yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(quic): remove unsupported configs.

This commit is contained in:
William Yang 2021-06-15 09:23:11 +02:00
parent af2faed107
commit e34470f9f2
1 changed files with 60 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

262
apps/emqx/etc/emqx.conf
View File

@ -2184,43 +2184,21 @@ listener.quic.external.max_connections = 16
## Value: Number
listener.quic.external.max_conn_rate = 1000
# ## Simulate the {active, N} option for the MQTT/QUIC connections.
# ##
# ## Value: Number
# listener.quic.external.active_n = 100
## Simulate the {active, N} option for the MQTT/QUIC connections.
## @todo
## Value: Number
## listener.quic.external.active_n = 100
## Zone of the external MQTT/QUIC listener belonged to.
##
## Value: String
listener.quic.external.zone = external
# ## The access control rules for the MQTT/QUIC listener.
# ##
# ## See: listener.tcp.$name.access.<no>
# ##
# ## Value: ACL Rule
# listener.quic.external.access.1 = "allow all"
# ## Sets the timeout for proxy protocol.
# ##
# ## See: listener.tcp.$name.proxy_protocol_timeout
# ##
# ## Value: Duration
# ## listener.quic.external.proxy_protocol_timeout = 3s
# ## TLS versions only to protect from POODLE attack.
# ##
# ## See: listener.ssl.$name.tls_versions
# ##
# ## Value: String, seperated by ','
# ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
# ## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
# ## Path to the file containing the user's private PEM-encoded key.
# ##
# ## See: listener.ssl.$name.keyfile
# ##
# ## Value: File
## Path to the file containing the user's private PEM-encoded key.
##
## See: listener.ssl.$name.keyfile
##
## Value: File
listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Path to a file containing the user certificate.
@ -2230,214 +2208,94 @@ listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
## Value: File
listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
# ## Path to the file containing PEM-encoded CA certificates.
# ##
# ## See: listener.ssl.$name.cacert
# ##
# ## Value: File
# ## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## Path to the file containing PEM-encoded CA certificates.
## @todo
## See: listener.ssl.$name.cacert
##
## Value: File
## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
# ## Maximum number of non-self-issued intermediate certificates that
# ## can follow the peer certificate in a valid certification path.
# ##
# ## See: listener.ssl.external.depth
# ##
# ## Value: Number
# ## listener.quic.external.depth = 10
## String containing the user's password. Only used if the private keyfile
## is password-protected.
## @todo
## See: listener.ssl.$name.key_password
##
## Value: String
## listener.quic.external.key_password = yourpass
# ## String containing the user's password. Only used if the private keyfile
# ## is password-protected.
# ##
# ## See: listener.ssl.$name.key_password
# ##
# ## Value: String
# ## listener.quic.external.key_password = yourpass
## See: listener.ssl.$name.verify
## @todo
## Value: verify_peer | verify_none
## listener.quic.external.verify = verify_peer
# ## See: listener.ssl.$name.dhfile
# ##
# ## Value: File
# ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## See: listener.ssl.$name.fail_if_no_peer_cert
## @todo
## Value: false | true
## listener.quic.external.fail_if_no_peer_cert = true
# ## See: listener.ssl.$name.verify
# ##
# ## Value: verify_peer | verify_none
# ## listener.quic.external.verify = verify_peer
## See: listener.ssl.$name.ciphers
## @todo
## Value: Ciphers
listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
# ## See: listener.ssl.$name.fail_if_no_peer_cert
# ##
# ## Value: false | true
# ## listener.quic.external.fail_if_no_peer_cert = true
## Ciphers for TLS PSK.
## @todo
## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
# ## See: listener.ssl.$name.ciphers
# ##
# ## Value: Ciphers
listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
## See: listener.ssl.$name.honor_cipher_order
## @todo
## Value: on | off
## listener.quic.external.honor_cipher_order = on
# ## Ciphers for TLS PSK.
# ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
# ## be configured at the same time.
# ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
# ## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
# ## See: listener.ssl.$name.secure_renegotiate
# ##
# ## Value: on | off
# ## listener.quic.external.secure_renegotiate = off
# ## See: listener.ssl.$name.reuse_sessions
# ##
# ## Value: on | off
# ## listener.quic.external.reuse_sessions = on
# ## See: listener.ssl.$name.honor_cipher_order
# ##
# ## Value: on | off
# ## listener.quic.external.honor_cipher_order = on
# ## See: listener.ssl.$name.peer_cert_as_username
# ##
# ## Value: cn | dn | crt | pem | md5
# ## listener.quic.external.peer_cert_as_username = cn
# ## See: listener.ssl.$name.peer_cert_as_clientid
# ##
# ## Value: cn | dn | crt | pem | md5
# ## listener.quic.external.peer_cert_as_clientid = cn
# ## TCP backlog for the QUIC connection.
# ##
# ## See: listener.tcp.$name.backlog
# ##
# ## Value: Number >= 0
# listener.quic.external.backlog = 1024
# ## The TCP send timeout for the QUIC connection.
# ##
# ## See: listener.tcp.$name.send_timeout
# ##
# ## Value: Duration
## The send timeout for the QUIC stream.
## @todo
##
## Value: Duration
# listener.quic.external.send_timeout = 15s
# ## Close the QUIC connection if send timeout.
# ##
# ## See: listener.tcp.$name.send_timeout_close
# ##
# ## Value: on | off
# listener.quic.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for the QUIC connections.
## Close the QUIC connection if send timeout.
## @todo
## See: listener.tcp.$name.send_timeout_close
##
## Value: on | off
## listener.quic.external.send_timeout_close = on
## The receive buffer for the QUIC connections.
## @todo
## See: listener.tcp.$name.recbuf
##
## Value: Bytes
## listener.quic.external.recbuf = 4KB
## The TCP send buffer(os kernel) for the QUIC connections.
##
## @todo
## See: listener.tcp.$name.sndbuf
##
## Value: Bytes
## listener.quic.external.sndbuf = 4KB
## The size of the user-level software buffer used by the driver.
##
## @todo
## See: listener.tcp.$name.buffer
##
## Value: Bytes
## listener.quic.external.buffer = 4KB
## The TCP_NODELAY flag for QUIC connections.
##
## See: listener.tcp.$name.nodelay
##
## Value: true | false
## listener.quic.external.nodelay = true
## The compress flag for external QUIC connections.
##
## If this Value is set true,the websocket message would be compressed
##
## Value: true | false
## listener.quic.external.compress = true
## The level of deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.level
##
## Value: none | default | best_compression | best_speed
## listener.quic.external.deflate_opts.level = default
## The mem_level of deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.mem_level
##
## Valid range is 1-9
## listener.quic.external.deflate_opts.mem_level = 8
## The strategy of deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.strategy
##
## Value: default | filtered | huffman_only | rle
## listener.quic.external.deflate_opts.strategy = default
## The deflate option for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.server_context_takeover
##
## Value: takeover | no_takeover
## listener.quic.external.deflate_opts.server_context_takeover = takeover
## The deflate option for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.client_context_takeover
##
## Value: takeover | no_takeover
## listener.quic.external.deflate_opts.client_context_takeover = takeover
## The deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.server_max_window_bits
##
## Valid range is 8-15
## listener.quic.external.deflate_opts.server_max_window_bits = 15
## The deflate options for external QUIC connections.
##
## See: listener.quic.$name.deflate_opts.client_max_window_bits
##
## Valid range is 8-15
## listener.quic.external.deflate_opts.client_max_window_bits = 15
## The idle timeout for external QUIC connections.
##
## @todo
## See: listener.quic.$name.idle_timeout
##
## Value: Duration
## listener.quic.external.idle_timeout = 60s
## The max frame size for external QUIC connections.
##
## @todo
## Value: Number
## listener.quic.external.max_frame_size = 0
## Whether a WebSocket message is allowed to contain multiple MQTT packets
##
## Value: single | multiple
#listener.quic.external.mqtt_piggyback = multiple
## Enable origin check in header for secure websocket connection
##
## Value: true | false (default false)
#listener.quic.external.check_origin_enable = false
## Allow origin to be absent in header in secure websocket connection when check_origin_enable is true
##
## Value: true | false (default true)
#listener.quic.external.allow_origin_absence = true
## Comma separated list of allowed origin in header for secure websocket connection
##
## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
#listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
## CONFIG_SECTION_END=listeners ================================================
## CONFIG_SECTION_BGN=modules ==================================================