cluster. +## +## Value: String ## cluster.static.seeds = emq1@127.0.0.1,emq2@127.0.0.1 ##-------------------------------------------------------------------- -## Cluster with multicast +## Cluster using IP Multicast. +## IP Multicast Address. +## +## Value: IP Address ## cluster.mcast.addr = 239.192.0.1 +## Multicast Ports. +## +## Value: Port List ## cluster.mcast.ports = 4369,4370 +## Multicast Iface. +## +## Value: Iface Address +## +## Default: 0.0.0.0 ## cluster.mcast.iface = 0.0.0.0 +## Multicast Ttl. +## +## Value: 0-255 ## cluster.mcast.ttl = 255 +## Multicast loop. +## +## Value: on | off ## cluster.mcast.loop = on ##-------------------------------------------------------------------- -## Cluster with DNS +## Cluster using DNS A records. +## DNS name. +## +## Value: String ## cluster.dns.name = localhost +## The App name is used to build 'node.name' with IP address. +## +## Value: String ## cluster.dns.app = emq ##-------------------------------------------------------------------- -## Cluster with Etcd +## Cluster using etcd +## Etcd server list, seperated by ','. +## +## Value: String ## cluster.etcd.server = http://127.0.0.1:2379 +## The prefix helps build nodes path in etcd. Each node in the cluster +## will create a path in etcd: v2/keys/// +## +## Value: String ## cluster.etcd.prefix = emqcl +## The TTL for node's path in etcd. +## +## Value: Duration +## +## Default: 1m, 1 minute ## cluster.etcd.node_ttl = 1m ##-------------------------------------------------------------------- -## Cluster with k8s +## Cluster using Kubernates +## Kubernates API server list, seperated by ','. +## +## Value: String ## cluster.k8s.apiserver = http://10.110.111.204:8080 +## The service name helps lookup EMQ nodes in the cluster. +## +## Value: String ## cluster.k8s.service_name = emq -## Address Type: ip | dns +## The address type is used to extract host from k8s service. +## +## Value: ip | dns ## cluster.k8s.address_type = ip -## The Erlang application name +## The app name helps build 'node.name'. +## +## Value: String ## cluster.k8s.app_name = emq ##-------------------------------------------------------------------- ## Node Args ##-------------------------------------------------------------------- -## Node name +## Node name. +## +## See: http://erlang.org/doc/reference_manual/distributed.html +## +## Value: @ +## +## Default: emq@127.0.0.1 node.name = emq@127.0.0.1 -## Cookie for distributed node +## Cookie for distributed node communication. +## +## Value: String node.cookie = emqsecretcookie -## SMP support: enable, auto, disable +## Enable SMP support of Erlang VM. +## +## Value: enable | auto | disable node.smp = auto +## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable +## heartbeat, or set the value as 'on' +## +## Value: on +## ## vm.args: -heart -## Heartbeat monitoring of an Erlang runtime system -## Value should be 'on' or comment the line ## node.heartbeat = on -## Enable kernel poll +## Enable kernel poll. +## +## Value: on | off +## +## Default: on node.kernel_poll = on -## async thread pool +## Sets the number of threads in async thread pool. Valid range is 0-1024. +## +## See: http://erlang.org/doc/man/erl.html +## +## Value: 0-1024 +## +## vm.args: +A Number node.async_threads = 32 -## Erlang Process Limit +## Sets the maximum number of simultaneously existing processes for this +## system if a Number is passed as value. +## +## See: http://erlang.org/doc/man/erl.html +## +## Value: Number [1024-134217727] +## +## vm.args: +P Number node.process_limit = 256000 ## Sets the maximum number of simultaneously existing ports for this system +## if a Number is passed as value. +## +## See: http://erlang.org/doc/man/erl.html +## +## Value: Number [1024-134217727] +## +## vm.args: +Q Number node.max_ports = 65536 -## Set the distribution buffer busy limit (dist_buf_busy_limit) -node.dist_buffer_size = 32MB +## Set the distribution buffer busy limit (dist_buf_busy_limit). +## +## See: http://erlang.org/doc/man/erl.html +## +## Value: Number [1KB-2GB] +## +## vm.args: +zdbbl size +node.dist_buffer_size = 8MB -## Max ETS Tables. -## Note that mnesia and SSL will create temporary ets tables. +## Sets the maximum number of ETS tables. Note that mnesia and SSL will +## create temporary ETS tables. +## +## Value: Number +## +## vm.args: +e Number node.max_ets_tables = 256000 -## Tweak GC to run more often +## Tweak GC to run more often. +## +## Value: Number [0-65535] +## +## vm.args: -env ERL_FULLSWEEP_AFTER Number node.fullsweep_after = 1000 -## Crash dump +## Crash dump log file. +## +## Value: Log file node.crash_dump = {{ platform_log_dir }}/crash.dump -## Distributed node ticktime +## Sets the net_kernel tick time. TickTime is specified in seconds. +## Notice that all communicating nodes are to have the same TickTime +## value specified. +## +## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime +## +## Value: Number +## +## vm.args: -kernel net_ticktime Number node.dist_net_ticktime = 60 -## Distributed node port range +## Sets the port range for the listener socket of a distributed Erlang node. +## Note that if there are firewalls between clustered nodes, this port segment +## for nodes’ communication should be allowed. +## +## See: http://www.erlang.org/doc/man/kernel_app.html +## +## Value: Port [1024-65535] node.dist_listen_min = 6369 node.dist_listen_max = 6379 @@ -119,196 +256,316 @@ node.dist_listen_max = 6379 ## Log ##-------------------------------------------------------------------- -## Set the log dir +## Sets the log dir. +## +## Value: Folder log.dir = {{ platform_log_dir }} -## Console log. Enum: off, file, console, both +## Where to emit the console logs. +## +## Value: off | file | console | both +## - off: disabled +## - file: write to file +## - console: write to stdout +## - both: file and stdout log.console = console -## Console log level. Enum: debug, info, notice, warning, error, critical, alert, emergency +## Sets the severity level of console log. +## +## Value: debug | info | notice | warning | error | critical | alert | emergency +## +## Default: error log.console.level = error -## Console log file +## The file where console logs will be writed to, when 'log.console' is set as 'file'. +## +## Value: File Name ## log.console.file = {{ platform_log_dir }}/console.log -## Console log file size +## Maximum file size for console log. +## +## Value: Number(bytes) ## log.console.size = 10485760 -## Console log count size +## The rotation count for console log. +## +## Value: Number ## log.console.count = 5 -## Info log file +## The file where info logs will be writed to. +## +## Value: File Name ## log.info.file = {{ platform_log_dir }}/info.log -## Info log file size +## Maximum file size for info log. +## +## Value: Number(bytes) ## log.info.size = 10485760 -## Info log file count +## The rotation count for info log. +## +## Value: Number ## log.info.count = 5 -## Error log file +## The file where error logs will be writed to. +## +## Value: File Name log.error.file = {{ platform_log_dir }}/error.log -## Error log file size +## Maximum file size for error log. +## +## Value: Number(bytes) log.error.size = 10485760 -## Error log file count +## The rotation count for error log. +## +## Value: Number log.error.count = 5 -## Enable the crash log. Enum: on, off +## Enable the crash log. +## +## Value: on | off log.crash = on +## The file for crash log. +## +## Value: File Name log.crash.file = {{ platform_log_dir }}/crash.log -## Syslog. Enum: on, off +## Enable syslog. +## +## Values: on | off log.syslog = on -## syslog level. Enum: debug, info, notice, warning, error, critical, alert, emergency +## Sets the severity level for syslog. +## +## Value: debug | info | notice | warning | error | critical | alert | emergency log.syslog.level = error ##-------------------------------------------------------------------- -## Allow Anonymous and Default ACL +## Allow Anonymous Authentication and Default ACL ##-------------------------------------------------------------------- -## Allow Anonymous authentication +## Allow Anonymous Authentication. +## +## Notice: Disable the option for production deployment. +## +## Value: true | false mqtt.allow_anonymous = true -## ACL nomatch +## Default behaviour when ACL nomatch. +## +## Value: allow | deny mqtt.acl_nomatch = allow -## Default ACL File +## Default ACL File. +## +## Value: File Name mqtt.acl_file = {{ platform_etc_dir }}/acl.conf -## Cache ACL for PUBLISH +## Whether to cache ACL for publish messages. +## +## Value: true | false mqtt.cache_acl = true ##-------------------------------------------------------------------- ## MQTT Protocol ##-------------------------------------------------------------------- -## Max ClientId Length Allowed. +## Maximum length of MQTT clientId allowed. +## +## Value: Number [23-65535] mqtt.max_clientid_len = 1024 -## Max Packet Size Allowed, 64K by default. +## Maximum MQTT packet size allowed. +## +## Value: Bytes +## +## Default: 64K mqtt.max_packet_size = 64KB -## Check Websocket Protocol Header. Enum: on, off +## Check if the websocket protocol header is valid. +## Turn off the option when developing WeChat App. +## +## Value: on | off mqtt.websocket_protocol_header = on -## The Keepalive timeout: Keepalive * backoff * 2 -mqtt.keepalive_backoff = 1.25 +## The backoff for MQTT keepalive timeout. +## EMQ will kick a MQTT connection out until 'Keepalive * backoff * 2' timeout. +## +## Value: Float > 0.5 +mqtt.keepalive_backoff = 0.75 ##-------------------------------------------------------------------- ## MQTT Connection ##-------------------------------------------------------------------- -## Force GC: integer. Value 0 disabled the Force GC. +## Force GC the MQTT connections. Value 0 will disable the Force GC. +## +## Value: Number >= 0 mqtt.conn.force_gc_count = 100 ##-------------------------------------------------------------------- ## MQTT Client ##-------------------------------------------------------------------- -## Client Idle Timeout (Second) +## MQTT client idle timeout, specified in seconds. +## +## Value: Duration mqtt.client.idle_timeout = 30s -## Max publish rate of Messages +## TODO: Maximum publish rate of MQTT messages per second. +## +## Value: Number ## mqtt.client.max_publish_rate = 5 -## Enable client Stats: on | off +## Enable per client statistics. +## +## Value: on | off mqtt.client.enable_stats = off ##-------------------------------------------------------------------- ## MQTT Session ##-------------------------------------------------------------------- -## Max Number of Subscriptions, 0 means no limit. +## Maximum number of subscriptions allowed, 0 means no limit. +## +## Value: Number mqtt.session.max_subscriptions = 0 -## Upgrade QoS? +## Force to upgrade QoS according to subscription. +## +## Value: on | off mqtt.session.upgrade_qos = off -## Max Size of the Inflight Window for QoS1 and QoS2 messages -## 0 means no limit +## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked. +## +## Value: Number mqtt.session.max_inflight = 32 -## Retry Interval for redelivering QoS1/2 messages. +## Retry interval for QoS1/2 message delivering. +## +## Value: Duration mqtt.session.retry_interval = 20s -## Client -> Broker: Max Packets Awaiting PUBREL, 0 means no limit -mqtt.session.max_awaiting_rel = 100 +## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit. +## +## Value: Number +mqtt.session.max_awaiting_rel = 1000 -## Awaiting PUBREL Timeout -mqtt.session.await_rel_timeout = 20s +## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout. +## +## Value: Duration +mqtt.session.await_rel_timeout = 30s -## Enable Statistics: on | off +## Enable per session statistics. +## +## Value: on | off mqtt.session.enable_stats = on -## Expired after 1 day: -## w - week -## d - day -## h - hour -## m - minute -## s - second +## Session expiration time. +## +## Value: Duration +## -d: day +## -h: hour +## -m: minute +## -s: second +## +## Default: 2h, 2 hours mqtt.session.expiry_interval = 2h -## Ignore message from self publish +## Whether to ignore loop delivery of messages. +## +## Value: true | false +## +## Default: false mqtt.session.ignore_loop_deliver = false ##-------------------------------------------------------------------- ## MQTT Message Queue ##-------------------------------------------------------------------- -## Type: simple | priority +## Message queue type. +## +## Value: simple | priority mqtt.mqueue.type = simple -## Topic Priority: 0~255, Default is 0 +## Topic priority. Default is 0. +## +## Value: Number [0-255] +## ## mqtt.mqueue.priority = topic/1=10,topic/2=8 -## Max queue length. Enqueued messages when persistent client disconnected, +## Maximum queue length. Enqueued messages when persistent client disconnected, ## or inflight window is full. 0 means no limit. +## +## Value: Number >= 0 mqtt.mqueue.max_length = 1000 -## Low-water mark of queued messages +## Low-water mark of queued messages. +## +## Value: Percent mqtt.mqueue.low_watermark = 20% -## High-water mark of queued messages +## High-water mark of queued messages. +## +## Value: Percent mqtt.mqueue.high_watermark = 60% -## Queue Qos0 messages? +## Whether to enqueue Qos0 messages. +## +## Value: false | true mqtt.mqueue.store_qos0 = true ##-------------------------------------------------------------------- ## MQTT Broker and PubSub ##-------------------------------------------------------------------- -## System Interval of publishing broker $SYS Messages -mqtt.broker.sys_interval = 60 +## System interval of publishing $SYS messages. +## +## Value: Duration +## +## Default: 1m, 1 minute +mqtt.broker.sys_interval = 1m -## PubSub Pool Size. Default should be scheduler numbers. +## The PubSub pool size. Default value should be same as scheduler numbers. +## +## Value: Number > 1 mqtt.pubsub.pool_size = 8 -## Subscribe Asynchronously +## TODO: Subscribe asynchronously. +## +## Value: true | false mqtt.pubsub.async = true ##-------------------------------------------------------------------- ## MQTT Bridge ##-------------------------------------------------------------------- -## Bridge Queue Size +## The pending message queue size of bridge. +## +## Value: Number mqtt.bridge.max_queue_len = 10000 -## Ping Interval of bridge node. Unit: Second -mqtt.bridge.ping_down_interval = 1 +## Ping interval of bridge node. +## +## Value: Duration +## +## Default: 1s, 1 second +mqtt.bridge.ping_down_interval = 1s ##------------------------------------------------------------------- ## MQTT Plugins ##------------------------------------------------------------------- -## Dir of plugins' config +## The etc dir for plugins' config. +## +## Value: Folder mqtt.plugins.etc_dir ={{ platform_etc_dir }}/plugins/ -## File to store loaded plugin names. +## The file to store loaded plugin names. +## +## Value: File mqtt.plugins.loaded_file = {{ platform_data_dir }}/loaded_plugins ##-------------------------------------------------------------------- @@ -316,308 +573,822 @@ mqtt.plugins.loaded_file = {{ platform_data_dir }}/loaded_plugins ##-------------------------------------------------------------------- ##-------------------------------------------------------------------- -## External TCP Listener +## MQTT/TCP - External TCP Listener for MQTT Protocol -## External TCP Listener: 1883, 127.0.0.1:1883, ::1:1883 +## listener.tcp. is the IP address and port that the MQTT/TCP +## listener will bind. +## +## Value: IP:Port | Port +## +## Examples: 1883, 127.0.0.1:1883, ::1:1883 listener.tcp.external = 0.0.0.0:1883 -## Size of acceptor pool +## The acceptor pool for external MQTT/TCP listener. +## +## Value: Number listener.tcp.external.acceptors = 16 -## Maximum number of concurrent clients +## Maximum number of concurrent MQTT/TCP connections. +## +## Value: Number listener.tcp.external.max_clients = 102400 -## TODO: +## TODO: Zone of the external MQTT/TCP listener belonged to. +## +## Value: String ## listener.tcp.external.zone = external -#listener.tcp.external.mountpoint = external/ +## Mountpoint of the MQTT/TCP Listener. All the topics of this +## listener will be prefixed with the mount point if this option +## is enabled. +## +## Value: String +## listener.tcp.external.mountpoint = external/ -## Rate Limit. Format is 'burst,rate', Unit is KB/Sec -#listener.tcp.external.rate_limit = 100,10 +## Rate limit for the external MQTT/TCP connections. +## Format is 'burst,rate'. +## +## Value: burst,rate +## Unit: KB/sec +## listener.tcp.external.rate_limit = 100,10 -#listener.tcp.external.access.1 = allow 192.168.0.0/24 +## The access control rules for the MQTT/TCP listener. +## +## See: https://github.com/emqtt/esockd#allowdeny +## +## Value: ACL Rule +## +## Example: allow 192.168.0.0/24 +listener.tcp.external.access.1 = allow all -listener.tcp.external.access.2 = allow all - -## Proxy Protocol V1/2 +## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed +## behind HAProxy or Nginx. +## +## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/ +## +## Value: on | off ## listener.tcp.external.proxy_protocol = on + +## Sets the timeout for proxy protocol. EMQ will close the TCP connection +## if no proxy protocol packet recevied within the timeout. +## +## Value: Duration ## listener.tcp.external.proxy_protocol_timeout = 3s -### Use the PP2_SUBTYPE_SSL_CN field from Proxy Protocol V2 as a username. +## Enable the option for X.509 certificate based authentication. +## EMQ will Use the PP2_SUBTYPE_SSL_CN field in Proxy Protocol V2 +## as MQTT username. +## +## Value: cn ## listener.tcp.external.peer_cert_as_username = cn -## TCP Socket Options +## The TCP backlog defines the maximum length that the queue of pending +## connections can grow to. +## +## Value: Number >= 0 listener.tcp.external.backlog = 1024 +## The TCP send timeout for external MQTT connections. +## +## Value: Duration listener.tcp.external.send_timeout = 15s +## Close the TCP connection if send timeout. +## +## Value: on | off listener.tcp.external.send_timeout_close = on -#listener.tcp.external.recbuf = 4KB +## The TCP receive buffer(os kernel) for MQTT connections. +## +## See: http://erlang.org/doc/man/inet.html +## +## Value: Bytes +## listener.tcp.external.recbuf = 4KB -#listener.tcp.external.sndbuf = 4KB +## The TCP send buffer(os kernel) for MQTT connections. +## +## See: http://erlang.org/doc/man/inet.html +## +## Value: Bytes +## listener.tcp.external.sndbuf = 4KB -listener.tcp.external.buffer = 4KB +## The size of the user-level software buffer used by the driver. +## Not to be confused with options sndbuf and recbuf, which correspond +## to the Kernel socket buffers. It is recommended to have val(buffer) +## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because +## of unnecessary copying. val(buffer) is automatically set to the above +## maximum when values sndbuf or recbuf are set. +## +## See: http://erlang.org/doc/man/inet.html +## +## Value: Bytes +## listener.tcp.external.buffer = 4KB +## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. +## +## Value: on | off +listener.tcp.external.tune_buffer = on + +## The TCP_NODELAY flag for MQTT connections. Small amounts of data are +## sent immediately if the option is enabled. +## +## Value: true | false listener.tcp.external.nodelay = true ##-------------------------------------------------------------------- -## Internal TCP Listener +## Internal TCP Listener for MQTT Protocol -## Internal TCP Listener: 11883, 127.0.0.1:11883, ::1:11883 +## The IP address and port that the internal MQTT/TCP protocol listener +## will bind. +## +## Value: IP:Port, Port +## +## Examples: 11883, 127.0.0.1:11883, ::1:11883 listener.tcp.internal = 127.0.0.1:11883 -## Size of acceptor pool -listener.tcp.internal.acceptors = 16 +## The acceptor pool for internal MQTT/TCP listener. +## +## Value: Number +listener.tcp.internal.acceptors = 4 -## Maximum number of concurrent clients +## Maximum number of concurrent MQTT/TCP connections. +## +## Value: Number listener.tcp.internal.max_clients = 102400 -#listener.tcp.internal.zone = internal +## TODO: Zone of the internal MQTT/TCP listener belonged to. +## +## Value: String +## listener.tcp.internal.zone = internal -#listener.tcp.external.mountpoint = internal/ +## Mountpoint of the MQTT/TCP Listener. +## +## See: listener.tcp..mountpoint +## +## Value: String +## listener.tcp.internal.mountpoint = internal/ -## Rate Limit. Format is 'burst,rate', Unit is KB/Sec +## Rate limit for the internal MQTT/TCP connections. +## +## See: listener.tcp..rate_limit +## +## Value: burst,rate ## listener.tcp.internal.rate_limit = 1000,100 -## TCP Socket Options +## The TCP backlog of internal MQTT/TCP Listener. +## +## See: listener.tcp..backlog +## +## Value: Number >= 0 listener.tcp.internal.backlog = 512 -listener.tcp.internal.send_timeout = 15s +## The TCP send timeout for internal MQTT connections. +## +## See: listener.tcp..send_timeout +## +## Value: Duration +listener.tcp.internal.send_timeout = 5s +## Close the MQTT/TCP connection if send timeout. +## +## See: listener.tcp..send_timeout_close +## +## Value: on | off listener.tcp.external.send_timeout_close = on +## The TCP receive buffer(os kernel) for internal MQTT connections. +## +## See: listener.tcp..recbuf +## +## Value: Bytes +listener.tcp.internal.recbuf = 16KB + +## The TCP send buffer(os kernel) for internal MQTT connections. +## +## See: http://erlang.org/doc/man/inet.html +## +## Value: Bytes +listener.tcp.internal.sndbuf = 16KB + +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer +## +## Value: Bytes +listener.tcp.internal.buffer = 16KB + +## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. +## +## See: listener.tcp..tune_buffer +## +## Value: on | off listener.tcp.internal.tune_buffer = on -listener.tcp.internal.buffer = 1MB - -listener.tcp.internal.recbuf = 4KB - -listener.tcp.internal.sndbuf = 1MB - -listener.tcp.internal.nodelay = true +## The TCP_NODELAY flag for internal MQTT connections. +## +## See: listener.tcp..nodelay +## +## Value: true | false +listener.tcp.internal.nodelay = false ##-------------------------------------------------------------------- -## External SSL Listener +## MQTT/SSL - External SSL Listener for MQTT Protocol -## SSL Listener: 8883, 127.0.0.1:8883, ::1:8883 +## listener.ssl. is the IP address and port that the MQTT/SSL +## listener will bind. +## +## Value: IP:Port | Port +## +## Examples: 8883, 127.0.0.1:8883, ::1:8883 listener.ssl.external = 8883 -## Size of acceptor pool +## The acceptor pool for external MQTT/SSL listener. +## +## Value: Number listener.ssl.external.acceptors = 16 -## Maximum number of concurrent clients +## Maximum number of concurrent MQTT/SSL connections. +## +## Value: Number listener.ssl.external.max_clients = 1024 -## Authentication Zone +## TODO: Zone of the external MQTT/SSL listener belonged to. +## +## Value: String ## listener.ssl.external.zone = external +## Mountpoint of the MQTT/SSL Listener. +## +## Value: String ## listener.ssl.external.mountpoint = inbound/ -## Rate Limit. Format is 'burst,rate', Unit is KB/Sec -## listener.ssl.external.rate_limit = 100,10 - -## Proxy Protocol V1/2 -## listener.ssl.external.proxy_protocol = on -## listener.ssl.external.proxy_protocol_timeout = 3s - +## The access control rules for the MQTT/SSL listener. +## +## See: listener.tcp..access +## +## Value: ACL Rule listener.ssl.external.access.1 = allow all -### SSL Options. See http://erlang.org/doc/man/ssl.html +## Rate limit for the external MQTT/SSL connections. +## +## Value: burst,rate +## listener.ssl.external.rate_limit = 100,10 -## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html -### TLS only for POODLE attack +## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind +## HAProxy or Nginx. +## +## See: listener.tcp..proxy_protocol +## +## Value: on | off +## listener.ssl.external.proxy_protocol = on + +## Sets the timeout for proxy protocol. +## +## See: listener.tcp..proxy_protocol_timeout +## +## Value: Duration +## listener.ssl.external.proxy_protocol_timeout = 3s + +## TLS versions only to protect from POODLE attack. +## +## See: http://erlang.org/doc/man/ssl.html +## +## Value: String, seperated by ',' ## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 -### The Ephemeral Diffie-Helman key exchange is a very effective way of -### ensuring Forward Secrecy by exchanging a set of keys that never hit -### the wire. Since the DH key is effectively signed by the private key, -### it needs to be at least as strong as the private key. In addition, -### the default DH groups that most of the OpenSSL installations have -### are only a handful (since they are distributed with the OpenSSL -### package that has been built for the operating system it’s running on) -### and hence predictable (not to mention, 1024 bits only). - -### In order to escape this situation, first we need to generate a fresh, -### strong DH group, store it in a file and then use the option above, -### to force our SSL application to use the new DH group. Fortunately, -### OpenSSL provides us with a tool to do that. Simply run: -### openssl dhparam -out dh-params.pem 2048 - +## TLS Handshake timeout. +## +## Value: Duration listener.ssl.external.handshake_timeout = 15s +## Path to the file containing the user's private PEM-encoded key. +## +## See: http://erlang.org/doc/man/ssl.html +## +## Value: File listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem +## Path to a file containing the user certificate. +## +## See: http://erlang.org/doc/man/ssl.html +## +## Value: File listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem +## Path to the file containing PEM-encoded CA certificates. The CA certificates +## are used during server authentication and when building the client certificate chain. +## +## Value: File ## listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +## The Ephemeral Diffie-Helman key exchange is a very effective way of +## ensuring Forward Secrecy by exchanging a set of keys that never hit +## the wire. Since the DH key is effectively signed by the private key, +## it needs to be at least as strong as the private key. In addition, +## the default DH groups that most of the OpenSSL installations have +## are only a handful (since they are distributed with the OpenSSL +## package that has been built for the operating system it’s running on) +## and hence predictable (not to mention, 1024 bits only). +## In order to escape this situation, first we need to generate a fresh, +## strong DH group, store it in a file and then use the option above, +## to force our SSL application to use the new DH group. Fortunately, +## OpenSSL provides us with a tool to do that. Simply run: +## openssl dhparam -out dh-params.pem 2048 +## +## Value: File ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem +## A server only does x509-path validation in mode verify_peer, +## as it then sends a certificate request to the client (this +## message is not sent if the verify option is verify_none). +## You can then also want to specify option fail_if_no_peer_cert. +## More information at: http://erlang.org/doc/man/ssl.html +## +## Value: verify_peer | verify_none ## listener.ssl.external.verify = verify_peer +## Used together with {verify, verify_peer} by an SSL server. If set to true, +## the server fails if the client does not have a certificate to send, that is, +## sends an empty certificate. +## +## Value: true | false ## listener.ssl.external.fail_if_no_peer_cert = true -### This is the single most important configuration option of an Erlang SSL application. -### Ciphers (and their ordering) define the way the client and server encrypt information -### over the wire, from the initial Diffie-Helman key exchange, the session key encryption -### algorithm and the message digest algorithm. Selecting a good cipher suite is critical -### for the application’s data security, confidentiality and performance. -### The cipher list above offers: -### -### A good balance between compatibility with older browsers. It can get stricter for Machine-To-Machine scenarios. -### Perfect Forward Secrecy. -### No old/insecure encryption and HMAC algorithms -### -### Most of it was copied from Mozilla’s Server Side TLS article +## This is the single most important configuration option of an Erlang SSL +## application. Ciphers (and their ordering) define the way the client and +## server encrypt information over the wire, from the initial Diffie-Helman +## key exchange, the session key encryption ## algorithm and the message +## digest algorithm. Selecting a good cipher suite is critical for the +## application’s data security, confidentiality and performance. +## +## The cipher list above offers: +## +## A good balance between compatibility with older browsers. +## It can get stricter for Machine-To-Machine scenarios. +## Perfect Forward Secrecy. +## No old/insecure encryption and HMAC algorithms +## +## Most of it was copied from Mozilla’s Server Side TLS article +## +## Value: Ciphers ## listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA -### SSL parameter renegotiation is a feature that allows a client and -### a server to renegotiate the parameters of the SSL connection on the fly. -### RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, -### you drop support for the insecure renegotiation, prone to MitM attacks. +## SSL parameter renegotiation is a feature that allows a client and a server +## to renegotiate the parameters of the SSL connection on the fly. +## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, +## you drop support for the insecure renegotiation, prone to MitM attacks. +## +## Value: on | off ## listener.ssl.external.secure_renegotiate = off -### A performance optimization setting, it allows clients to reuse -### pre-existing sessions, instead of initializing new ones. -### Read more about it here. +## A performance optimization setting, it allows clients to reuse +## pre-existing sessions, instead of initializing new ones. +## Read more about it here. +## +## See: http://erlang.org/doc/man/ssl.html +## +## Value: on | off ## listener.ssl.external.reuse_sessions = on -### An important security setting, it forces the cipher to be set based on -### the server-specified order instead of the client-specified order, -### hence enforcing the (usually more properly configured) security -### ordering of the server administrator. +## An important security setting, it forces the cipher to be set based +## on the server-specified order instead of the client-specified order, +## hence enforcing the (usually more properly configured) security +## ordering of the server administrator. +## +## Value: on | off ## listener.ssl.external.honor_cipher_order = on -### Use the CN or DN value from the client certificate as a username. -### Notice: 'verify' should be configured as 'verify_peer' +## Use the CN or DN value from the client certificate as a username. +## Notice that 'verify' should be set as 'verify_peer'. +## +## Value: cn | dn ## listener.ssl.external.peer_cert_as_username = cn -## SSL Socket Options +## TCP backlog for the SSL connection. +## +## See listener.tcp..backlog +## +## Value: Number >= 0 ## listener.ssl.external.backlog = 1024 +## The TCP send timeout for the SSL connection. +## +## See listener.tcp..send_timeout +## +## Value: Duration ## listener.ssl.external.send_timeout = 15s +## Close the SSL connection if send timeout. +## +## See: listener.tcp..send_timeout_close +## +## Value: on | off ## listener.ssl.external.send_timeout_close = on +## The TCP receive buffer(os kernel) for the SSL connections. +## +## See: listener.tcp..recbuf +## +## Value: Bytes ## listener.ssl.external.recbuf = 4KB +## The TCP send buffer(os kernel) for internal MQTT connections. +## +## See: listener.tcp..sndbuf +## +## Value: Bytes ## listener.ssl.external.sndbuf = 4KB +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer +## +## Value: Bytes ## listener.ssl.external.buffer = 4KB +## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. +## +## See: listener.tcp..tune_buffer +## +## Value: on | off +## listener.ssl.external.tune_buffer = on + +## The TCP_NODELAY flag for SSL connections. +## +## See: listener.tcp..nodelay +## +## Value: true | false ## listener.ssl.external.nodelay = true ##-------------------------------------------------------------------- -## External MQTT/WebSocket Listener +## External WebSocket Listener for MQTT Protocol +## listener.ws. is the IP address and port that the MQTT/Websocket +## listener will bind. +## +## Value: IP:Port | Port +## +## Examples: 8083, 127.0.0.1:8083, ::1:8083 listener.ws.external = 8083 +## The acceptor pool for external MQTT/Websocket listener. +## +## Value: Number listener.ws.external.acceptors = 4 -listener.ws.external.max_clients = 64 +## Maximum number of concurrent MQTT/Websocket connections. +## +## Value: Number +listener.ws.external.max_clients = 102400 +## TODO: Zone of the external MQTT/Websocket listener belonged to. +## +## Value: String ## listener.ws.external.zone = external +## Mountpoint of the MQTT/Websocket Listener. +## +## See: listener.tcp..mountpoint +## +## Value: String +## listener.ws.external.mountpoint = external/ + +## The access control for the MQTT/Websocket listener. +## +## See: listener.tcp..access +## +## Value: ACL Rule listener.ws.external.access.1 = allow all -## Proxy Protocol V1/2 +## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind +## HAProxy or Nginx. +## +## See: listener.tcp..proxy_protocol +## +## Value: on | off ## listener.ws.external.proxy_protocol = on + +## Sets the timeout for proxy protocol. +## +## See: listener.tcp..proxy_protocol_timeout +## +## Value: Duration ## listener.ws.external.proxy_protocol_timeout = 3s -## TCP Options +## The TCP backlog of external MQTT/Websocket Listener. +## +## See: listener.tcp..backlog +## +## Value: Number >= 0 listener.ws.external.backlog = 1024 +## The TCP send timeout for external MQTT/Websocket connections. +## +## See: listener.tcp..send_timeout +## +## Value: Duration listener.ws.external.send_timeout = 15s +## Close the MQTT/Websocket connection if send timeout. +## +## See: listener.tcp..send_timeout_close +## +## Value: on | off listener.ws.external.send_timeout_close = on -listener.ws.external.recbuf = 4KB +## The TCP receive buffer(os kernel) for external MQTT/Websocket connections. +## +## See: listener.tcp..recbuf +## +## Value: Bytes +## listener.ws.external.recbuf = 4KB -listener.ws.external.sndbuf = 4KB +## The TCP send buffer(os kernel) for external MQTT/Websocket connections. +## +## See 'listener.tcp..sndbuf' +## +## Value: Bytes +## listener.ws.external.sndbuf = 4KB -listener.ws.external.buffer = 4KB +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer +## +## Value: Bytes +## listener.ws.external.buffer = 4KB +## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. +## +## See: listener.tcp..tune_buffer +## +## Value: on | off +listener.ws.external.tune_buffer = on + +## The TCP_NODELAY flag for external MQTT/Websocket connections. +## +## See: listener.tcp..nodelay +## +## Value: true | false listener.ws.external.nodelay = true ##-------------------------------------------------------------------- -## External MQTT/WebSocket/SSL Listener +## External WebSocket/SSL listener for MQTT Protocol +## listener.wss. is the IP address and port that the MQTT/Websocket/SSL +## listener will bind. +## +## Value: IP:Port | Port +## +## Examples: 8084, 127.0.0.1:8084, ::1:8084 listener.wss.external = 8084 +## The acceptor pool for external MQTT/Websocket/SSL listener. +## +## Value: Number listener.wss.external.acceptors = 4 +## Maximum number of concurrent MQTT/Webwocket/SSL connections. +## +## Value: Number listener.wss.external.max_clients = 64 +## TODO: Zone of the external MQTT/Websocket/SSL listener belonged to. +## +## Value: String ## listener.wss.external.zone = external +## Mountpoint of the MQTT/Websocket/SSL Listener. +## +## See 'listener.tcp..mountpoint' +## +## Value: String +## listener.wss.external.mountpoint = inbound/ + +## The access control rules for the MQTT/Websocket/SSL listener. +## +## See: listener.tcp..access. +## +## Value: ACL Rule listener.wss.external.access.1 = allow all -## Proxy Protocol V1/2 +## Enable the Proxy Protocol V1/2 support. +## +## See: listener.tcp..proxy_protocol +## +## Value: on | off ## listener.wss.external.proxy_protocol = on + +## Sets the timeout for proxy protocol. +## +## See: listener.tcp..proxy_protocol_timeout +## +## Value: Duration ## listener.wss.external.proxy_protocol_timeout = 3s -## SSL Options +## TLS versions only to protect from POODLE attack. +## +## See: listener.ssl..tls_versions +## +## Value: String, seperated by ',' +## listener.wss.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 + +## TLS Handshake timeout. +## +## See: listener.ssl..handshake_timeout +## +## Value: Duration listener.wss.external.handshake_timeout = 15s +## Path to the file containing the user's private PEM-encoded key. +## +## See: listener.ssl..keyfile +## +## Value: File listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem +## Path to a file containing the user certificate. +## +## See: listener.ssl..certfile +## +## Value: File listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem +## Path to the file containing PEM-encoded CA certificates. +## +## See: listener.ssl..cacert +## +## Value: File ## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +## See: listener.ssl..dhfile +## +## Value: File +## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem + +## See: listener.ssl..vefify +## +## Value: vefify_peer | verify_none ## listener.wss.external.verify = verify_peer +## See: listener.ssl..fail_if_no_peer_cert +## +## Value: false | true ## listener.wss.external.fail_if_no_peer_cert = true +## See: listener.ssl..ciphers +## +## Value: Ciphers +## listener.wss.external.ciphers = + +## See: listener.ssl..secure_renegotiate +## +## Value: on | off +## listener.wss.external.secure_renegotiate = off + +## See: listener.ssl..reuse_sessions +## +## Value: on | off +## listener.wss.external.reuse_sessions = on + +## See: listener.ssl..honor_cipher_order +## +## Value: on | off +## listener.wss.external.honor_cipher_order = on + +## See: listener.ssl..peer_cert_as_username +## +## Value: cn | dn +## listener.wss.external.peer_cert_as_username = cn + +## TCP backlog for the Websocket/SSL connection. +## +## See 'listener.tcp..backlog' +## +## Value: Number >= 0 listener.wss.external.backlog = 1024 +## The TCP send timeout for the Websocket/SSL connection. +## +## See 'listener.tcp..send_timeout' +## +## Value: Duration listener.wss.external.send_timeout = 15s +## Close the Websocket/SSL connection if send timeout. +## +## See: listener.tcp..send_timeout_close +## +## Value: on | off listener.wss.external.send_timeout_close = on +## The TCP receive buffer(os kernel) for the Websocket/SSL connections. +## +## See: listener.tcp..recbuf +## +## Value: Bytes ## listener.wss.external.recbuf = 4KB +## The TCP send buffer(os kernel) for the Websocket/SSL connections. +## +## See: listener.tcp..sndbuf +## +## Value: Bytes ## listener.wss.external.sndbuf = 4KB +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer +## +## Value: Bytes ## listener.wss.external.buffer = 4KB +## The TCP_NODELAY flag for Websocket/SSL connections. +## +## See: listener.tcp..nodelay +## +## Value: true | false ## listener.wss.external.nodelay = true ##-------------------------------------------------------------------- ## HTTP Management API Listener +## The IP Address and Port that the EMQ HTTP API will bind. +## +## Value: IP:Port | Port +## +## Default: 0.0.0.0:8080 listener.api.mgmt = 0.0.0.0:8080 +## The TCP Acceptor pool size. +## +## Value: Number listener.api.mgmt.acceptors = 4 +## Maximum concurrent HTTP clients allowed. +## +## Value: Number listener.api.mgmt.max_clients = 64 +## The access control rules for the listener. +## +## See: https://github.com/emqtt/esockd#allowdeny +## +## Value: ACL Rule listener.api.mgmt.access.1 = allow all +## The TCP backlog for HTTP API. +## +## Value: Number >= 0 listener.api.mgmt.backlog = 512 +## The TCP send timeout for HTTP API. +## +## Value: Duration listener.api.mgmt.send_timeout = 15s +## Close the TCP connection if send timeout. +## +## Value: on | off listener.api.mgmt.send_timeout_close = on ##------------------------------------------------------------------- ## System Monitor ##------------------------------------------------------------------- -## Long GC, don't monitor in production mode for: +## Enable Long GC monitoring. +## Notice: don't enable the monitor in production for: ## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421 +## +## Value: true | false sysmon.long_gc = false -## Long Schedule(ms) +## Enable Long Schedule(ms) monitoring. +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## Value: Number sysmon.long_schedule = 240 -## 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM. +## Enable Large Heap monitoring. +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## Value: bytes +## +## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM. sysmon.large_heap = 8MB -## Busy Port +## Enable Busy Port monitoring. +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## Value: true | false sysmon.busy_port = false -## Busy Dist Port +## Enable Busy Dist Port monitoring. +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## Value: true | false sysmon.busy_dist_port = true diff --git a/priv/emq.schema b/priv/emq.schema index aaefce4c2..11c45cecb 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -702,8 +702,8 @@ end}. %%-------------------------------------------------------------------- {mapping, "mqtt.broker.sys_interval", "emqttd.broker_sys_interval", [ - {default, 60}, - {datatype, integer} + {datatype, {duration, ms}}, + {default, "1m"} ]}. %%-------------------------------------------------------------------- @@ -735,8 +735,8 @@ end}. ]}. {mapping, "mqtt.bridge.ping_down_interval", "emqttd.bridge", [ - {default, 1}, - {datatype, integer} + {datatype, {duration, ms}}, + {default, "1s"} ]}. {translation, "emqttd.bridge", fun(Conf) -> @@ -1007,6 +1007,10 @@ end}. {datatype, string} ]}. +{mapping, "listener.ws.$name.mountpoint", "emqttd.listeners", [ + {datatype, string} +]}. + {mapping, "listener.ws.$name.access.$id", "emqttd.listeners", [ {datatype, string} ]}. @@ -1140,6 +1144,14 @@ end}. hidden ]}. +{mapping, "listener.wss.$name.tls_versions", "emqttd.listeners", [ + {datatype, string} +]}. + +{mapping, "listener.wss.$name.ciphers", "emqttd.listeners", [ + {datatype, string} +]}. + {mapping, "listener.wss.$name.handshake_timeout", "emqttd.listeners", [ {default, "15s"}, {datatype, {duration, ms}} @@ -1165,6 +1177,23 @@ end}. {datatype, {enum, [true, false]}} ]}. +{mapping, "listener.wss.$name.secure_renegotiate", "emqttd.listeners", [ + {datatype, flag} +]}. + +{mapping, "listener.wss.$name.reuse_sessions", "emqttd.listeners", [ + {default, on}, + {datatype, flag} +]}. + +{mapping, "listener.wss.$name.honor_cipher_order", "emqttd.listeners", [ + {datatype, flag} +]}. + +{mapping, "listener.wss.$name.peer_cert_as_username", "emqttd.listeners", [ + {datatype, {enum, [cn, dn]}} +]}. + {translation, "emqttd.listeners", fun(Conf) -> Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, diff --git a/src/emqttd.app.src b/src/emqttd.app.src index e321b73f1..4ff79090a 100644 --- a/src/emqttd.app.src +++ b/src/emqttd.app.src @@ -1,6 +1,6 @@ {application,emqttd, [{description,"Erlang MQTT Broker"}, - {vsn,"2.3.2"}, + {vsn,"2.3.3"}, {modules,[]}, {registered,[emqttd_sup]}, {applications,[kernel,stdlib,gproc,lager,esockd,mochiweb, diff --git a/src/emqttd_bridge.erl b/src/emqttd_bridge.erl index 49b5a95d0..6c20290bd 100644 --- a/src/emqttd_bridge.erl +++ b/src/emqttd_bridge.erl @@ -92,7 +92,7 @@ parse_opts([{topic_prefix, Prefix} | Opts], State) -> parse_opts([{max_queue_len, Len} | Opts], State) -> parse_opts(Opts, State#state{max_queue_len = Len}); parse_opts([{ping_down_interval, Interval} | Opts], State) -> - parse_opts(Opts, State#state{ping_down_interval = Interval*1000}); + parse_opts(Opts, State#state{ping_down_interval = Interval}); parse_opts([_Opt | Opts], State) -> parse_opts(Opts, State). diff --git a/src/emqttd_broker.erl b/src/emqttd_broker.erl index 0161720f2..9e78207ce 100644 --- a/src/emqttd_broker.erl +++ b/src/emqttd_broker.erl @@ -105,9 +105,9 @@ datetime() -> io_lib:format( "~4..0w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w", [Y, M, D, H, MM, S])). -%% @doc Start a tick timer +%% @doc Start a tick timer. start_tick(Msg) -> - start_tick(timer:seconds(emqttd:env(broker_sys_interval, 60)), Msg). + start_tick(emqttd:env(broker_sys_interval, 60000), Msg). start_tick(0, _Msg) -> undefined; diff --git a/src/emqttd_mgmt.erl b/src/emqttd_mgmt.erl index 01dd50b1e..1a608968e 100644 --- a/src/emqttd_mgmt.erl +++ b/src/emqttd_mgmt.erl @@ -45,7 +45,7 @@ -export([publish/1, subscribe/1, unsubscribe/1]). --export([kick_client/1, clean_acl_cache/2]). +-export([kick_client/1, kick_client/2, clean_acl_cache/2, clean_acl_cache/3]). -export([modify_config/2, modify_config/3, modify_config/4, get_configs/0, get_config/1, get_plugin_config/1, get_plugin_config/2, modify_plugin_config/2, modify_plugin_config/3]). diff --git a/src/emqttd_topic.erl b/src/emqttd_topic.erl index 458a41f7d..91cd0ff08 100644 --- a/src/emqttd_topic.erl +++ b/src/emqttd_topic.erl @@ -61,18 +61,18 @@ wildcard([_H|T]) -> -spec(match(Name, Filter) -> boolean() when Name :: topic() | words(), Filter :: topic() | words()). +match(<<$$, _/binary>>, <<$+, _/binary>>) -> + false; +match(<<$$, _/binary>>, <<$#, _/binary>>) -> + false; match(Name, Filter) when is_binary(Name) and is_binary(Filter) -> match(words(Name), words(Filter)); match([], []) -> true; match([H|T1], [H|T2]) -> match(T1, T2); -match([<<$$, _/binary>>|_], ['+'|_]) -> - false; match([_H|T1], ['+'|T2]) -> match(T1, T2); -match([<<$$, _/binary>>|_], ['#']) -> - false; match(_, ['#']) -> true; match([_H1|_], [_H2|_]) -> diff --git a/src/emqttd_ws.erl b/src/emqttd_ws.erl index 35a7f9852..798c4d69b 100644 --- a/src/emqttd_ws.erl +++ b/src/emqttd_ws.erl @@ -45,14 +45,22 @@ handle_request('GET', "/mqtt", Req) -> Proto = check_protocol_header(Req), case {is_websocket(Upgrade), Proto} of {true, "mqtt" ++ _Vsn} -> - {ok, ProtoEnv} = emqttd:env(protocol), - PacketSize = get_value(max_packet_size, ProtoEnv, ?MAX_PACKET_SIZE), - Parser = emqttd_parser:initial_state(PacketSize), - %% Upgrade WebSocket. - {ReentryWs, ReplyChannel} = mochiweb_websocket:upgrade_connection(Req, fun ?MODULE:ws_loop/3), - {ok, ClientPid} = emqttd_ws_client_sup:start_client(self(), Req, ReplyChannel), - ReentryWs(#wsocket_state{peername = Req:get(peername), parser = Parser, - max_packet_size = PacketSize, client_pid = ClientPid}); + case Req:get(peername) of + {ok, Peername} -> + {ok, ProtoEnv} = emqttd:env(protocol), + PacketSize = get_value(max_packet_size, ProtoEnv, ?MAX_PACKET_SIZE), + Parser = emqttd_parser:initial_state(PacketSize), + %% Upgrade WebSocket. + {ReentryWs, ReplyChannel} = mochiweb_websocket:upgrade_connection(Req, fun ?MODULE:ws_loop/3), + {ok, ClientPid} = emqttd_ws_client_sup:start_client(self(), Req, ReplyChannel), + ReentryWs(#wsocket_state{peername = Peername, + parser = Parser, + max_packet_size = PacketSize, + client_pid = ClientPid}); + {error, Reason} -> + lager:error("Get peername with error ~s", [Reason]), + Req:respond({400, [], <<"Bad Request">>}) + end; {false, _} -> lager:error("Not WebSocket: Upgrade = ~s", [Upgrade]), Req:respond({400, [], <<"Bad Request">>}); diff --git a/test/emqttd_topic_SUITE.erl b/test/emqttd_topic_SUITE.erl index b1ea4d8ed..9ec7736bd 100644 --- a/test/emqttd_topic_SUITE.erl +++ b/test/emqttd_topic_SUITE.erl @@ -73,10 +73,10 @@ t_match2(_) -> t_match3(_) -> true = match(<<"device/60019423a83c/fw">>, <<"device/60019423a83c/#">>), - false = match(<<"device/60019423a83c/$fw">>, <<"device/60019423a83c/#">>), + true = match(<<"device/60019423a83c/$fw">>, <<"device/60019423a83c/#">>), true = match(<<"device/60019423a83c/$fw/fw">>, <<"device/60019423a83c/$fw/#">>), true = match(<<"device/60019423a83c/fw/checksum">>, <<"device/60019423a83c/#">>), - false = match(<<"device/60019423a83c/$fw/checksum">>, <<"device/60019423a83c/#">>), + true = match(<<"device/60019423a83c/$fw/checksum">>, <<"device/60019423a83c/#">>), true = match(<<"device/60019423a83c/dust/type">>, <<"device/60019423a83c/#">>). t_sigle_level_match(_) -> @@ -86,7 +86,9 @@ t_sigle_level_match(_) -> true = match(<<"sport/">>, <<"sport/+">>), true = match(<<"/finance">>, <<"+/+">>), true = match(<<"/finance">>, <<"/+">>), - false = match(<<"/finance">>, <<"+">>). + false = match(<<"/finance">>, <<"+">>), + true = match(<<"/devices/$dev1">>, <<"/devices/+">>), + true = match(<<"/devices/$dev1/online">>, <<"/devices/+/online">>). t_sys_match(_) -> true = match(<<"$SYS/broker/clients/testclient">>, <<"$SYS/#">>), @@ -95,9 +97,11 @@ t_sys_match(_) -> false = match(<<"$SYS/broker">>, <<"#">>). 't_#_match'(_) -> - true = match(<<"a/b/c">>, <<"#">>), - true = match(<<"a/b/c">>, <<"+/#">>), - false = match(<<"$SYS/brokers">>, <<"#">>). + true = match(<<"a/b/c">>, <<"#">>), + true = match(<<"a/b/c">>, <<"+/#">>), + false = match(<<"$SYS/brokers">>, <<"#">>), + true = match(<<"a/b/$c">>, <<"a/b/#">>), + true = match(<<"a/b/$c">>, <<"a/#">>). t_match_perf(_) -> true = match(<<"a/b/ccc">>, <<"a/#">>),