yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(quic): remove unsupported configs.

This commit is contained in:
William Yang 2021-06-15 09:23:11 +02:00
parent af2faed107
commit e34470f9f2
1 changed files with 60 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
apps/emqx/etc/emqx.conf
View File

@ -2184,43 +2184,21 @@ listener.quic.external.max_connections = 16
## Value: Number ## Value: Number
listener.quic.external.max_conn_rate = 1000 listener.quic.external.max_conn_rate = 1000
# ## Simulate the {active, N} option for the MQTT/QUIC connections. ## Simulate the {active, N} option for the MQTT/QUIC connections.
# ## ## @todo
# ## Value: Number ## Value: Number
# listener.quic.external.active_n = 100 ## listener.quic.external.active_n = 100
## Zone of the external MQTT/QUIC listener belonged to. ## Zone of the external MQTT/QUIC listener belonged to.
## ##
## Value: String ## Value: String
listener.quic.external.zone = external listener.quic.external.zone = external
# ## The access control rules for the MQTT/QUIC listener. ## Path to the file containing the user's private PEM-encoded key.
# ## ##
# ## See: listener.tcp.$name.access.<no> ## See: listener.ssl.$name.keyfile
# ## ##
# ## Value: ACL Rule ## Value: File
# listener.quic.external.access.1 = "allow all"
# ## Sets the timeout for proxy protocol.
# ##
# ## See: listener.tcp.$name.proxy_protocol_timeout
# ##
# ## Value: Duration
# ## listener.quic.external.proxy_protocol_timeout = 3s
# ## TLS versions only to protect from POODLE attack.
# ##
# ## See: listener.ssl.$name.tls_versions
# ##
# ## Value: String, seperated by ','
# ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
# ## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
# ## Path to the file containing the user's private PEM-encoded key.
# ##
# ## See: listener.ssl.$name.keyfile
# ##
# ## Value: File
listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem" listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Path to a file containing the user certificate. ## Path to a file containing the user certificate.
@ -2230,214 +2208,94 @@ listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Value: File ## Value: File
listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem" listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
# ## Path to the file containing PEM-encoded CA certificates. ## Path to the file containing PEM-encoded CA certificates.
# ## ## @todo
# ## See: listener.ssl.$name.cacert ## See: listener.ssl.$name.cacert
# ## ##
# ## Value: File ## Value: File
# ## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem ## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
# ## Maximum number of non-self-issued intermediate certificates that ## String containing the user's password. Only used if the private keyfile
# ## can follow the peer certificate in a valid certification path. ## is password-protected.
# ## ## @todo
# ## See: listener.ssl.external.depth ## See: listener.ssl.$name.key_password
# ## ##
# ## Value: Number ## Value: String
# ## listener.quic.external.depth = 10 ## listener.quic.external.key_password = yourpass
# ## String containing the user's password. Only used if the private keyfile ## See: listener.ssl.$name.verify
# ## is password-protected. ## @todo
# ## ## Value: verify_peer | verify_none
# ## See: listener.ssl.$name.key_password ## listener.quic.external.verify = verify_peer
# ##
# ## Value: String
# ## listener.quic.external.key_password = yourpass
# ## See: listener.ssl.$name.dhfile ## See: listener.ssl.$name.fail_if_no_peer_cert
# ## ## @todo
# ## Value: File ## Value: false | true
# ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem ## listener.quic.external.fail_if_no_peer_cert = true
# ## See: listener.ssl.$name.verify ## See: listener.ssl.$name.ciphers
# ## ## @todo
# ## Value: verify_peer | verify_none ## Value: Ciphers
# ## listener.quic.external.verify = verify_peer listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
# ## See: listener.ssl.$name.fail_if_no_peer_cert ## Ciphers for TLS PSK.
# ## ## @todo
# ## Value: false | true ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
# ## listener.quic.external.fail_if_no_peer_cert = true ## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
# ## See: listener.ssl.$name.ciphers ## See: listener.ssl.$name.honor_cipher_order
# ## ## @todo
# ## Value: Ciphers ## Value: on | off
listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## listener.quic.external.honor_cipher_order = on
# ## Ciphers for TLS PSK. ## The send timeout for the QUIC stream.
# ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot ## @todo
# ## be configured at the same time. ##
# ## See 'https://tools.ietf.org/html/rfc4279#section-2'. ## Value: Duration
# ## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
# ## See: listener.ssl.$name.secure_renegotiate
# ##
# ## Value: on | off
# ## listener.quic.external.secure_renegotiate = off
# ## See: listener.ssl.$name.reuse_sessions
# ##
# ## Value: on | off
# ## listener.quic.external.reuse_sessions = on
# ## See: listener.ssl.$name.honor_cipher_order
# ##
# ## Value: on | off
# ## listener.quic.external.honor_cipher_order = on
# ## See: listener.ssl.$name.peer_cert_as_username
# ##
# ## Value: cn | dn | crt | pem | md5
# ## listener.quic.external.peer_cert_as_username = cn
# ## See: listener.ssl.$name.peer_cert_as_clientid
# ##
# ## Value: cn | dn | crt | pem | md5
# ## listener.quic.external.peer_cert_as_clientid = cn
# ## TCP backlog for the QUIC connection.
# ##
# ## See: listener.tcp.$name.backlog
# ##
# ## Value: Number >= 0
# listener.quic.external.backlog = 1024
# ## The TCP send timeout for the QUIC connection.
# ##
# ## See: listener.tcp.$name.send_timeout
# ##
# ## Value: Duration
# listener.quic.external.send_timeout = 15s # listener.quic.external.send_timeout = 15s
# ## Close the QUIC connection if send timeout. ## Close the QUIC connection if send timeout.
# ## ## @todo
# ## See: listener.tcp.$name.send_timeout_close ## See: listener.tcp.$name.send_timeout_close
# ##
# ## Value: on | off
# listener.quic.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for the QUIC connections.
## ##
## Value: on | off
## listener.quic.external.send_timeout_close = on
## The receive buffer for the QUIC connections.
## @todo
## See: listener.tcp.$name.recbuf ## See: listener.tcp.$name.recbuf
## ##
## Value: Bytes ## Value: Bytes
## listener.quic.external.recbuf = 4KB ## listener.quic.external.recbuf = 4KB
## The TCP send buffer(os kernel) for the QUIC connections. ## The TCP send buffer(os kernel) for the QUIC connections.
## ## @todo
## See: listener.tcp.$name.sndbuf ## See: listener.tcp.$name.sndbuf
## ##
## Value: Bytes ## Value: Bytes
## listener.quic.external.sndbuf = 4KB ## listener.quic.external.sndbuf = 4KB
## The size of the user-level software buffer used by the driver. ## The size of the user-level software buffer used by the driver.
## ## @todo
## See: listener.tcp.$name.buffer ## See: listener.tcp.$name.buffer
## ##
## Value: Bytes ## Value: Bytes
## listener.quic.external.buffer = 4KB ## listener.quic.external.buffer = 4KB
## The TCP_NODELAY flag for QUIC connections.
##
## See: listener.tcp.$name.nodelay
##
## Value: true | false
## listener.quic.external.nodelay = true
## The compress flag for external QUIC connections.
##
## If this Value is set true,the websocket message would be compressed
##
## Value: true | false
## listener.quic.external.compress = true
## The level of deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.level
##
## Value: none | default | best_compression | best_speed
## listener.quic.external.deflate_opts.level = default
## The mem_level of deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.mem_level
##
## Valid range is 1-9
## listener.quic.external.deflate_opts.mem_level = 8
## The strategy of deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.strategy
##
## Value: default | filtered | huffman_only | rle
## listener.quic.external.deflate_opts.strategy = default
## The deflate option for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.server_context_takeover
##
## Value: takeover | no_takeover
## listener.quic.external.deflate_opts.server_context_takeover = takeover
## The deflate option for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.client_context_takeover
##
## Value: takeover | no_takeover
## listener.quic.external.deflate_opts.client_context_takeover = takeover
## The deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.server_max_window_bits
##
## Valid range is 8-15
## listener.quic.external.deflate_opts.server_max_window_bits = 15
## The deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.client_max_window_bits
##
## Valid range is 8-15
## listener.quic.external.deflate_opts.client_max_window_bits = 15
## The idle timeout for external QUIC connections. ## The idle timeout for external QUIC connections.
## ## @todo
## See: listener.quic.$name.idle_timeout ## See: listener.quic.$name.idle_timeout
## ##
## Value: Duration ## Value: Duration
## listener.quic.external.idle_timeout = 60s ## listener.quic.external.idle_timeout = 60s
## The max frame size for external QUIC connections. ## The max frame size for external QUIC connections.
## ## @todo
## Value: Number ## Value: Number
## listener.quic.external.max_frame_size = 0 ## listener.quic.external.max_frame_size = 0
## Whether a WebSocket message is allowed to contain multiple MQTT packets
##
## Value: single | multiple
#listener.quic.external.mqtt_piggyback = multiple
## Enable origin check in header for secure websocket connection
##
## Value: true | false (default false)
#listener.quic.external.check_origin_enable = false
## Allow origin to be absent in header in secure websocket connection when check_origin_enable is true
##
## Value: true | false (default true)
#listener.quic.external.allow_origin_absence = true
## Comma separated list of allowed origin in header for secure websocket connection
##
## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
#listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
## CONFIG_SECTION_END=listeners ================================================ ## CONFIG_SECTION_END=listeners ================================================
## CONFIG_SECTION_BGN=modules ================================================== ## CONFIG_SECTION_BGN=modules ==================================================