diff --git a/etc/emq.conf b/etc/emq.conf index ef16ecc6b..4d37515aa 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -29,9 +29,10 @@ cluster.discovery = manual ## Default: on cluster.autoheal = on -## AutoClean down node after this duration. +## Autoclean down node. A down node will be removed from the cluster +## if this value > 0. ## -## Value: time duration with units +## Value: Duration ## -h: hour, e.g. '2h' for 2 hours ## -m: minute, e.g. '5m' for 5 minutes ## -s: second, e.g. '30s' for 30 seconds @@ -70,8 +71,6 @@ cluster.autoclean = 5m ## Multicast Ttl. ## ## Value: 0-255 -## -## Default: 255 ## cluster.mcast.ttl = 255 ## Multicast loop. @@ -101,7 +100,7 @@ cluster.autoclean = 5m ## cluster.etcd.server = http://127.0.0.1:2379 ## The prefix helps build nodes path in etcd. Each node in the cluster -## will create a path in etcd: v2/keys/{prefix}/{cluster.name}/{node.name} +## will create a path in etcd: v2/keys/// ## ## Value: String ## cluster.etcd.prefix = emqcl @@ -121,7 +120,7 @@ cluster.autoclean = 5m ## Value: String ## cluster.k8s.apiserver = http://10.110.111.204:8080 -## The service name helps build node name: {service_name}@{ip} +## The service name helps lookup EMQ nodes in the cluster. ## ## Value: String ## cluster.k8s.service_name = emq @@ -142,7 +141,9 @@ cluster.autoclean = 5m ## Node name. ## -## Value: {name}@{host} +## See: http://erlang.org/doc/reference_manual/distributed.html +## +## Value: @ ## ## Default: emq@127.0.0.1 node.name = emq@127.0.0.1 @@ -159,14 +160,13 @@ node.smp = auto ## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable ## heartbeat, or set the value as 'on' -## or the line comment. ## ## Value: on ## ## vm.args: -heart ## node.heartbeat = on -## Enable Kernel Poll. +## Enable kernel poll. ## ## Value: on | off ## @@ -174,7 +174,8 @@ node.smp = auto node.kernel_poll = on ## Sets the number of threads in async thread pool. Valid range is 0-1024. -## More information at: http://erlang.org/doc/man/erl.html +## +## See: http://erlang.org/doc/man/erl.html ## ## Value: 0-1024 ## @@ -183,7 +184,8 @@ node.async_threads = 32 ## Sets the maximum number of simultaneously existing processes for this ## system if a Number is passed as value. -## More information at: http://erlang.org/doc/man/erl.html +## +## See: http://erlang.org/doc/man/erl.html ## ## Value: Number [1024-134217727] ## @@ -192,7 +194,8 @@ node.process_limit = 256000 ## Sets the maximum number of simultaneously existing ports for this system ## if a Number is passed as value. -## More information at: http://erlang.org/doc/man/erl.html +## +## See: http://erlang.org/doc/man/erl.html ## ## Value: Number [1024-134217727] ## @@ -200,15 +203,16 @@ node.process_limit = 256000 node.max_ports = 65536 ## Set the distribution buffer busy limit (dist_buf_busy_limit). -## More information at: http://erlang.org/doc/man/erl.html +## +## See: http://erlang.org/doc/man/erl.html ## ## Value: Number [1KB-2GB] ## ## vm.args: +zdbbl size -node.dist_buffer_size = 16MB +node.dist_buffer_size = 8MB -## Sets the maximum number of ETS tables. Note that mnesia and SSL -## will create temporary ETS tables. +## Sets the maximum number of ETS tables. Note that mnesia and SSL will +## create temporary ETS tables. ## ## Value: Number ## @@ -227,11 +231,11 @@ node.fullsweep_after = 1000 ## Value: Log file node.crash_dump = {{ platform_log_dir }}/crash.dump -## Specifies the net_kernel tick time. TickTime is specified in seconds. +## Sets the net_kernel tick time. TickTime is specified in seconds. ## Notice that all communicating nodes are to have the same TickTime ## value specified. ## -## More information at: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime +## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime ## ## Value: Number ## @@ -239,10 +243,10 @@ node.crash_dump = {{ platform_log_dir }}/crash.dump node.dist_net_ticktime = 60 ## Sets the port range for the listener socket of a distributed Erlang node. -## Note that if there is a firewall between clustered nodes, this port segment +## Note that if there are firewalls between clustered nodes, this port segment ## for nodes’ communication should be allowed. ## -## More information at: http://www.erlang.org/doc/man/kernel_app.html +## See: http://www.erlang.org/doc/man/kernel_app.html ## ## Value: Port [1024-65535] node.dist_listen_min = 6369 @@ -273,7 +277,7 @@ log.console = console ## Default: error log.console.level = error -## The file where console logs will be writed to, when 'log.console' is set to 'file'. +## The file where console logs will be writed to, when 'log.console' is set as 'file'. ## ## Value: File Name ## log.console.file = {{ platform_log_dir }}/console.log @@ -328,12 +332,12 @@ log.crash = on ## Value: File Name log.crash.file = {{ platform_log_dir }}/crash.log -## Enable Syslog. +## Enable syslog. ## ## Values: on | off log.syslog = on -## The severity level for syslog. +## Sets the severity level for syslog. ## ## Value: debug | info | notice | warning | error | critical | alert | emergency log.syslog.level = error @@ -343,7 +347,8 @@ log.syslog.level = error ##-------------------------------------------------------------------- ## Allow Anonymous Authentication. -## !!! Notice: Should disable the config for production deployment. +## +## Notice: Disable the option for production deployment. ## ## Value: true | false mqtt.allow_anonymous = true @@ -358,7 +363,7 @@ mqtt.acl_nomatch = allow ## Value: File Name mqtt.acl_file = {{ platform_etc_dir }}/acl.conf -## Cache ACL for PUBLISH Messages. +## Whether to cache ACL for publish messages. ## ## Value: true | false mqtt.cache_acl = true @@ -367,7 +372,7 @@ mqtt.cache_acl = true ## MQTT Protocol ##-------------------------------------------------------------------- -## Maximum MQTT clientId length allowed. +## Maximum length of MQTT clientId allowed. ## ## Value: Number [23-65535] mqtt.max_clientid_len = 1024 @@ -380,13 +385,13 @@ mqtt.max_clientid_len = 1024 mqtt.max_packet_size = 64KB ## Check if the websocket protocol header is valid. -## Turn off the config when developing WeChat App. +## Turn off the option when developing WeChat App. ## ## Value: on | off mqtt.websocket_protocol_header = on ## The backoff for MQTT keepalive timeout. -## The broker will kick a MQTT connection out until 'Keepalive * backoff * 2' timeout. +## EMQ will kick a MQTT connection out until 'Keepalive * backoff * 2' timeout. ## ## Value: Float > 0.5 mqtt.keepalive_backoff = 0.75 @@ -395,7 +400,7 @@ mqtt.keepalive_backoff = 0.75 ## MQTT Connection ##-------------------------------------------------------------------- -## Force GC the MQTT connection. Value 0 will disable the Force GC. +## Force GC the MQTT connections. Value 0 will disable the Force GC. ## ## Value: Number >= 0 mqtt.conn.force_gc_count = 100 @@ -409,8 +414,7 @@ mqtt.conn.force_gc_count = 100 ## Value: Duration mqtt.client.idle_timeout = 30s -## Maximum publish rate of MQTT messages per second. -## TODO: R2.4 release +## TODO: Maximum publish rate of MQTT messages per second. ## ## Value: Number ## mqtt.client.max_publish_rate = 5 @@ -439,7 +443,7 @@ mqtt.session.upgrade_qos = off ## Value: Number mqtt.session.max_inflight = 32 -## Retry interval for QoS1/2 message redelivering. +## Retry interval for QoS1/2 message delivering. ## ## Value: Duration mqtt.session.retry_interval = 20s @@ -470,7 +474,7 @@ mqtt.session.enable_stats = on ## Default: 2h, 2 hours mqtt.session.expiry_interval = 2h -## Ignore loop delivery of messages. +## Whether to ignore loop delivery of messages. ## ## Value: true | false ## @@ -481,12 +485,12 @@ mqtt.session.ignore_loop_deliver = false ## MQTT Message Queue ##-------------------------------------------------------------------- -## Message Queue Type. +## Message queue type. ## ## Value: simple | priority mqtt.mqueue.type = simple -## Topic Priority. Default is 0. +## Topic priority. Default is 0. ## ## Value: Number [0-255] ## @@ -508,7 +512,7 @@ mqtt.mqueue.low_watermark = 20% ## Value: Percent mqtt.mqueue.high_watermark = 60% -## Queue Qos0 messages? +## Whether to enqueue Qos0 messages. ## ## Value: false | true mqtt.mqueue.store_qos0 = true @@ -517,19 +521,19 @@ mqtt.mqueue.store_qos0 = true ## MQTT Broker and PubSub ##-------------------------------------------------------------------- -## System Interval of publishing $SYS Messages. +## System interval of publishing $SYS messages. ## ## Value: Duration ## ## Default: 1m, 1 minute mqtt.broker.sys_interval = 1m -## The PubSub pool size. Default value should be scheduler numbers. +## The PubSub pool size. Default value should be same as scheduler numbers. ## ## Value: Number > 1 mqtt.pubsub.pool_size = 8 -## TODO: Subscribe Asynchronously. +## TODO: Subscribe asynchronously. ## ## Value: true | false mqtt.pubsub.async = true @@ -609,15 +613,18 @@ listener.tcp.external.max_clients = 102400 ## listener.tcp.external.rate_limit = 100,10 ## The access control rules for the MQTT/TCP listener. -## More information at: https://github.com/emqtt/esockd#allowdeny +## +## See: https://github.com/emqtt/esockd#allowdeny ## ## Value: ACL Rule -## listener.tcp.external.access.1 = allow 192.168.0.0/24 -listener.tcp.external.access.2 = allow all +## +## Example: allow 192.168.0.0/24 +listener.tcp.external.access.1 = allow all -## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind -## HAProxy or Nginx. -## More information at: https://www.haproxy.com/blog/haproxy/proxy-protocol/ +## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed +## behind HAProxy or Nginx. +## +## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/ ## ## Value: on | off ## listener.tcp.external.proxy_protocol = on @@ -635,8 +642,6 @@ listener.tcp.external.access.2 = allow all ## Value: cn ## listener.tcp.external.peer_cert_as_username = cn -## TCP socket options for the MQTT listener. - ## The TCP backlog defines the maximum length that the queue of pending ## connections can grow to. ## @@ -654,13 +659,15 @@ listener.tcp.external.send_timeout = 15s listener.tcp.external.send_timeout_close = on ## The TCP receive buffer(os kernel) for MQTT connections. -## More information at: http://erlang.org/doc/man/inet.html +## +## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes ## listener.tcp.external.recbuf = 4KB ## The TCP send buffer(os kernel) for MQTT connections. -## More information at: http://erlang.org/doc/man/inet.html +## +## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes ## listener.tcp.external.sndbuf = 4KB @@ -671,7 +678,8 @@ listener.tcp.external.send_timeout_close = on ## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because ## of unnecessary copying. val(buffer) is automatically set to the above ## maximum when values sndbuf or recbuf are set. -## More information at: http://erlang.org/doc/man/inet.html +## +## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes ## listener.tcp.external.buffer = 4KB @@ -690,8 +698,8 @@ listener.tcp.external.nodelay = true ##-------------------------------------------------------------------- ## Internal TCP Listener for MQTT Protocol -## The IP address and port that the internal MQTT/TCP protocol listener will -## bind. +## The IP address and port that the internal MQTT/TCP protocol listener +## will bind. ## ## Value: IP:Port, Port ## @@ -713,61 +721,73 @@ listener.tcp.internal.max_clients = 102400 ## Value: String ## listener.tcp.internal.zone = internal -## Mountpoint of the MQTT/TCP Listener. All the topics will -## be prefixed with the mount point if this option is enabled. +## Mountpoint of the MQTT/TCP Listener. +## +## See: listener.tcp..mountpoint ## ## Value: String -## listener.tcp.external.mountpoint = internal/ +## listener.tcp.internal.mountpoint = internal/ ## Rate limit for the internal MQTT/TCP connections. -## Format is 'burst,rate'. +## +## See: listener.tcp..rate_limit ## ## Value: burst,rate -## Unit: KB/sec ## listener.tcp.internal.rate_limit = 1000,100 -## The TCP backlog defines the maximum length that the queue of -## pending connections can grow to. +## The TCP backlog of internal MQTT/TCP Listener. +## +## See: listener.tcp..backlog ## ## Value: Number >= 0 listener.tcp.internal.backlog = 512 ## The TCP send timeout for internal MQTT connections. ## +## See: listener.tcp..send_timeout +## ## Value: Duration listener.tcp.internal.send_timeout = 5s ## Close the MQTT/TCP connection if send timeout. ## +## See: listener.tcp..send_timeout_close +## ## Value: on | off listener.tcp.external.send_timeout_close = on -## The TCP receive buffer(os kernel) for MQTT connections. -## More information at: http://erlang.org/doc/man/inet.html +## The TCP receive buffer(os kernel) for internal MQTT connections. +## +## See: listener.tcp..recbuf ## ## Value: Bytes listener.tcp.internal.recbuf = 16KB -## The TCP send buffer(os kernel) for MQTT connections. -## More information at: http://erlang.org/doc/man/inet.html +## The TCP send buffer(os kernel) for internal MQTT connections. +## +## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes listener.tcp.internal.sndbuf = 16KB ## The size of the user-level software buffer used by the driver. -## See: listener.tcp.external.buffer +## +## See: listener.tcp..buffer ## ## Value: Bytes listener.tcp.internal.buffer = 16KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## +## See: listener.tcp..tune_buffer +## ## Value: on | off listener.tcp.internal.tune_buffer = on -## The TCP_NODELAY flag for MQTT connections. -## See: listener.tcp.external.nodelay -# +## The TCP_NODELAY flag for internal MQTT connections. +## +## See: listener.tcp..nodelay +## ## Value: true | false listener.tcp.internal.nodelay = false @@ -797,43 +817,43 @@ listener.ssl.external.max_clients = 1024 ## Value: String ## listener.ssl.external.zone = external -## Mountpoint of the MQTT/SSL Listener. All the topics of this -## listener will be prefixed with the mount point if this option -## is enabled. +## Mountpoint of the MQTT/SSL Listener. ## ## Value: String ## listener.ssl.external.mountpoint = inbound/ -## Rate limit for the external MQTT/SSL connections. -## Format is 'burst,rate'. -## -## Value: burst,rate -## Unit: KB/sec -## listener.ssl.external.rate_limit = 100,10 - -## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind -## HAProxy or Nginx. -## More information at: https://www.haproxy.com/blog/haproxy/proxy-protocol/ -## -## Value: on | off -## listener.ssl.external.proxy_protocol = on - -## Sets the timeout for proxy protocol. EMQ will close the TCP connection -## if no proxy protocol packet recevied within the timeout. -## -## Value: Duration -## listener.ssl.external.proxy_protocol_timeout = 3s - ## The access control rules for the MQTT/SSL listener. -## More information at: https://github.com/emqtt/esockd#allowdeny +## +## See: listener.tcp..access ## ## Value: ACL Rule listener.ssl.external.access.1 = allow all -## TLS versions only to protect from POODLE attack. -## See http://erlang.org/doc/man/ssl.html +## Rate limit for the external MQTT/SSL connections. ## -## Value: String +## Value: burst,rate +## listener.ssl.external.rate_limit = 100,10 + +## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind +## HAProxy or Nginx. +## +## See: listener.tcp..proxy_protocol +## +## Value: on | off +## listener.ssl.external.proxy_protocol = on + +## Sets the timeout for proxy protocol. +## +## See: listener.tcp..proxy_protocol_timeout +## +## Value: Duration +## listener.ssl.external.proxy_protocol_timeout = 3s + +## TLS versions only to protect from POODLE attack. +## +## See: http://erlang.org/doc/man/ssl.html +## +## Value: String, seperated by ',' ## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 ## TLS Handshake timeout. @@ -842,17 +862,20 @@ listener.ssl.external.access.1 = allow all listener.ssl.external.handshake_timeout = 15s ## Path to the file containing the user's private PEM-encoded key. -## More information at: http://erlang.org/doc/man/ssl.html +## +## See: http://erlang.org/doc/man/ssl.html ## ## Value: File listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem ## Path to a file containing the user certificate. ## +## See: http://erlang.org/doc/man/ssl.html +## ## Value: File listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem -## Path to a file containing PEM-encoded CA certificates. The CA certificates +## Path to the file containing PEM-encoded CA certificates. The CA certificates ## are used during server authentication and when building the client certificate chain. ## ## Value: File @@ -891,14 +914,17 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Value: true | false ## listener.ssl.external.fail_if_no_peer_cert = true -## This is the single most important configuration option of an Erlang SSL application. -## Ciphers (and their ordering) define the way the client and server encrypt information -## over the wire, from the initial Diffie-Helman key exchange, the session key encryption -## algorithm and the message digest algorithm. Selecting a good cipher suite is critical -## for the application’s data security, confidentiality and performance. +## This is the single most important configuration option of an Erlang SSL +## application. Ciphers (and their ordering) define the way the client and +## server encrypt information over the wire, from the initial Diffie-Helman +## key exchange, the session key encryption ## algorithm and the message +## digest algorithm. Selecting a good cipher suite is critical for the +## application’s data security, confidentiality and performance. +## ## The cipher list above offers: ## -## A good balance between compatibility with older browsers. It can get stricter for Machine-To-Machine scenarios. +## A good balance between compatibility with older browsers. +## It can get stricter for Machine-To-Machine scenarios. ## Perfect Forward Secrecy. ## No old/insecure encryption and HMAC algorithms ## @@ -907,8 +933,8 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Value: Ciphers ## listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA -## SSL parameter renegotiation is a feature that allows a client and -## a server to renegotiate the parameters of the SSL connection on the fly. +## SSL parameter renegotiation is a feature that allows a client and a server +## to renegotiate the parameters of the SSL connection on the fly. ## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, ## you drop support for the insecure renegotiation, prone to MitM attacks. ## @@ -918,7 +944,8 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## A performance optimization setting, it allows clients to reuse ## pre-existing sessions, instead of initializing new ones. ## Read more about it here. -## More information at: http://erlang.org/doc/man/ssl.html +## +## See: http://erlang.org/doc/man/ssl.html ## ## Value: on | off ## listener.ssl.external.reuse_sessions = on @@ -938,38 +965,57 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## listener.ssl.external.peer_cert_as_username = cn ## TCP backlog for the SSL connection. -## See 'listener.tcp.external.backlog' +## +## See listener.tcp..backlog ## ## Value: Number >= 0 ## listener.ssl.external.backlog = 1024 ## The TCP send timeout for the SSL connection. -## See 'listener.tcp.external.send_timeout' +## +## See listener.tcp..send_timeout ## ## Value: Duration ## listener.ssl.external.send_timeout = 15s -## See 'listener.tcp.external.send_timeout_close' +## Close the SSL connection if send timeout. +## +## See: listener.tcp..send_timeout_close ## ## Value: on | off ## listener.ssl.external.send_timeout_close = on -## See 'listener.tcp.external.recbuf' +## The TCP receive buffer(os kernel) for the SSL connections. +## +## See: listener.tcp..recbuf ## ## Value: Bytes ## listener.ssl.external.recbuf = 4KB -## See 'listener.tcp.external.sndbuf' +## The TCP send buffer(os kernel) for internal MQTT connections. +## +## See: listener.tcp..sndbuf ## ## Value: Bytes ## listener.ssl.external.sndbuf = 4KB -## See 'listener.tcp.external.buffer' +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer ## ## Value: Bytes ## listener.ssl.external.buffer = 4KB -## See 'listener.tcp.external.nodelay' +## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. +## +## See: listener.tcp..tune_buffer +## +## Value: on | off +## listener.ssl.external.tune_buffer = on + +## The TCP_NODELAY flag for SSL connections. +## +## See: listener.tcp..nodelay ## ## Value: true | false ## listener.ssl.external.nodelay = true @@ -993,21 +1039,23 @@ listener.ws.external.acceptors = 4 ## Maximum number of concurrent MQTT/Websocket connections. ## ## Value: Number -listener.ws.external.max_clients = 64 +listener.ws.external.max_clients = 102400 ## TODO: Zone of the external MQTT/Websocket listener belonged to. ## ## Value: String ## listener.ws.external.zone = external -## Mountpoint of the MQTT/Websocket Listener. All the topics of -## this listener will be prefixed with the mount point if this -## option is enabled. +## Mountpoint of the MQTT/Websocket Listener. +## +## See: listener.tcp..mountpoint ## ## Value: String ## listener.ws.external.mountpoint = external/ -## The access control rules for the MQTT/Websocket listener. +## The access control for the MQTT/Websocket listener. +## +## See: listener.tcp..access ## ## Value: ACL Rule listener.ws.external.access.1 = allow all @@ -1015,43 +1063,70 @@ listener.ws.external.access.1 = allow all ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind ## HAProxy or Nginx. ## +## See: listener.tcp..proxy_protocol +## ## Value: on | off ## listener.ws.external.proxy_protocol = on -## See 'listener.tcp.external.proxy_protocol_timeout' +## Sets the timeout for proxy protocol. +## +## See: listener.tcp..proxy_protocol_timeout ## ## Value: Duration ## listener.ws.external.proxy_protocol_timeout = 3s -## TCP Options +## The TCP backlog of external MQTT/Websocket Listener. +## +## See: listener.tcp..backlog +## +## Value: Number >= 0 listener.ws.external.backlog = 1024 -## See 'listener.tcp.external.send_timeout' +## The TCP send timeout for external MQTT/Websocket connections. +## +## See: listener.tcp..send_timeout ## ## Value: Duration listener.ws.external.send_timeout = 15s -## See 'listener.tcp.external.send_timeout_close' +## Close the MQTT/Websocket connection if send timeout. +## +## See: listener.tcp..send_timeout_close ## ## Value: on | off listener.ws.external.send_timeout_close = on -## See 'listener.tcp.external.recbuf' +## The TCP receive buffer(os kernel) for external MQTT/Websocket connections. +## +## See: listener.tcp..recbuf ## ## Value: Bytes ## listener.ws.external.recbuf = 4KB -## See 'listener.tcp.external.sndbuf' +## The TCP send buffer(os kernel) for external MQTT/Websocket connections. +## +## See 'listener.tcp..sndbuf' ## ## Value: Bytes ## listener.ws.external.sndbuf = 4KB -## See 'listener.tcp.external.buffer' +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer ## ## Value: Bytes ## listener.ws.external.buffer = 4KB -## See 'listener.tcp.external.nodelay' +## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. +## +## See: listener.tcp..tune_buffer +## +## Value: on | off +listener.ws.external.tune_buffer = on + +## The TCP_NODELAY flag for external MQTT/Websocket connections. +## +## See: listener.tcp..nodelay ## ## Value: true | false listener.ws.external.nodelay = true @@ -1082,64 +1157,149 @@ listener.wss.external.max_clients = 64 ## Value: String ## listener.wss.external.zone = external -## See 'listener.ssl.external.mountpoint' +## Mountpoint of the MQTT/Websocket/SSL Listener. +## +## See 'listener.tcp..mountpoint' ## ## Value: String ## listener.wss.external.mountpoint = inbound/ -## See 'listener.ssl.external.acess.1' +## The access control rules for the MQTT/Websocket/SSL listener. +## +## See: listener.tcp..access. ## ## Value: ACL Rule listener.wss.external.access.1 = allow all -## See 'listener.ssl.external.proxy_protocol' +## Enable the Proxy Protocol V1/2 support. +## +## See: listener.tcp..proxy_protocol ## ## Value: on | off ## listener.wss.external.proxy_protocol = on -## See 'listener.ssl.external.proxy_protocol_timeout' +## Sets the timeout for proxy protocol. +## +## See: listener.tcp..proxy_protocol_timeout ## ## Value: Duration ## listener.wss.external.proxy_protocol_timeout = 3s -## SSL Options. Same to 'listener.ssl.*' +## TLS Handshake timeout. +## +## See: listener.ssl..handshake_timeout +## +## Value: Duration listener.wss.external.handshake_timeout = 15s +## Path to the file containing the user's private PEM-encoded key. +## +## See: listener.ssl..keyfile +## +## Value: File listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem +## Path to a file containing the user certificate. +## +## See: listener.ssl..certfile +## +## Value: File listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem +## Path to the file containing PEM-encoded CA certificates. +## +## See: listener.ssl..cacert +## +## Value: File ## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +## See: listener.ssl..dhfile +## +## Value: File ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem +## See: listener.ssl..vefify +## +## Value: vefify_peer | verify_none ## listener.wss.external.verify = verify_peer +## See: listener.ssl..fail_if_no_peer_cert +## +## Value: false | true ## listener.wss.external.fail_if_no_peer_cert = true +## See: listener.ssl..ciphers +## +## Value: Ciphers ## listener.wss.external.ciphers = +## See: listener.ssl..secure_renegotiate +## +## Value: on | off ## listener.wss.external.secure_renegotiate = off +## See: listener.ssl..reuse_sessions +## +## Value: on | off ## listener.wss.external.reuse_sessions = on +## See: listener.ssl..honor_cipher_order +## +## Value: on | off ## listener.wss.external.honor_cipher_order = on +## See: listener.ssl..peer_cert_as_username +## +## Value: cn | dn ## listener.wss.external.peer_cert_as_username = cn -## TCP Options. Same to 'listener.tcp.*' +## TCP backlog for the Websocket/SSL connection. +## +## See 'listener.tcp..backlog' +## +## Value: Number >= 0 listener.wss.external.backlog = 1024 +## The TCP send timeout for the Websocket/SSL connection. +## +## See 'listener.tcp..send_timeout' +## +## Value: Duration listener.wss.external.send_timeout = 15s +## Close the Websocket/SSL connection if send timeout. +## +## See: listener.tcp..send_timeout_close +## +## Value: on | off listener.wss.external.send_timeout_close = on +## The TCP receive buffer(os kernel) for the Websocket/SSL connections. +## +## See: listener.tcp..recbuf +## +## Value: Bytes ## listener.wss.external.recbuf = 4KB +## The TCP send buffer(os kernel) for the Websocket/SSL connections. +## +## See: listener.tcp..sndbuf +## +## Value: Bytes ## listener.wss.external.sndbuf = 4KB +## The size of the user-level software buffer used by the driver. +## +## See: listener.tcp..buffer +## +## Value: Bytes ## listener.wss.external.buffer = 4KB +## The TCP_NODELAY flag for Websocket/SSL connections. +## +## See: listener.tcp..nodelay +## +## Value: true | false ## listener.wss.external.nodelay = true ##-------------------------------------------------------------------- @@ -1163,18 +1323,18 @@ listener.api.mgmt.acceptors = 4 listener.api.mgmt.max_clients = 64 ## The access control rules for the listener. -## More information at: https://github.com/emqtt/esockd#allowdeny +## +## See: https://github.com/emqtt/esockd#allowdeny ## ## Value: ACL Rule listener.api.mgmt.access.1 = allow all -## The TCP backlog defines the maximum length that the queue of pending -## connections can grow to. +## The TCP backlog for HTTP API. ## ## Value: Number >= 0 listener.api.mgmt.backlog = 512 -## The TCP send timeout. +## The TCP send timeout for HTTP API. ## ## Value: Duration listener.api.mgmt.send_timeout = 15s @@ -1196,13 +1356,15 @@ listener.api.mgmt.send_timeout_close = on sysmon.long_gc = false ## Enable Long Schedule(ms) monitoring. -## More information at: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 ## ## Value: Number sysmon.long_schedule = 240 ## Enable Large Heap monitoring. -## More information at: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 ## ## Value: bytes ## @@ -1210,13 +1372,15 @@ sysmon.long_schedule = 240 sysmon.large_heap = 8MB ## Enable Busy Port monitoring. -## More information at: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 ## ## Value: true | false sysmon.busy_port = false ## Enable Busy Dist Port monitoring. -## More information at: http://erlang.org/doc/man/erlang.html#system_monitor-2 +## +## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 ## ## Value: true | false sysmon.busy_dist_port = true