diff --git a/.ci/fvt_tests/docker-compose.yaml b/.ci/fvt_tests/docker-compose.yaml index 22d48bef7..60d4bd64b 100644 --- a/.ci/fvt_tests/docker-compose.yaml +++ b/.ci/fvt_tests/docker-compose.yaml @@ -8,7 +8,7 @@ services: - "EMQX_NAME=emqx" - "EMQX_HOST=node1.emqx.io" - "EMQX_CLUSTER__DISCOVERY=static" - - "EMQX_CLUSTER__STATIC__SEEDS=emqx@node1.emqx.io, emqx@node2.emqx.io" + - "EMQX_CLUSTER__STATIC__SEEDS=\"emqx@node1.emqx.io, emqx@node2.emqx.io\"" - "EMQX_ZONE__EXTERNAL__RETRY_INTERVAL=2s" - "EMQX_MQTT__MAX_TOPIC_ALIAS=10" command: @@ -35,7 +35,7 @@ services: - "EMQX_NAME=emqx" - "EMQX_HOST=node2.emqx.io" - "EMQX_CLUSTER__DISCOVERY=static" - - "EMQX_CLUSTER__STATIC__SEEDS=emqx@node1.emqx.io, emqx@node2.emqx.io" + - "EMQX_CLUSTER__STATIC__SEEDS=\"emqx@node1.emqx.io, emqx@node2.emqx.io\"" - "EMQX_ZONE__EXTERNAL__RETRY_INTERVAL=2s" - "EMQX_MQTT__MAX_TOPIC_ALIAS=10" command: diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml index de54b2b8c..f05cd0476 100644 --- a/.github/workflows/run_cts_tests.yaml +++ b/.github/workflows/run_cts_tests.yaml @@ -37,12 +37,12 @@ jobs: if: matrix.network_type == 'ipv4' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap) - sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = $server_address|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf + sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = \"$server_address\"|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf - name: setup if: matrix.network_type == 'ipv6' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' ldap) - sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = $server_address|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf + sed -i "s|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = \"$server_address\"|g" apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf - name: run test cases run: | docker exec -i erlang sh -c "make ensure-rebar3" @@ -78,10 +78,10 @@ jobs: if: matrix.connect_type == 'tls' run: | docker-compose -f .ci/compatibility_tests/docker-compose-mongo-tls.yaml up -d - sed -i 's|^[#[:space:]]*auth.mongo.ssl[[:space:]]*=.*|auth.mongo.ssl = on|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - sed -i 's|^[#[:space:]]*auth.mongo.cacertfile[[:space:]]*=.*|auth.mongo.cacertfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - sed -i 's|^[#[:space:]]*auth.mongo.certfile[[:space:]]*=.*|auth.mongo.certfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - sed -i 's|^[#[:space:]]*auth.mongo.keyfile[[:space:]]*=.*|auth.mongo.keyfile = /emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i 's|^[#[:space:]]*auth.mongo.ssl[[:space:]]*=.*|auth.mongo.ssl.enable = on|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i 's|^[#[:space:]]*auth.mongo.cacertfile[[:space:]]*=.*|auth.mongo.cacertfile = "/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i 's|^[#[:space:]]*auth.mongo.certfile[[:space:]]*=.*|auth.mongo.certfile = "/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i 's|^[#[:space:]]*auth.mongo.keyfile[[:space:]]*=.*|auth.mongo.keyfile = "/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - name: setup env: MONGO_TAG: ${{ matrix.mongo_tag }} @@ -91,12 +91,12 @@ jobs: if: matrix.network_type == 'ipv4' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongo) - sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = $server_address:27017|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = \"$server_address:27017\"|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - name: setup if: matrix.network_type == 'ipv6' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mongo) - sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = $server_address:27017|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i "s|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = \"$server_address:27017\"|g" apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - name: run test cases run: | docker exec -i erlang sh -c "make ensure-rebar3" @@ -132,7 +132,7 @@ jobs: if: matrix.connect_type == 'tls' run: | docker-compose -f .ci/compatibility_tests/docker-compose-mysql-tls.yaml up -d - sed -i 's|^[#[:space:]]*auth.mysql.ssl[[:space:]]*=.*|auth.mysql.ssl = on|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf + sed -i 's|^[#[:space:]]*auth.mysql.ssl[[:space:]]*=.*|auth.mysql.ssl.enable = on|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf sed -i 's|^[#[:space:]]*auth.mysql.ssl.cacertfile[[:space:]]*=.*|auth.mysql.ssl.cacertfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf sed -i 's|^[#[:space:]]*auth.mysql.ssl.certfile[[:space:]]*=.*|auth.mysql.ssl.certfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf sed -i 's|^[#[:space:]]*auth.mysql.ssl.keyfile[[:space:]]*=.*|auth.mysql.ssl.keyfile = /emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf @@ -145,12 +145,12 @@ jobs: if: matrix.network_type == 'ipv4' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql) - sed -i "/auth.mysql.server/c auth.mysql.server = $server_address:3306" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf + sed -i "/auth.mysql.server/c auth.mysql.server = \"$server_address:3306\"" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf - name: setup if: matrix.network_type == 'ipv6' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mysql) - sed -i "/auth.mysql.server/c auth.mysql.server = $server_address:3306" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf + sed -i "/auth.mysql.server/c auth.mysql.server = \"$server_address:3306\"" apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf - name: setup run: | sed -i 's|^[#[:space:]]*auth.mysql.username[[:space:]]*=.*|auth.mysql.username = root|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf @@ -195,15 +195,15 @@ jobs: docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml build --no-cache docker-compose -f .ci/compatibility_tests/docker-compose-pgsql-tls.yaml up -d if [ "$PGSQL_TAG" = "12" ] || [ "$PGSQL_TAG" = "13" ]; then - sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = "tlsv1.3,tlsv1.2"|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf else - sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = tlsv1.2,tlsv1.1|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.ssl.tls_versions[ \t]*=.*|auth.pgsql.ssl.tls_versions = "tlsv1.2,tlsv1.1"|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf fi sed -i 's|^[#[:space:]]*auth.pgsql.username[ \t]*=.*|auth.pgsql.username = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.password[ \t]*=.*|auth.pgsql.password = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.database[ \t]*=.*|auth.pgsql.database = postgres|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - sed -i 's|^[#[:space:]]*auth.pgsql.ssl[ \t]*=.*|auth.pgsql.ssl = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.ssl.enable[ \t]*=.*|auth.pgsql.ssl.enable = on|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.cacertfile[ \t]*=.*|auth.pgsql.cacertfile = /emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/root.crt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - name: setup env: @@ -218,12 +218,12 @@ jobs: if: matrix.network_type == 'ipv4' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql) - sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = $server_address:5432|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = \"$server_address:5432\"|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - name: setup if: matrix.network_type == 'ipv6' run: | server_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' pgsql) - sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = $server_address:5432|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i "s|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = \"$server_address:5432\"|g" apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf - name: run test cases run: | docker exec -i erlang sh -c "make ensure-rebar3" @@ -263,10 +263,10 @@ jobs: run: | set -exu docker-compose -f .ci/compatibility_tests/docker-compose-redis-${{ matrix.node_type }}-tls.yaml up -d - sed -i 's|^[#[:space:]]*auth.redis.ssl[[:space:]]*=.*|auth.redis.ssl = on|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - sed -i 's|^[#[:space:]]*auth.redis.ssl.cacertfile[[:space:]]*=.*|auth.redis.ssl.cacertfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - sed -i 's|^[#[:space:]]*auth.redis.ssl.certfile[[:space:]]*=.*|auth.redis.ssl.certfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - sed -i 's|^[#[:space:]]*auth.redis.ssl.keyfile[[:space:]]*=.*|auth.redis.ssl.keyfile = /emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i 's|^[#[:space:]]*auth.redis.ssl.enable[[:space:]]*=.*|auth.redis.ssl.enable = on|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i 's|^[#[:space:]]*auth.redis.ssl.cacertfile[[:space:]]*=.*|auth.redis.ssl.cacertfile = "/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i 's|^[#[:space:]]*auth.redis.ssl.certfile[[:space:]]*=.*|auth.redis.ssl.certfile = "/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i 's|^[#[:space:]]*auth.redis.ssl.keyfile[[:space:]]*=.*|auth.redis.ssl.keyfile = "/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - name: setup env: REDIS_TAG: ${{ matrix.redis_tag }} @@ -284,24 +284,24 @@ jobs: if: matrix.node_type == 'single' && matrix.connect_type == 'tcp' run: | set -exu - sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:6379|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:6379\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf - name: setup if: matrix.node_type == 'single' && matrix.connect_type == 'tls' && matrix.redis_tag != '5' run: | set -exu - sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:6380|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:6380\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf - name: setup if: matrix.node_type == 'cluster' && matrix.connect_type == 'tcp' run: | set -exu sed -i 's|^[#[:space:]]*auth.redis.type[[:space:]]*=.*|auth.redis.type = cluster|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:7000, ${redis_${{ matrix.network_type }}_address}:7001, ${redis_${{ matrix.network_type }}_address}:7002|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:7000, ${redis_${{ matrix.network_type }}_address}:7001, ${redis_${{ matrix.network_type }}_address}:7002\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf - name: setup if: matrix.node_type == 'cluster' && matrix.connect_type == 'tls' && matrix.redis_tag != '5' run: | set -exu sed -i 's|^[#[:space:]]*auth.redis.type[[:space:]]*=.*|auth.redis.type = cluster|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = ${redis_${{ matrix.network_type }}_address}:8000, ${redis_${{ matrix.network_type }}_address}:8001, ${redis_${{ matrix.network_type }}_address}:8002|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i "s|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = \"${redis_${{ matrix.network_type }}_address}:8000, ${redis_${{ matrix.network_type }}_address}:8001, ${redis_${{ matrix.network_type }}_address}:8002\"|g" apps/emqx_auth_redis/etc/emqx_auth_redis.conf - name: run test cases if: matrix.connect_type == 'tcp' || (matrix.connect_type == 'tls' && matrix.redis_tag != '5') run: | diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index fd0443d9a..33752e1b2 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -30,16 +30,16 @@ jobs: docker-compose -f .ci/apps_tests/docker-compose.yaml up -d - name: set config files run: | - sed -i 's|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = ldap_server|g' apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf - sed -i 's|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = mongo_server:27017|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf - sed -i 's|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = redis_server:6379|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf + sed -i 's|^[#[:space:]]*auth.ldap.servers[[:space:]]*=.*|auth.ldap.servers = "ldap_server"|g' apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf + sed -i 's|^[#[:space:]]*auth.mongo.server[[:space:]]*=.*|auth.mongo.server = "mongo_server:27017"|g' apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf + sed -i 's|^[#[:space:]]*auth.redis.server[[:space:]]*=.*|auth.redis.server = "redis_server:6379"|g' apps/emqx_auth_redis/etc/emqx_auth_redis.conf - sed -i 's|^[#[:space:]]*auth.mysql.server[[:space:]]*=.*|auth.mysql.server = mysql_server:3306|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf + sed -i 's|^[#[:space:]]*auth.mysql.server[[:space:]]*=.*|auth.mysql.server = "mysql_server:3306"|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf sed -i 's|^[#[:space:]]*auth.mysql.username[[:space:]]*=.*|auth.mysql.username = root|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf sed -i 's|^[#[:space:]]*auth.mysql.password[[:space:]]*=.*|auth.mysql.password = public|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf sed -i 's|^[#[:space:]]*auth.mysql.database[[:space:]]*=.*|auth.mysql.database = mqtt|g' apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf - sed -i 's|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = pgsql_server:5432|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf + sed -i 's|^[#[:space:]]*auth.pgsql.server[[:space:]]*=.*|auth.pgsql.server = "pgsql_server:5432"|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.username[[:space:]]*=.*|auth.pgsql.username = root|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.password[[:space:]]*=.*|auth.pgsql.password = public|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf sed -i 's|^[#[:space:]]*auth.pgsql.database[[:space:]]*=.*|auth.pgsql.database = mqtt|g' apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf diff --git a/apps/emqx_auth_http/etc/emqx_auth_http.conf b/apps/emqx_auth_http/etc/emqx_auth_http.conf index 3d5c45ea7..b2f6c4280 100644 --- a/apps/emqx_auth_http/etc/emqx_auth_http.conf +++ b/apps/emqx_auth_http/etc/emqx_auth_http.conf @@ -7,7 +7,7 @@ ## Value: URL ## ## Examples: http://127.0.0.1:80/mqtt/auth, https://[::1]:80/mqtt/auth -auth.http.auth_req.url = http://127.0.0.1:80/mqtt/auth +auth.http.auth_req.url = "http://127.0.0.1:80/mqtt/auth" ## HTTP Request Method for Auth Request ## @@ -18,7 +18,7 @@ auth.http.auth_req.method = post ## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json ## ## Examples: auth.http.auth_req.headers.accept = */* -auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded +auth.http.auth_req.headers.content-type = "application/x-www-form-urlencoded" ## Parameters used to construct the request body or query string parameters ## When the request method is GET, these parameters will be converted into query string parameters @@ -35,14 +35,14 @@ auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded ## - %d: subject of client TLS cert ## ## Value: =,=,... -auth.http.auth_req.params = clientid=%c,username=%u,password=%P +auth.http.auth_req.params = "clientid=%c,username=%u,password=%P" ## HTTP URL API path for SuperUser Request ## ## Value: URL ## ## Examples: http://127.0.0.1:80/mqtt/superuser, https://[::1]:80/mqtt/superuser -auth.http.super_req.url = http://127.0.0.1:80/mqtt/superuser +auth.http.super_req.url = "http://127.0.0.1:80/mqtt/superuser" ## HTTP Request Method for SuperUser Request ## @@ -53,7 +53,7 @@ auth.http.super_req.method = post ## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json ## ## Examples: auth.http.super_req.headers.accept = */* -auth.http.super_req.headers.content-type = application/x-www-form-urlencoded +auth.http.super_req.headers.content-type = "application/x-www-form-urlencoded" ## Parameters used to construct the request body or query string parameters ## When the request method is GET, these parameters will be converted into query string parameters @@ -70,14 +70,14 @@ auth.http.super_req.headers.content-type = application/x-www-form-urlencoded ## - %d: subject of client TLS cert ## ## Value: =,=,... -auth.http.super_req.params = clientid=%c,username=%u +auth.http.super_req.params = "clientid=%c,username=%u" ## HTTP URL API path for ACL Request ## ## Value: URL ## ## Examples: http://127.0.0.1:80/mqtt/acl, https://[::1]:80/mqtt/acl -auth.http.acl_req.url = http://127.0.0.1:80/mqtt/acl +auth.http.acl_req.url = "http://127.0.0.1:80/mqtt/acl" ## HTTP Request Method for ACL Request ## @@ -88,7 +88,7 @@ auth.http.acl_req.method = post ## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json ## ## Examples: auth.http.acl_req.headers.accept = */* -auth.http.acl_req.headers.content-type = application/x-www-form-urlencoded +auth.http.acl_req.headers.content-type = "application/x-www-form-urlencoded" ## Parameters used to construct the request body or query string parameters ## When the request method is GET, these parameters will be converted into query string parameters @@ -105,7 +105,7 @@ auth.http.acl_req.headers.content-type = application/x-www-form-urlencoded ## - %d: subject of client TLS cert ## ## Value: =,=,... -auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m +auth.http.acl_req.params = "access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m" ## Time-out time for the request. ## @@ -140,14 +140,14 @@ auth.http.pool_size = 32 ## are used during server authentication and when building the client certificate chain. ## ## Value: File -## auth.http.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem +## auth.http.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem" ## The path to a file containing the client's certificate. ## ## Value: File -## auth.http.ssl.certfile = {{ platform_etc_dir }}/certs/client-cert.pem +## auth.http.ssl.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem" ## Path to a file containing the client's private PEM-encoded key. ## ## Value: File -## auth.http.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem +## auth.http.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem" diff --git a/apps/emqx_auth_http/rebar.config b/apps/emqx_auth_http/rebar.config index d159825ee..a53379e99 100644 --- a/apps/emqx_auth_http/rebar.config +++ b/apps/emqx_auth_http/rebar.config @@ -21,7 +21,7 @@ {profiles, [{test, [{deps, - [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}, + [ {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "v1.2.2"}}} ]} ]} diff --git a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf b/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf index 5a599ca23..2aeb99d74 100644 --- a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf +++ b/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf @@ -10,13 +10,13 @@ auth.jwt.secret = emqxsecret ## RSA or ECDSA public key file. ## ## Value: File -#auth.jwt.pubkey = etc/certs/jwt_public_key.pem +#auth.jwt.pubkey = "etc/certs/jwt_public_key.pem" ## The JWKs server address ## ## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html ## -#auth.jwt.jwks = https://127.0.0.1:8080/jwks +#auth.jwt.jwks.endpoint = "https://127.0.0.1:8080/jwks" ## The JWKs refresh interval ## @@ -32,7 +32,7 @@ auth.jwt.from = password ## Enable to verify claims fields ## ## Value: on | off -auth.jwt.verify_claims = off +auth.jwt.verify_claims.enable = off ## The checklist of claims to validate ## @@ -42,4 +42,4 @@ auth.jwt.verify_claims = off ## Variables: ## - %u: username ## - %c: clientid -#auth.jwt.verify_claims.username = %u +#auth.jwt.verify_claims.username = "%u" diff --git a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema b/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema index 3d8de3678..10b2daa5e 100644 --- a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema +++ b/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema @@ -4,7 +4,7 @@ {datatype, string} ]}. -{mapping, "auth.jwt.jwks", "emqx_auth_jwt.jwks", [ +{mapping, "auth.jwt.jwks.endpoint", "emqx_auth_jwt.jwks", [ {datatype, string} ]}. @@ -26,7 +26,7 @@ {datatype, {enum, [raw, der]}} ]}. -{mapping, "auth.jwt.verify_claims", "emqx_auth_jwt.verify_claims", [ +{mapping, "auth.jwt.verify_claims.enable", "emqx_auth_jwt.verify_claims", [ {default, off}, {datatype, flag} ]}. @@ -36,7 +36,7 @@ ]}. {translation, "emqx_auth_jwt.verify_claims", fun(Conf) -> - case cuttlefish:conf_get("auth.jwt.verify_claims", Conf) of + case cuttlefish:conf_get("auth.jwt.verify_claims.enable", Conf) of false -> cuttlefish:unset(); true -> lists:foldr( diff --git a/apps/emqx_auth_jwt/rebar.config b/apps/emqx_auth_jwt/rebar.config index 5e7575881..3ec554950 100644 --- a/apps/emqx_auth_jwt/rebar.config +++ b/apps/emqx_auth_jwt/rebar.config @@ -20,6 +20,6 @@ {profiles, [{test, - [{deps, [{emqx_ct_helpers, {git, "http://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}]} + [{deps, []} ]} ]}. diff --git a/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf b/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf index 746510fb3..c849a7eec 100644 --- a/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf +++ b/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf @@ -5,7 +5,7 @@ ## LDAP server list, seperated by ','. ## ## Value: String -auth.ldap.servers = 127.0.0.1 +auth.ldap.servers = "127.0.0.1" ## LDAP server port. ## @@ -20,7 +20,7 @@ auth.ldap.pool = 8 ## LDAP Bind DN. ## ## Value: DN -auth.ldap.bind_dn = cn=root,dc=emqx,dc=io +auth.ldap.bind_dn = "cn=root,dc=emqx,dc=io" ## LDAP Bind Password. ## @@ -37,7 +37,7 @@ auth.ldap.timeout = 30s ## Variables: ## ## Value: DN -auth.ldap.device_dn = ou=device,dc=emqx,dc=io +auth.ldap.device_dn = "ou=device,dc=emqx,dc=io" ## Specified ObjectClass ## @@ -63,15 +63,15 @@ auth.ldap.password.attributetype = userPassword ## Whether to enable SSL. ## ## Value: true | false -auth.ldap.ssl = false +auth.ldap.ssl.enable = false -#auth.ldap.ssl.certfile = etc/certs/cert.pem +#auth.ldap.ssl.certfile = "etc/certs/cert.pem" -#auth.ldap.ssl.keyfile = etc/certs/key.pem +#auth.ldap.ssl.keyfile = "etc/certs/key.pem" -#auth.ldap.ssl.cacertfile = etc/certs/cacert.pem +#auth.ldap.ssl.cacertfile = "etc/certs/cacert.pem" -#auth.ldap.ssl.verify = verify_peer +#auth.ldap.ssl.verify = "verify_peer" #auth.ldap.ssl.fail_if_no_peer_cert = true diff --git a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema index 554752a0b..a9b908fab 100644 --- a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema +++ b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema @@ -31,7 +31,7 @@ {datatype, {duration, ms}} ]}. -{mapping, "auth.ldap.ssl", "emqx_auth_ldap.ldap", [ +{mapping, "auth.ldap.ssl.enable", "emqx_auth_ldap.ldap", [ {default, false}, {datatype, {enum, [true, false]}} ]}. @@ -85,7 +85,7 @@ {bind_password, BindPassword}, {pool, Pool}, {auto_reconnect, 2}], - case cuttlefish:conf_get("auth.ldap.ssl", Conf) of + case cuttlefish:conf_get("auth.ldap.ssl.enable", Conf) of true -> [{ssl, true}, {sslopts, Filter(SslOpts())}|Opts]; false -> [{ssl, false}|Opts] end diff --git a/apps/emqx_auth_ldap/rebar.config b/apps/emqx_auth_ldap/rebar.config index 48eaf812f..811468a7b 100644 --- a/apps/emqx_auth_ldap/rebar.config +++ b/apps/emqx_auth_ldap/rebar.config @@ -4,7 +4,7 @@ {profiles, [{test, - [{deps, [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}]} + [{deps, []} ]} ]}. diff --git a/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf b/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf index ff74656cb..758df1a9c 100644 --- a/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf +++ b/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf @@ -10,12 +10,12 @@ auth.mnesia.password_hash = sha256 ## Examples ##auth.client.1.clientid = id ##auth.client.1.password = passwd -##auth.client.2.clientid = dev:devid +##auth.client.2.clientid = "dev:devid" ##auth.client.2.password = passwd2 -##auth.client.3.clientid = app:appid +##auth.client.3.clientid = "app:appid" ##auth.client.3.password = passwd3 -##auth.client.4.clientid = client~!@#$%^&*()_+ -##auth.client.4.password = passwd~!@#$%^&*()_+ +##auth.client.4.clientid = "client~!@#$%^&*()_+" +##auth.client.4.password = "passwd~!@#$%^&*()_+" ##-------------------------------------------------------------------- ## Username Authentication @@ -26,5 +26,5 @@ auth.mnesia.password_hash = sha256 ##auth.user.1.password = public ##auth.user.2.username = feng@emqtt.io ##auth.user.2.password = public -##auth.user.3.username = name~!@#$%^&*()_+ -##auth.user.3.password = pwsswd~!@#$%^&*()_+ +##auth.user.3.username = "name~!@#$%^&*()_+" +##auth.user.3.password = "pwsswd~!@#$%^&*()_+" diff --git a/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf b/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf index 073feeb6d..814309e1a 100644 --- a/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf +++ b/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf @@ -17,7 +17,7 @@ auth.mongo.type = single ## Value: String ## ## Examples: 127.0.0.1:27017,127.0.0.2:27017... -auth.mongo.server = 127.0.0.1:27017 +auth.mongo.server = "127.0.0.1:27017" ## MongoDB pool size ## @@ -102,17 +102,17 @@ auth.mongo.topology.max_overflow = 0 auth.mongo.auth_query.password_hash = sha256 ## sha256 with salt suffix -## auth.mongo.auth_query.password_hash = sha256,salt +## auth.mongo.auth_query.password_hash = "sha256,salt" ## sha256 with salt prefix -## auth.mongo.auth_query.password_hash = salt,sha256 +## auth.mongo.auth_query.password_hash = "salt,sha256" ## bcrypt with salt prefix -## auth.mongo.auth_query.password_hash = salt,bcrypt +## auth.mongo.auth_query.password_hash = "salt,bcrypt" ## pbkdf2 with macfun iterations dklen ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20 +## auth.mongo.auth_query.password_hash = "pbkdf2,sha256,1000,20" ## Authentication query. auth.mongo.auth_query.collection = mqtt_user @@ -131,15 +131,15 @@ auth.mongo.auth_query.password_field = password ## - %d: subject of client TLS cert ## ## auth.mongo.auth_query.selector = {Field}={Placeholder} -auth.mongo.auth_query.selector = username=%u +auth.mongo.auth_query.selector = "username=%u" ## ------------------------------------------------- ## Super User Query ## ------------------------------------------------- auth.mongo.super_query.collection = mqtt_user auth.mongo.super_query.super_field = is_superuser -#auth.mongo.super_query.selector = username=%u, clientid=%c -auth.mongo.super_query.selector = username=%u +#auth.mongo.super_query.selector.1 = username=%u, clientid=%c +auth.mongo.super_query.selector = "username=%u" ## ACL Selector. ## @@ -150,8 +150,8 @@ auth.mongo.super_query.selector = username=%u ## ## With following 2 selectors configured: ## -## auth.mongo.acl_query.selector.1 = username=%u -## auth.mongo.acl_query.selector.2 = username=$all +## auth.mongo.acl_query.selector.1 = "username=%u" +## auth.mongo.acl_query.selector.2 = "username=$all" ## ## And if a client connected using username 'ilyas', ## then the following mongo command will be used to @@ -165,8 +165,8 @@ auth.mongo.super_query.selector = username=%u ## ## Examples: ## -## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c -## auth.mongo.acl_query.selector.2 = username=$all -## auth.mongo.acl_query.selector.3 = clientid=$all +## auth.mongo.acl_query.selector.1 = "username=%u,clientid=%c" +## auth.mongo.acl_query.selector.2 = "username=$all" +## auth.mongo.acl_query.selector.3 = "clientid=$all" auth.mongo.acl_query.collection = mqtt_acl -auth.mongo.acl_query.selector = username=%u +auth.mongo.acl_query.selector = "username=%u" diff --git a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema index bef569306..04dd4fe52 100644 --- a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema +++ b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema @@ -45,7 +45,7 @@ {datatype, string} ]}. -{mapping, "auth.mongo.ssl", "emqx_auth_mongo.server", [ +{mapping, "auth.mongo.ssl.enable", "emqx_auth_mongo.server", [ {default, off}, {datatype, {enum, [on, off, true, false]}} %% FIXME: ture/false is compatible with 4.0-4.2 version format, plan to delete in 5.0 ]}. @@ -121,7 +121,6 @@ true -> []; false -> [{r_mode, R}] end, - Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, SslOpts = fun(Prefix) -> Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)}, @@ -130,8 +129,14 @@ end, %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 - Ssl = case cuttlefish:conf_get("auth.mongo.ssl", Conf) of - on -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}]; + GenSsl = case cuttlefish:conf_get("auth.mongo.ssl.cacertfile", Conf, undefined) of + undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}]; + _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}] + end, + + %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 + Ssl = case cuttlefish:conf_get("auth.mongo.ssl.enable", Conf) of + on -> GenSsl; off -> []; true -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}]; false -> [] diff --git a/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf b/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf index d367c2edc..28ff95c75 100644 --- a/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf +++ b/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf @@ -7,7 +7,7 @@ ## Value: Port | IP:Port ## ## Examples: 3306, 127.0.0.1:3306, localhost:3306 -auth.mysql.server = 127.0.0.1:3306 +auth.mysql.server = "127.0.0.1:3306" ## MySQL pool size. ## @@ -50,7 +50,7 @@ auth.mysql.database = mqtt ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## -auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1 +auth.mysql.auth_query = "select password from mqtt_user where username = '%u' limit 1" ## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1 ## Password hash. @@ -59,17 +59,17 @@ auth.mysql.auth_query = select password from mqtt_user where username = '%u' lim auth.mysql.password_hash = sha256 ## sha256 with salt prefix -## auth.mysql.password_hash = salt,sha256 +## auth.mysql.password_hash = "salt,sha256" ## bcrypt with salt only prefix -## auth.mysql.password_hash = salt,bcrypt +## auth.mysql.password_hash = "salt,bcrypt" ## sha256 with salt suffix -## auth.mysql.password_hash = sha256,salt +## auth.mysql.password_hash = "sha256,salt" ## pbkdf2 with macfun iterations dklen ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.mysql.password_hash = pbkdf2,sha256,1000,20 +## auth.mysql.password_hash = "pbkdf2,sha256,1000,20" ## Superuser query. ## @@ -81,7 +81,7 @@ auth.mysql.password_hash = sha256 ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## -auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1 +auth.mysql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1" ## ACL query. ## @@ -93,12 +93,12 @@ auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u ## - %c: clientid ## ## Note: You can add the 'ORDER BY' statement to control the rules match order -auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c' +auth.mysql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'" ## Mysql ssl configuration. ## ## Value: on | off -#auth.mysql.ssl = off +## auth.mysql.ssl.enable = off ## CA certificate. ## diff --git a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema index 8f9c069c4..28a9d5956 100644 --- a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema +++ b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema @@ -30,7 +30,7 @@ {datatype, string} ]}. -{mapping, "auth.mysql.ssl", "emqx_auth_mysql.server", [ +{mapping, "auth.mysql.ssl.enable", "emqx_auth_mysql.server", [ {default, off}, {datatype, flag} ]}. @@ -85,7 +85,7 @@ {keep_alive, true}], Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, Options1 = - case cuttlefish:conf_get("auth.mysql.ssl", Conf) of + case cuttlefish:conf_get("auth.mysql.ssl.enable", Conf) of true -> %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 CA = cuttlefish:conf_get( diff --git a/apps/emqx_auth_pgsql/README.md b/apps/emqx_auth_pgsql/README.md index 2dccd6f53..a8f5d723f 100644 --- a/apps/emqx_auth_pgsql/README.md +++ b/apps/emqx_auth_pgsql/README.md @@ -49,7 +49,7 @@ auth.pgsql.encoding = utf8 ## Whether to enable SSL connection. ## ## Value: true | false -auth.pgsql.ssl = false +auth.pgsql.ssl.enable = false ## SSL keyfile. ## diff --git a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf index ef8e7533a..42d949fce 100644 --- a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf +++ b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf @@ -6,8 +6,8 @@ ## ## Value: Port | IP:Port ## -## Examples: 5432, 127.0.0.1:5432, localhost:5432 -auth.pgsql.server = 127.0.0.1:5432 +## Examples: 5432, "127.0.0.1:5432", "localhost:5432" +auth.pgsql.server = "127.0.0.1:5432" ## PostgreSQL pool size. ## @@ -37,7 +37,7 @@ auth.pgsql.encoding = utf8 ## Whether to enable SSL connection. ## ## Value: on | off -auth.pgsql.ssl = off +auth.pgsql.ssl.enable = off ## TLS version ## You can configure multi-version use "," split, @@ -72,7 +72,7 @@ auth.pgsql.ssl = off ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## -auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1 +auth.pgsql.auth_query = "select password from mqtt_user where username = '%u' limit 1" ## Password hash. ## @@ -80,17 +80,17 @@ auth.pgsql.auth_query = select password from mqtt_user where username = '%u' lim auth.pgsql.password_hash = sha256 ## sha256 with salt prefix -## auth.pgsql.password_hash = salt,sha256 +## auth.pgsql.password_hash = "salt,sha256" ## sha256 with salt suffix -## auth.pgsql.password_hash = sha256,salt +## auth.pgsql.password_hash = "sha256,salt" ## bcrypt with salt prefix -## auth.pgsql.password_hash = salt,bcrypt +## auth.pgsql.password_hash = "salt,bcrypt" ## pbkdf2 with macfun iterations dklen ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.pgsql.password_hash = pbkdf2,sha256,1000,20 +## auth.pgsql.password_hash = "pbkdf2,sha256,1000,20" ## Superuser query. ## @@ -102,7 +102,7 @@ auth.pgsql.password_hash = sha256 ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## -auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1 +auth.pgsql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1" ## ACL query. Comment this query, the ACL will be disabled. ## @@ -114,4 +114,4 @@ auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u ## - %c: clientid ## ## Note: You can add the 'ORDER BY' statement to control the rules match order -auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c' +auth.pgsql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'" diff --git a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema index 859495a60..0ed5f21b1 100644 --- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema +++ b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema @@ -30,7 +30,7 @@ {datatype, atom} ]}. -{mapping, "auth.pgsql.ssl", "emqx_auth_pgsql.server", [ +{mapping, "auth.pgsql.ssl.enable", "emqx_auth_pgsql.server", [ {default, off}, {datatype, {enum, [on, off, true, false]}} %% FIXME: true/fasle is compatible with 4.0-4.2 version format, plan to delete in 5.0 ]}. @@ -98,8 +98,14 @@ end, %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 - Ssl = case cuttlefish:conf_get("auth.pgsql.ssl", Conf) of - on -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}]; + GenSsl = case cuttlefish:conf_get("auth.pgsql.ssl.cacertfile", Conf, undefined) of + undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}]; + _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}] + end, + + %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 + Ssl = case cuttlefish:conf_get("auth.pgsql.ssl.enable", Conf) of + on -> GenSsl; off -> []; true -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}]; false -> [] diff --git a/apps/emqx_auth_redis/etc/emqx_auth_redis.conf b/apps/emqx_auth_redis/etc/emqx_auth_redis.conf index 77b247a06..f0145b9be 100644 --- a/apps/emqx_auth_redis/etc/emqx_auth_redis.conf +++ b/apps/emqx_auth_redis/etc/emqx_auth_redis.conf @@ -12,9 +12,9 @@ auth.redis.type = single ## Value: Port | IP:Port ## ## Single Redis Server: 127.0.0.1:6379, localhost:6379 -## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379 -## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379 -auth.redis.server = 127.0.0.1:6379 +## Redis Sentinel: "127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379" +## Redis Cluster: "127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379" +auth.redis.server = "127.0.0.1:6379" ## Redis sentinel cluster name. ## @@ -52,10 +52,10 @@ auth.redis.database = 0 ## - %d: subject of client TLS cert ## ## Examples: -## - HGET mqtt_user:%u password -## - HMGET mqtt_user:%u password -## - HMGET mqtt_user:%u password salt -auth.redis.auth_cmd = HMGET mqtt_user:%u password +## - "HGET mqtt_user:%u password" +## - "HMGET mqtt_user:%u password" +## - "HMGET mqtt_user:%u password salt" +auth.redis.auth_cmd = "HMGET mqtt_user:%u password" ## Password hash. ## @@ -63,17 +63,17 @@ auth.redis.auth_cmd = HMGET mqtt_user:%u password auth.redis.password_hash = plain ## sha256 with salt prefix -## auth.redis.password_hash = salt,sha256 +## auth.redis.password_hash = "salt,sha256" ## sha256 with salt suffix -## auth.redis.password_hash = sha256,salt +## auth.redis.password_hash = "sha256,salt" ## bcrypt with salt prefix -## auth.redis.password_hash = salt,bcrypt +## auth.redis.password_hash = "salt,bcrypt" ## pbkdf2 with macfun iterations dklen ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.redis.password_hash = pbkdf2,sha256,1000,20 +## auth.redis.password_hash = "pbkdf2,sha256,1000,20" ## Superuser query command. ## @@ -84,7 +84,7 @@ auth.redis.password_hash = plain ## - %c: clientid ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert -auth.redis.super_cmd = HGET mqtt_user:%u is_superuser +auth.redis.super_cmd = "HGET mqtt_user:%u is_superuser" ## ACL query command. ## @@ -93,12 +93,12 @@ auth.redis.super_cmd = HGET mqtt_user:%u is_superuser ## Variables: ## - %u: username ## - %c: clientid -auth.redis.acl_cmd = HGETALL mqtt_acl:%u +auth.redis.acl_cmd = "HGETALL mqtt_acl:%u" ## Redis ssl configuration. ## ## Value: on | off -#auth.redis.ssl = off +# auth.redis.ssl.enable = off ## CA certificate. ## @@ -108,10 +108,10 @@ auth.redis.acl_cmd = HGETALL mqtt_acl:%u ## Client ssl certificate. ## ## Value: File -#auth.redis.ssl.certfile = path/to/your/certfile +# auth.redis.ssl.certfile = path/to/your/certfile ## Client ssl keyfile. ## ## Value: File -#auth.redis.ssl.keyfile = path/to/your/keyfile +# auth.redis.ssl.keyfile = path/to/your/keyfile diff --git a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema index 070f306af..0ad9e441c 100644 --- a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema +++ b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema @@ -33,7 +33,7 @@ hidden ]}. -{mapping, "auth.redis.ssl", "emqx_auth_redis.options", [ +{mapping, "auth.redis.ssl.enable", "emqx_auth_redis.options", [ {default, off}, {datatype, flag} ]}. @@ -50,26 +50,8 @@ {datatype, string} ]}. -%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 -{mapping, "auth.redis.cafile", "emqx_auth_redis.options", [ - {default, ""}, - {datatype, string} -]}. - -%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 -{mapping, "auth.redis.certfile", "emqx_auth_redis.options", [ - {default, ""}, - {datatype, string} -]}. - -%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0 -{mapping, "auth.redis.keyfile", "emqx_auth_redis.options", [ - {default, ""}, - {datatype, string} -]}. - {translation, "emqx_auth_redis.options", fun(Conf) -> - Ssl = cuttlefish:conf_get("auth.redis.ssl", Conf, false), + Ssl = cuttlefish:conf_get("auth.redis.ssl.enable", Conf, false), Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, case Ssl of true -> diff --git a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf index 28d532adf..df3960554 100644 --- a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf +++ b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf @@ -9,8 +9,8 @@ ## Bridge address: node name for local bridge, host:port for remote. ## ## Value: String -## Example: emqx@127.0.0.1, 127.0.0.1:1883 -bridge.mqtt.aws.address = 127.0.0.1:1883 +## Example: emqx@127.0.0.1, "127.0.0.1:1883" +bridge.mqtt.aws.address = "127.0.0.1:1883" ## Protocol version of the bridge. ## @@ -65,18 +65,18 @@ bridge.mqtt.aws.password = passwd ## Topics that need to be forward to AWS IoTHUB ## ## Value: String -## Example: topic1/#,topic2/# -bridge.mqtt.aws.forwards = topic1/#,topic2/# +## Example: "topic1/#,topic2/#" +bridge.mqtt.aws.forwards = "topic1/#,topic2/#" ## Forward messages to the mountpoint of an AWS IoTHUB ## ## Value: String -bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/ +bridge.mqtt.aws.forward_mountpoint = "bridge/aws/${node}/" ## Need to subscribe to AWS topics ## ## Value: String -## bridge.mqtt.aws.subscription.1.topic = cmd/topic1 +## bridge.mqtt.aws.subscription.1.topic = "cmd/topic1" ## Need to subscribe to AWS topics QoS. ## @@ -86,7 +86,7 @@ bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/ ## A mountpoint that receives messages from AWS IoTHUB ## ## Value: String -## bridge.mqtt.aws.receive_mountpoint = receive/aws/ +## bridge.mqtt.aws.receive_mountpoint = "receive/aws/" ## Bribge to remote server via SSL. @@ -97,28 +97,28 @@ bridge.mqtt.aws.ssl = off ## PEM-encoded CA certificates of the bridge. ## ## Value: File -bridge.mqtt.aws.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +bridge.mqtt.aws.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## Client SSL Certfile of the bridge. ## ## Value: File -bridge.mqtt.aws.certfile = {{ platform_etc_dir }}/certs/client-cert.pem +bridge.mqtt.aws.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem" ## Client SSL Keyfile of the bridge. ## ## Value: File -bridge.mqtt.aws.keyfile = {{ platform_etc_dir }}/certs/client-key.pem +bridge.mqtt.aws.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem" ## SSL Ciphers used by the bridge. ## ## Value: String -bridge.mqtt.aws.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +bridge.mqtt.aws.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#bridge.mqtt.aws.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA +#bridge.mqtt.aws.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" ## Ping interval of a down bridge. ## @@ -129,7 +129,7 @@ bridge.mqtt.aws.keepalive = 60s ## TLS versions used by the bridge. ## ## Value: String -bridge.mqtt.aws.tls_versions = tlsv1.2,tlsv1.1,tlsv1 +bridge.mqtt.aws.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" ## Bridge reconnect time. ## @@ -159,7 +159,7 @@ bridge.mqtt.aws.max_inflight_size = 32 ## replayq works in a mem-only manner. ## ## Value: String -bridge.mqtt.aws.queue.replayq_dir = {{ platform_data_dir }}/replayq/emqx_aws_bridge/ +bridge.mqtt.aws.queue.replayq_dir = "{{ platform_data_dir }}/replayq/emqx_aws_bridge/" ## Replayq segment size ## diff --git a/apps/emqx_coap/etc/emqx_coap.conf b/apps/emqx_coap/etc/emqx_coap.conf index 0590a348e..d6dfa1a6f 100644 --- a/apps/emqx_coap/etc/emqx_coap.conf +++ b/apps/emqx_coap/etc/emqx_coap.conf @@ -4,13 +4,13 @@ ## The IP and UDP port that CoAP bind with. ## -## Default: 0.0.0.0:5683 +## Default: "0.0.0.0:5683" ## ## Examples: -## coap.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683 +## coap.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683" ## -coap.bind.udp.1 = 0.0.0.0:5683 -##coap.bind.udp.2 = 0.0.0.0:6683 +coap.bind.udp.1 = "0.0.0.0:5683" +##coap.bind.udp.2 = "0.0.0.0:6683" ## Whether to enable statistics for CoAP clients. ## @@ -23,13 +23,13 @@ coap.enable_stats = off ## The DTLS port that CoAP is listening on. ## -## Default: 0.0.0.0:5684 +## Default: "0.0.0.0:5684" ## ## Examples: -## coap.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684 +## coap.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684" ## -coap.bind.dtls.1 = 0.0.0.0:5684 -##coap.bind.dtls.2 = 0.0.0.0:6684 +coap.bind.dtls.1 = "0.0.0.0:5684" +##coap.bind.dtls.2 = "0.0.0.0:6684" ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this @@ -43,17 +43,17 @@ coap.bind.dtls.1 = 0.0.0.0:5684 ## Private key file for DTLS ## ## Value: File -coap.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem +coap.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ## Server certificate for DTLS. ## ## Value: File -coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem +coap.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem" ## PEM-encoded CA certificates for DTLS ## ## Value: File -## coap.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +## coap.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## Used together with {verify, verify_peer} by an SSL server. If set to true, ## the server fails if the client does not have a certificate to send, that is, @@ -79,4 +79,4 @@ coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers -coap.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +coap.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" diff --git a/apps/emqx_coap/rebar.config b/apps/emqx_coap/rebar.config index 0b85b4f18..ad9d500ab 100644 --- a/apps/emqx_coap/rebar.config +++ b/apps/emqx_coap/rebar.config @@ -21,8 +21,6 @@ {profiles, [{test, [{deps, - [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}}, - {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}} - ]} + [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}}]} ]} ]}. diff --git a/apps/emqx_dashboard/etc/emqx_dashboard.conf b/apps/emqx_dashboard/etc/emqx_dashboard.conf index 7c2125b4c..3c566aa33 100644 --- a/apps/emqx_dashboard/etc/emqx_dashboard.conf +++ b/apps/emqx_dashboard/etc/emqx_dashboard.conf @@ -20,7 +20,7 @@ dashboard.default_user.password = public ## Value: Port ## ## Examples: 18083 -dashboard.listener.http = 18083 +dashboard.listener.http.port = 18083 ## The acceptor pool for external Dashboard HTTP listener. ## @@ -50,7 +50,7 @@ dashboard.listener.http.ipv6_v6only = false ## Value: Port ## ## Examples: 18084 -## dashboard.listener.https = 18084 +## dashboard.listener.https.port = 18084 ## The acceptor pool for external Dashboard HTTPS listener. ## @@ -75,22 +75,22 @@ dashboard.listener.http.ipv6_v6only = false ## Path to the file containing the user's private PEM-encoded key. ## ## Value: File -## dashboard.listener.https.keyfile = etc/certs/key.pem +## dashboard.listener.https.keyfile = "etc/certs/key.pem" ## Path to a file containing the user certificate. ## ## Value: File -## dashboard.listener.https.certfile = etc/certs/cert.pem +## dashboard.listener.https.certfile = "etc/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. ## ## Value: File -## dashboard.listener.https.cacertfile = etc/certs/cacert.pem +## dashboard.listener.https.cacertfile = "etc/certs/cacert.pem" ## See: 'listener.ssl..dhfile' in emq.conf ## ## Value: File -## dashboard.listener.https.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem +## dashboard.listener.https.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem" ## See: 'listener.ssl..vefify' in emq.conf ## @@ -105,12 +105,12 @@ dashboard.listener.http.ipv6_v6only = false ## TLS versions only to protect from POODLE attack. ## ## Value: String, seperated by ',' -## dashboard.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1 +## dashboard.listener.https.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" ## See: 'listener.ssl..ciphers' in emq.conf ## ## Value: Ciphers -## dashboard.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +## dashboard.listener.https.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## See: 'listener.ssl..secure_renegotiate' in emq.conf ## diff --git a/apps/emqx_dashboard/priv/emqx_dashboard.schema b/apps/emqx_dashboard/priv/emqx_dashboard.schema index fcc8f3489..65dba68d1 100644 --- a/apps/emqx_dashboard/priv/emqx_dashboard.schema +++ b/apps/emqx_dashboard/priv/emqx_dashboard.schema @@ -9,7 +9,7 @@ {datatype, string} ]}. -{mapping, "dashboard.listener.http", "emqx_dashboard.listeners", [ +{mapping, "dashboard.listener.http.port", "emqx_dashboard.listeners", [ {datatype, integer} ]}. @@ -37,7 +37,7 @@ {datatype, {enum, [true, false]}} ]}. -{mapping, "dashboard.listener.https", "emqx_dashboard.listeners", [ +{mapping, "dashboard.listener.https.port", "emqx_dashboard.listeners", [ {datatype, integer} ]}. @@ -138,7 +138,7 @@ lists:map( fun(Proto) -> Prefix = "dashboard.listener." ++ atom_to_list(Proto), - case cuttlefish:conf_get(Prefix, Conf, undefined) of + case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of undefined -> []; Port -> [{Proto, Port, case Proto of diff --git a/apps/emqx_exhook/etc/emqx_exhook.conf b/apps/emqx_exhook/etc/emqx_exhook.conf index f6f5213f7..b2758e705 100644 --- a/apps/emqx_exhook/etc/emqx_exhook.conf +++ b/apps/emqx_exhook/etc/emqx_exhook.conf @@ -8,8 +8,8 @@ ## The gRPC server url ## ## exhook.server.$name.url = url() -exhook.server.default.url = http://127.0.0.1:9000 +exhook.server.default.url = "http://127.0.0.1:9000" -#exhook.server.default.ssl.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem -#exhook.server.default.ssl.certfile = {{ platform_etc_dir }}/certs/cert.pem -#exhook.server.default.ssl.keyfile = {{ platform_etc_dir }}/certs/key.pem +#exhook.server.default.ssl.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" +#exhook.server.default.ssl.certfile = "{{ platform_etc_dir }}/certs/cert.pem" +#exhook.server.default.ssl.keyfile = "{{ platform_etc_dir }}/certs/key.pem" diff --git a/apps/emqx_exhook/rebar.config b/apps/emqx_exhook/rebar.config index d2e437b8b..b14cb446f 100644 --- a/apps/emqx_exhook/rebar.config +++ b/apps/emqx_exhook/rebar.config @@ -41,7 +41,6 @@ {profiles, [{test, [{deps, - [{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.3.1"}}} - ]} + []} ]} ]}. diff --git a/apps/emqx_exproto/etc/emqx_exproto.conf b/apps/emqx_exproto/etc/emqx_exproto.conf index a64153791..8f45b418f 100644 --- a/apps/emqx_exproto/etc/emqx_exproto.conf +++ b/apps/emqx_exproto/etc/emqx_exproto.conf @@ -5,9 +5,9 @@ exproto.server.http.port = 9100 exproto.server.https.port = 9101 -exproto.server.https.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem -exproto.server.https.certfile = {{ platform_etc_dir }}/certs/cert.pem -exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem +exproto.server.https.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" +exproto.server.https.certfile = "{{ platform_etc_dir }}/certs/cert.pem" +exproto.server.https.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ##-------------------------------------------------------------------- ## Listeners @@ -20,12 +20,12 @@ exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem ## ## Value: ://: ## -## Examples: tcp://0.0.0.0:7993 | ssl://127.0.0.1:7994 -exproto.listener.protoname = tcp://0.0.0.0:7993 +## Examples: "tcp://0.0.0.0:7993" | "ssl://127.0.0.1:7994" +exproto.listener.protoname.endpoint = "tcp://0.0.0.0:7993" ## The ConnectionHandler server address ## -exproto.listener.protoname.connection_handler_url = http://127.0.0.1:9001 +exproto.listener.protoname.connection_handler_url = "http://127.0.0.1:9001" #exproto.listener.protoname.connection_handler_certfile = #exproto.listener.protoname.connection_handler_cacertfile = @@ -62,8 +62,8 @@ exproto.listener.protoname.idle_timeout = 30s ## ## Value: ACL Rule ## -## Example: allow 192.168.0.0/24 -exproto.listener.protoname.access.1 = allow all +## Example: "allow 192.168.0.0/24" +exproto.listener.protoname.access.1 = "allow all" ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed ## behind HAProxy or Nginx. @@ -146,27 +146,27 @@ exproto.listener.protoname.reuseaddr = true ## See: http://erlang.org/doc/man/ssl.html ## ## Value: String, seperated by ',' -#exproto.listener.protoname.tls_versions = tlsv1.2,tlsv1.1,tlsv1 +#exproto.listener.protoname.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" ## Path to the file containing the user's private PEM-encoded key. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File -#exproto.listener.protoname.keyfile = {{ platform_etc_dir }}/certs/key.pem +#exproto.listener.protoname.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ## Path to a file containing the user certificate. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File -#exproto.listener.protoname.certfile = {{ platform_etc_dir }}/certs/cert.pem +#exproto.listener.protoname.certfile = "{{ platform_etc_dir }}/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. The CA certificates ## are used during server authentication and when building the client certificate chain. ## ## Value: File -#exproto.listener.protoname.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +#exproto.listener.protoname.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## The Ephemeral Diffie-Helman key exchange is a very effective way of ## ensuring Forward Secrecy by exchanging a set of keys that never hit @@ -183,7 +183,7 @@ exproto.listener.protoname.reuseaddr = true ## openssl dhparam -out dh-params.pem 2048 ## ## Value: File -#exproto.listener.protoname.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem +#exproto.listener.protoname.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem" ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this @@ -218,13 +218,13 @@ exproto.listener.protoname.reuseaddr = true ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers -#exproto.listener.protoname.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +#exproto.listener.protoname.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#exproto.listener.protoname.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA +#exproto.listener.protoname.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" ## SSL parameter renegotiation is a feature that allows a client and a server ## to renegotiate the parameters of the SSL connection on the fly. diff --git a/apps/emqx_exproto/priv/emqx_exproto.schema b/apps/emqx_exproto/priv/emqx_exproto.schema index fb114dc77..4bd215847 100644 --- a/apps/emqx_exproto/priv/emqx_exproto.schema +++ b/apps/emqx_exproto/priv/emqx_exproto.schema @@ -44,7 +44,7 @@ end}. %%-------------------------------------------------------------------- %% Listeners -{mapping, "exproto.listener.$proto", "emqx_exproto.listeners", [ +{mapping, "exproto.listener.$proto.endpoint", "emqx_exproto.listeners", [ {datatype, string} ]}. @@ -340,7 +340,7 @@ end}. Listeners = fun(Proto) -> Prefix = string:join(["exproto","listener", Proto], "."), Opts = HandlerOpts(Prefix) ++ ConnOpts(Prefix) ++ LisOpts(Prefix), - case cuttlefish:conf_get(Prefix, Conf, undefined) of + case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of undefined -> []; ListenOn0 -> case ParseListenOn(ListenOn0) of @@ -359,6 +359,6 @@ end}. end end end, - lists:flatten([Listeners(Proto) || {[_, "listener", Proto], ListenOn} + lists:flatten([Listeners(Proto) || {[_, "listener", Proto, "endpoint"], ListenOn} <- cuttlefish_variable:filter_by_prefix("exproto.listener", Conf)]) end}. diff --git a/apps/emqx_exproto/rebar.config b/apps/emqx_exproto/rebar.config index 88831ce15..d3b297dca 100644 --- a/apps/emqx_exproto/rebar.config +++ b/apps/emqx_exproto/rebar.config @@ -44,7 +44,6 @@ {profiles, [{test, [{deps, - [{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.3.0"}}} - ]} + []} ]} ]}. diff --git a/apps/emqx_lwm2m/etc/emqx_lwm2m.conf b/apps/emqx_lwm2m/etc/emqx_lwm2m.conf index c9baf6feb..c0cca7981 100644 --- a/apps/emqx_lwm2m/etc/emqx_lwm2m.conf +++ b/apps/emqx_lwm2m/etc/emqx_lwm2m.conf @@ -21,39 +21,39 @@ lwm2m.lifetime_max = 86400s # Placeholders supported: # '%e': Endpoint Name # '%a': IP Address -lwm2m.mountpoint = lwm2m/%e/ +lwm2m.mountpoint = "lwm2m/%e/" # The topic subscribed by the lwm2m client after it is connected # Placeholders supported: # '%e': Endpoint Name # '%a': IP Address -lwm2m.topics.command = dn/# +lwm2m.topics.command = "dn/#" # The topic to which the lwm2m client's response is published -lwm2m.topics.response = up/resp +lwm2m.topics.response = "up/resp" # The topic to which the lwm2m client's notify message is published -lwm2m.topics.notify = up/notify +lwm2m.topics.notify = "up/notify" # The topic to which the lwm2m client's register message is published -lwm2m.topics.register = up/resp +lwm2m.topics.register = "up/resp" # The topic to which the lwm2m client's update message is published -lwm2m.topics.update = up/resp +lwm2m.topics.update = "up/resp" # Dir where the object definition files can be found -lwm2m.xml_dir = {{ platform_etc_dir }}/lwm2m_xml +lwm2m.xml_dir = "{{ platform_etc_dir }}/lwm2m_xml" ##-------------------------------------------------------------------- ## UDP Listener options ## The IP and port of the LwM2M Gateway ## -## Default: 0.0.0.0:5683 +## Default: "0.0.0.0:5683" ## Examples: -## lwm2m.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683 -lwm2m.bind.udp.1 = 0.0.0.0:5683 -#lwm2m.bind.udp.2 = 0.0.0.0:6683 +## lwm2m.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683" +lwm2m.bind.udp.1 = "0.0.0.0:5683" +#lwm2m.bind.udp.2 = "0.0.0.0:6683" ## Socket options, used for performance tuning ## @@ -70,13 +70,13 @@ lwm2m.opts.read_packets = 20 ## The DTLS port that LwM2M is listening on. ## -## Default: 0.0.0.0:5684 +## Default: "0.0.0.0:5684" ## ## Examples: -## lwm2m.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684 +## lwm2m.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684" ## -lwm2m.bind.dtls.1 = 0.0.0.0:5684 -#lwm2m.bind.dtls.2 = 0.0.0.0:6684 +lwm2m.bind.dtls.1 = "0.0.0.0:5684" +#lwm2m.bind.dtls.2 = "0.0.0.0:6684" ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this @@ -90,17 +90,17 @@ lwm2m.bind.dtls.1 = 0.0.0.0:5684 ## Private key file for DTLS ## ## Value: File -lwm2m.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem +lwm2m.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ## Server certificate for DTLS. ## ## Value: File -lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem +lwm2m.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem" ## PEM-encoded CA certificates for DTLS ## ## Value: File -#lwm2m.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +#lwm2m.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## Used together with {verify, verify_peer} by an SSL server. If set to true, ## the server fails if the client does not have a certificate to send, that is, @@ -126,11 +126,11 @@ lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers -lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +lwm2m.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## ## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#lwm2m.dtls.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA +#lwm2m.dtls.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" diff --git a/apps/emqx_lwm2m/rebar.config b/apps/emqx_lwm2m/rebar.config index b9dea9bb8..fbfcdc02f 100644 --- a/apps/emqx_lwm2m/rebar.config +++ b/apps/emqx_lwm2m/rebar.config @@ -5,7 +5,6 @@ {profiles, [{test, [{deps, [{er_coap_client, {git, "https://github.com/emqx/er_coap_client", {tag, "v1.0"}}}, - {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}, {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.0"}}} ]} ]} diff --git a/apps/emqx_management/etc/emqx_management.conf b/apps/emqx_management/etc/emqx_management.conf index 31a3c1dc5..a01a6aaf1 100644 --- a/apps/emqx_management/etc/emqx_management.conf +++ b/apps/emqx_management/etc/emqx_management.conf @@ -23,7 +23,7 @@ management.default_application.secret = public ##-------------------------------------------------------------------- ## HTTP Listener -management.listener.http = 8081 +management.listener.http.port = 8081 management.listener.http.acceptors = 2 management.listener.http.max_clients = 512 management.listener.http.backlog = 512 @@ -35,18 +35,18 @@ management.listener.http.ipv6_v6only = false ##-------------------------------------------------------------------- ## HTTPS Listener -## management.listener.https = 8081 +## management.listener.https.port = 8081 ## management.listener.https.acceptors = 2 ## management.listener.https.max_clients = 512 ## management.listener.https.backlog = 512 ## management.listener.https.send_timeout = 15s ## management.listener.https.send_timeout_close = on -## management.listener.https.certfile = etc/certs/cert.pem -## management.listener.https.keyfile = etc/certs/key.pem -## management.listener.https.cacertfile = etc/certs/cacert.pem +## management.listener.https.certfile = "etc/certs/cert.pem" +## management.listener.https.keyfile = "etc/certs/key.pem" +## management.listener.https.cacertfile = "etc/certs/cacert.pem" ## management.listener.https.verify = verify_peer -## management.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1 -## management.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +## management.listener.https.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" +## management.listener.https.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## management.listener.https.fail_if_no_peer_cert = true ## management.listener.https.inet6 = false ## management.listener.https.ipv6_v6only = false diff --git a/apps/emqx_management/priv/emqx_management.schema b/apps/emqx_management/priv/emqx_management.schema index 343a70de6..4e887809e 100644 --- a/apps/emqx_management/priv/emqx_management.schema +++ b/apps/emqx_management/priv/emqx_management.schema @@ -21,7 +21,7 @@ {datatype, string} ]}. -{mapping, "management.listener.http", "emqx_management.listeners", [ +{mapping, "management.listener.http.port", "emqx_management.listeners", [ {datatype, [integer, ip]} ]}. @@ -85,7 +85,7 @@ {datatype, {enum, [true, false]}} ]}. -{mapping, "management.listener.https", "emqx_management.listeners", [ +{mapping, "management.listener.https.port", "emqx_management.listeners", [ {datatype, [integer, ip]} ]}. @@ -225,7 +225,7 @@ end}. lists:foldl( fun(Proto, Acc) -> Prefix = "management.listener." ++ atom_to_list(Proto), - case cuttlefish:conf_get(Prefix, Conf, undefined) of + case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of undefined -> Acc; Port -> [{Proto, Port, TcpOpts(Prefix) ++ Opts(Prefix) diff --git a/apps/emqx_prometheus/etc/emqx_prometheus.conf b/apps/emqx_prometheus/etc/emqx_prometheus.conf index 7bfa22095..92e0d850d 100644 --- a/apps/emqx_prometheus/etc/emqx_prometheus.conf +++ b/apps/emqx_prometheus/etc/emqx_prometheus.conf @@ -5,7 +5,7 @@ ## The Prometheus Push Gateway URL address ## ## Note: You can comment out this line to disable it -prometheus.push.gateway.server = http://127.0.0.1:9091 +prometheus.push.gateway.server = "http://127.0.0.1:9091" ## The metrics data push interval (millisecond) ## diff --git a/apps/emqx_psk_file/etc/emqx_psk_file.conf b/apps/emqx_psk_file/etc/emqx_psk_file.conf index 3cee1c926..88c5bbdb1 100644 --- a/apps/emqx_psk_file/etc/emqx_psk_file.conf +++ b/apps/emqx_psk_file/etc/emqx_psk_file.conf @@ -1,2 +1,2 @@ -psk.file.path = {{ platform_etc_dir }}/psk.txt -psk.file.delimiter = : \ No newline at end of file +psk.file.path = "{{ platform_etc_dir }}/psk.txt" +psk.file.delimiter = ":" diff --git a/apps/emqx_retainer/etc/emqx_retainer.conf b/apps/emqx_retainer/etc/emqx_retainer.conf index 0a883cee5..4db438a98 100644 --- a/apps/emqx_retainer/etc/emqx_retainer.conf +++ b/apps/emqx_retainer/etc/emqx_retainer.conf @@ -37,5 +37,5 @@ retainer.max_payload_size = 1MB ## - 30m: 30 minutes ## - 20s: 20 seconds ## -## Defaut: 0 +## Default: 0 retainer.expiry_interval = 0 diff --git a/apps/emqx_retainer/rebar.config b/apps/emqx_retainer/rebar.config index 9557780e8..7e762cb72 100644 --- a/apps/emqx_retainer/rebar.config +++ b/apps/emqx_retainer/rebar.config @@ -18,7 +18,7 @@ {profiles, [{test, [{deps, - [{emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.2.2"}}}, + [ {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3"}}}]} ]} ]}. diff --git a/apps/emqx_rule_engine/etc/emqx_rule_engine.conf b/apps/emqx_rule_engine/etc/emqx_rule_engine.conf index 2fe946779..556c59970 100644 --- a/apps/emqx_rule_engine/etc/emqx_rule_engine.conf +++ b/apps/emqx_rule_engine/etc/emqx_rule_engine.conf @@ -32,7 +32,7 @@ rule_engine.ignore_sys_message = on ## ## QoS-Level: qos0/qos1/qos2 -#rule_engine.events.client_connected = on, qos1 +#rule_engine.events.client_connected = "on, qos1" rule_engine.events.client_connected = off rule_engine.events.client_disconnected = off rule_engine.events.session_subscribed = off diff --git a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl index fe4c78fb1..a1c719201 100644 --- a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl +++ b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl @@ -2438,7 +2438,7 @@ start_apps() -> [start_apps(App, SchemaFile, ConfigFile) || {App, SchemaFile, ConfigFile} <- [{emqx, deps_path(emqx, "priv/emqx.schema"), - deps_path(emqx, "etc/emqx.conf")}, + deps_path(emqx, "etc/emqx.conf.rendered")}, {emqx_rule_engine, local_path("priv/emqx_rule_engine.schema"), local_path("etc/emqx_rule_engine.conf")}]]. @@ -2450,7 +2450,7 @@ start_apps(App, SchemaFile, ConfigFile) -> read_schema_configs(App, SchemaFile, ConfigFile) -> ct:pal("Read configs - SchemaFile: ~p, ConfigFile: ~p", [SchemaFile, ConfigFile]), Schema = cuttlefish_schema:files([SchemaFile]), - Conf = conf_parse:file(ConfigFile), + {ok, Conf} = hocon:load(ConfigFile, #{format => proplists}), NewConfig = cuttlefish_generator:map(Schema, Conf), Vals = proplists:get_value(App, NewConfig, []), [application:set_env(App, Par, Value) || {Par, Value} <- Vals]. diff --git a/apps/emqx_sn/etc/emqx_sn.conf b/apps/emqx_sn/etc/emqx_sn.conf index 6572812c1..e05f1e7be 100644 --- a/apps/emqx_sn/etc/emqx_sn.conf +++ b/apps/emqx_sn/etc/emqx_sn.conf @@ -6,7 +6,7 @@ ## ## Value: IP:Port | Port ## -## Examples: 1884, 127.0.0.1:1884, ::1:1884 +## Examples: 1884, "127.0.0.1:1884", "::1:1884" mqtt.sn.port = 1884 ## The duration that emqx-sn broadcast ADVERTISE message through. @@ -37,8 +37,8 @@ mqtt.sn.idle_timeout = 30s ## The pre-defined topic name corresponding to the pre-defined topic id of N. ## Note that the pre-defined topic id of 0 is reserved. mqtt.sn.predefined.topic.0 = reserved -mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello -mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice +mqtt.sn.predefined.topic.1 = "/predefined/topic/name/hello" +mqtt.sn.predefined.topic.2 = "/predefined/topic/name/nice" ## Default username for MQTT-SN. This parameter is optional. If specified, ## emq-sn will connect EMQ core with this username. It is useful if any auth diff --git a/apps/emqx_sn/priv/emqx_sn.schema b/apps/emqx_sn/priv/emqx_sn.schema index a585c1037..edc76db37 100644 --- a/apps/emqx_sn/priv/emqx_sn.schema +++ b/apps/emqx_sn/priv/emqx_sn.schema @@ -1,23 +1,19 @@ %%-*- mode: erlang -*- %% emqx_sn config mapping {mapping, "mqtt.sn.port", "emqx_sn.port", [ - {default, "1884"}, - {datatype, string} + {default, 1884}, + {datatype, [integer, ip]} ]}. {translation, "emqx_sn.port", fun(Conf) -> - case re:split(cuttlefish:conf_get("mqtt.sn.port", Conf, ""), ":", [{return, list}]) of - [Port] -> - {{0,0,0,0}, list_to_integer(Port)}; - Tokens -> - Port = lists:last(Tokens), - IP = case inet:parse_address(lists:flatten(lists:join(":", Tokens -- [Port]))) of - {error, Reason} -> - throw({invalid_ip_address, Reason}); - {ok, X} -> X - end, - Port1 = list_to_integer(Port), - {IP, Port1} + case cuttlefish:conf_get("mqtt.sn.port", Conf, undefined) of + Port when is_integer(Port) -> + {{0,0,0,0}, Port}; + {Ip, Port} -> + case inet:parse_address(Ip) of + {ok ,R} -> {R, Port}; + _ -> {Ip, Port} + end end end}. diff --git a/apps/emqx_sn/rebar.config b/apps/emqx_sn/rebar.config index 5fecbb815..cbdac78f6 100644 --- a/apps/emqx_sn/rebar.config +++ b/apps/emqx_sn/rebar.config @@ -2,8 +2,7 @@ {plugins, [rebar3_proper]}. {deps, - [{esockd, {git, "https://github.com/emqx/esockd", {tag, "5.7.4"}}}, - {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}} + [{esockd, {git, "https://github.com/emqx/esockd", {tag, "5.7.4"}}} ]}. {edoc_opts, [{preprocess, true}]}. diff --git a/apps/emqx_stomp/etc/emqx_stomp.conf b/apps/emqx_stomp/etc/emqx_stomp.conf index e47f40b54..d8876670e 100644 --- a/apps/emqx_stomp/etc/emqx_stomp.conf +++ b/apps/emqx_stomp/etc/emqx_stomp.conf @@ -8,7 +8,7 @@ ## The Port that stomp listener will bind. ## ## Value: Port -stomp.listener = 61613 +stomp.listener.port = 61613 ## The acceptor pool for stomp listener. ## @@ -28,22 +28,22 @@ stomp.listener.max_connections = 512 ## Path to the file containing the user's private PEM-encoded key. ## ## Value: File -## stomp.listener.keyfile = etc/certs/key.pem +## stomp.listener.keyfile = "etc/certs/key.pem" ## Path to a file containing the user certificate. ## ## Value: File -## stomp.listener.certfile = etc/certs/cert.pem +## stomp.listener.certfile = "etc/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. ## ## Value: File -## stomp.listener.cacertfile = etc/certs/cacert.pem +## stomp.listener.cacertfile = "etc/certs/cacert.pem" ## See: 'listener.ssl..dhfile' in emq.conf ## ## Value: File -## stomp.listener.dhfile = etc/certs/dh-params.pem +## stomp.listener.dhfile = "etc/certs/dh-params.pem" ## See: 'listener.ssl..vefify' in emq.conf ## @@ -58,7 +58,7 @@ stomp.listener.max_connections = 512 ## TLS versions only to protect from POODLE attack. ## ## Value: String, seperated by ',' -## stomp.listener.tls_versions = tlsv1.2,tlsv1.1,tlsv1 +## stomp.listener.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" ## SSL Handshake timeout. ## @@ -68,7 +68,7 @@ stomp.listener.max_connections = 512 ## See: 'listener.ssl..ciphers' in emq.conf ## ## Value: Ciphers -## stomp.listener.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +## stomp.listener.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## See: 'listener.ssl..secure_renegotiate' in emq.conf ## diff --git a/apps/emqx_stomp/priv/emqx_stomp.schema b/apps/emqx_stomp/priv/emqx_stomp.schema index c77cc297e..32a3c272b 100644 --- a/apps/emqx_stomp/priv/emqx_stomp.schema +++ b/apps/emqx_stomp/priv/emqx_stomp.schema @@ -1,7 +1,7 @@ %%-*- mode: erlang -*- %% emqx_stomp config mapping -{mapping, "stomp.listener", "emqx_stomp.listener", [ +{mapping, "stomp.listener.port", "emqx_stomp.listener", [ {default, 61613}, {datatype, [integer, ip]} ]}. @@ -72,7 +72,7 @@ ]}. {translation, "emqx_stomp.listener", fun(Conf) -> - Port = cuttlefish:conf_get("stomp.listener", Conf), + Port = cuttlefish:conf_get("stomp.listener.port", Conf), Acceptors = cuttlefish:conf_get("stomp.listener.acceptors", Conf), MaxConnections = cuttlefish:conf_get("stomp.listener.max_connections", Conf), Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, diff --git a/apps/emqx_telemetry/etc/emqx_telemetry.conf b/apps/emqx_telemetry/etc/emqx_telemetry.conf index 041b54f60..326ef0508 100644 --- a/apps/emqx_telemetry/etc/emqx_telemetry.conf +++ b/apps/emqx_telemetry/etc/emqx_telemetry.conf @@ -13,8 +13,8 @@ telemetry.enabled = true ## ## Value: String ## -## Default: https://telemetry.emqx.io/api/telemetry -telemetry.url = https://telemetry.emqx.io/api/telemetry +## Default: "https://telemetry.emqx.io/api/telemetry" +telemetry.url = "https://telemetry.emqx.io/api/telemetry" ## Interval for reporting telemetry data ## @@ -25,4 +25,4 @@ telemetry.url = https://telemetry.emqx.io/api/telemetry ## -s: second ## ## Default: 7d -telemetry.report_interval = 7d \ No newline at end of file +telemetry.report_interval = 7d diff --git a/apps/emqx_web_hook/etc/emqx_web_hook.conf b/apps/emqx_web_hook/etc/emqx_web_hook.conf index 159769394..c585a4e13 100644 --- a/apps/emqx_web_hook/etc/emqx_web_hook.conf +++ b/apps/emqx_web_hook/etc/emqx_web_hook.conf @@ -5,16 +5,16 @@ ## Webhook URL ## ## Value: String -web.hook.url = http://127.0.0.1:80 +web.hook.url = "http://127.0.0.1:80" ## HTTP Headers -## +## ## Example: -## 1. web.hook.headers.content-type = application/json -## 2. web.hook.headers.accept = * +## 1. web.hook.headers.content-type = "application/json" +## 2. web.hook.headers.accept = "*" ## ## Value: String -web.hook.headers.content-type = application/json +web.hook.headers.content-type = "application/json" ## The encoding format of the payload field in the HTTP body ## The payload field only appears in the on_message_publish and on_message_delivered actions @@ -54,15 +54,15 @@ web.hook.pool_size = 32 ## ## Format: ## web.hook.rule.. = -#web.hook.rule.client.connect.1 = {"action": "on_client_connect"} -#web.hook.rule.client.connack.1 = {"action": "on_client_connack"} -#web.hook.rule.client.connected.1 = {"action": "on_client_connected"} -#web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"} -#web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"} -#web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"} -#web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"} -#web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"} -#web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"} -#web.hook.rule.message.publish.1 = {"action": "on_message_publish"} -#web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"} -#web.hook.rule.message.acked.1 = {"action": "on_message_acked"} +#web.hook.rule.client.connect.1 = "{"action": "on_client_connect"}" +#web.hook.rule.client.connack.1 = "{"action": "on_client_connack"}" +#web.hook.rule.client.connected.1 = "{"action": "on_client_connected"}" +#web.hook.rule.client.disconnected.1 = "{"action": "on_client_disconnected"}" +#web.hook.rule.client.subscribe.1 = "{"action": "on_client_subscribe"}" +#web.hook.rule.client.unsubscribe.1 = "{"action": "on_client_unsubscribe"}" +#web.hook.rule.session.subscribed.1 = "{"action": "on_session_subscribed"}" +#web.hook.rule.session.unsubscribed.1 = "{"action": "on_session_unsubscribed"}" +#web.hook.rule.session.terminated.1 = "{"action": "on_session_terminated"}" +#web.hook.rule.message.publish.1 = "{"action": "on_message_publish"}" +#web.hook.rule.message.delivered.1 = "{"action": "on_message_delivered"}" +#web.hook.rule.message.acked.1 = ""{"action": "on_message_acked"}" diff --git a/apps/emqx_web_hook/rebar.config b/apps/emqx_web_hook/rebar.config index 3684b78b0..41092e11e 100644 --- a/apps/emqx_web_hook/rebar.config +++ b/apps/emqx_web_hook/rebar.config @@ -23,8 +23,7 @@ [{test, [{erl_opts, [export_all, nowarn_export_all]}, {deps, - [{emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.3.0"}}}, - {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}}, + [ {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3"}}} ]} ]} diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml index 45b966c3b..b2a687f78 100644 --- a/deploy/charts/emqx/values.yaml +++ b/deploy/charts/emqx/values.yaml @@ -42,7 +42,7 @@ initContainers: {} ## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx) emqxConfig: - EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc:443" + EMQX_CLUSTER__K8S__APISERVER: \"https://kubernetes.default.svc:443\" ## The address type is used to extract host from k8s service. ## Value: ip | dns | hostname ## Note:Hostname is only supported after v4.0-rc.2 diff --git a/etc/emqx.conf b/etc/emqx.conf index 3ec0a52a9..cacea8193 100644 --- a/etc/emqx.conf +++ b/etc/emqx.conf @@ -58,7 +58,7 @@ cluster.autoclean = 5m ## Node list of the cluster. ## ## Value: String -## cluster.static.seeds = emqx1@127.0.0.1,emqx2@127.0.0.1 +## cluster.static.seeds = "emqx1@127.0.0.1,emqx2@127.0.0.1" ##-------------------------------------------------------------------- ## Cluster using IP Multicast. @@ -66,19 +66,19 @@ cluster.autoclean = 5m ## IP Multicast Address. ## ## Value: IP Address -## cluster.mcast.addr = 239.192.0.1 +## cluster.mcast.addr = "239.192.0.1" ## Multicast Ports. ## ## Value: Port List -## cluster.mcast.ports = 4369,4370 +## cluster.mcast.ports = "4369,4370" ## Multicast Iface. ## ## Value: Iface Address ## -## Default: 0.0.0.0 -## cluster.mcast.iface = 0.0.0.0 +## Default: "0.0.0.0" +## cluster.mcast.iface = "0.0.0.0" ## Multicast Ttl. ## @@ -109,7 +109,7 @@ cluster.autoclean = 5m ## Etcd server list, seperated by ','. ## ## Value: String -## cluster.etcd.server = http://127.0.0.1:2379 +## cluster.etcd.server = "http://127.0.0.1:2379" ## The prefix helps build nodes path in etcd. Each node in the cluster ## will create a path in etcd: v2/keys/// @@ -127,18 +127,18 @@ cluster.autoclean = 5m ## Path to a file containing the client's private PEM-encoded key. ## ## Value: File -## cluster.etcd.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem +## cluster.etcd.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem" ## The path to a file containing the client's certificate. ## ## Value: File -## cluster.etcd.ssl.certfile = {{ platform_etc_dir }}/certs/client.pem +## cluster.etcd.ssl.certfile = "{{ platform_etc_dir }}/certs/client.pem" ## Path to the file containing PEM-encoded CA certificates. The CA certificates ## are used during server authentication and when building the client certificate chain. ## ## Value: File -## cluster.etcd.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem +## cluster.etcd.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem" ##-------------------------------------------------------------------- ## Cluster using Kubernetes @@ -146,7 +146,7 @@ cluster.autoclean = 5m ## Kubernetes API server list, seperated by ','. ## ## Value: String -## cluster.k8s.apiserver = http://10.110.111.204:8080 +## cluster.k8s.apiserver = "http://10.110.111.204:8080" ## The service name helps lookup EMQ nodes in the cluster. ## @@ -194,7 +194,7 @@ node.cookie = emqxsecretcookie ## Data dir for the node ## ## Value: Folder -node.data_dir = {{ platform_data_dir }} +node.data_dir = "{{ platform_data_dir }}" ## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable ## heartbeat, or set the value as 'on' @@ -271,14 +271,14 @@ node.global_gc_interval = 15m ## Crash dump log file. ## ## Value: Log file -node.crash_dump = {{ platform_log_dir }}/crash.dump +node.crash_dump = "{{ platform_log_dir }}/crash.dump" ## Specify SSL Options in the file if using SSL for Erlang Distribution. ## ## Value: File ## ## vm.args: -ssl_dist_optfile -## node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf +## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf" ## Sets the net_kernel tick time. TickTime is specified in seconds. ## Notice that all communicating nodes are to have the same TickTime @@ -427,7 +427,7 @@ log.level = warning ## The dir for log files. ## ## Value: Folder -log.dir = {{ platform_log_dir }} +log.dir = "{{ platform_log_dir }}" ## The log filename for logs of level specified in "log.level". ## @@ -450,7 +450,7 @@ log.file = emqx.log ## ## Value: on | off ## Default: on -log.rotation = on +log.rotation.enable = on ## Maximum size of each log file. ## @@ -569,7 +569,7 @@ log.rotation.count = 5 ## Value: MaxBurstCount,TimeWindow ## Default: disabled ## -#log.burst_limit = 20000, 1s +#log.burst_limit = "20000, 1s" ##-------------------------------------------------------------------- ## Authentication/Access Control @@ -589,7 +589,7 @@ acl_nomatch = allow ## Default ACL File. ## ## Value: File Name -acl_file = {{ platform_etc_dir }}/acl.conf +acl_file = "{{ platform_etc_dir }}/acl.conf" ## Whether to enable ACL cache. ## @@ -623,7 +623,7 @@ acl_deny_action = ignore ## 3. banned interval: the banned interval if a flapping is detected. ## ## Value: Integer,Duration,Duration -flapping_detect_policy = 30, 1m, 5m +flapping_detect_policy = "30, 1m, 5m" ##-------------------------------------------------------------------- ## MQTT Protocol @@ -722,7 +722,7 @@ zone.external.acl_deny_action = ignore ## messages | bytes passed through. ## ## Numbers delimited by `|'. Zero or negative is to disable. -zone.external.force_gc_policy = 16000|16MB +zone.external.force_gc_policy = "16000|16MB" ## Max message queue length and total heap size to force shutdown ## connection/session process. @@ -732,9 +732,9 @@ zone.external.force_gc_policy = 16000|16MB ## Numbers delimited by `|'. Zero or negative is to disable. ## ## Default: -## - 10000|64MB on ARCH_64 system -## - 1000|32MB on ARCH_32 sytem -#zone.external.force_shutdown_policy = 10000|64MB +## - "10000|64MB" on ARCH_64 system +## - "1000|32MB" on ARCH_32 sytem +#zone.external.force_shutdown_policy = "10000|64MB" ## Maximum MQTT packet size allowed. ## @@ -840,7 +840,7 @@ zone.external.max_mqueue_len = 1000 ## are treated equal ## ## Priority number [1-255] -## Example: topic/1=10,topic/2=8 +## Example: "topic/1=10,topic/2=8" ## NOTE: comma and equal signs are not allowed for priority topic names ## NOTE: messages for topics not in the priority table are treated as ## either highest or lowest priority depending on the configured @@ -867,29 +867,29 @@ zone.external.enable_flapping_detect = off ## ## Value: Number,Duration ## Example: 100 messages per 10 seconds. -#zone.external.rate_limit.conn_messages_in = 100,10s +#zone.external.rate_limit.conn_messages_in = "100,10s" ## Bytes limit for a external MQTT connections. ## ## Value: Number,Duration ## Example: 100KB incoming per 10 seconds. -#zone.external.rate_limit.conn_bytes_in = 100KB,10s +#zone.external.rate_limit.conn_bytes_in = "100KB,10s" ## Messages quota for the each of external MQTT connection. ## This value consumed by the number of recipient on a message. ## ## Value: Number, Duration ## -## Example: 100 messaegs per 1s -#zone.external.quota.conn_messages_routing = 100,1s +## Example: 100 messages per 1s +#zone.external.quota.conn_messages_routing = "100,1s" ## Messages quota for the all of external MQTT connections. ## This value consumed by the number of recipient on a message. ## ## Value: Number, Duration ## -## Example: 200000 messaegs per 1s -#zone.external.quota.overall_messages_routing = 200000,1s +## Example: 200000 messages per 1s +#zone.external.quota.overall_messages_routing = "200000,1s" ## All the topics will be prefixed with the mountpoint path if this option is enabled. ## @@ -898,7 +898,7 @@ zone.external.enable_flapping_detect = off ## - %u: username ## ## Value: String -## zone.external.mountpoint = devicebound/ +## zone.external.mountpoint = "devicebound/" ## Whether use username replace client id ## @@ -943,7 +943,7 @@ zone.internal.enable_acl = off zone.internal.acl_deny_action = ignore ## See zone.$name.force_gc_policy -## zone.internal.force_gc_policy = 128000|128MB +## zone.internal.force_gc_policy = "128000|128MB" ## See zone.$name.wildcard_subscription. ## @@ -988,8 +988,8 @@ zone.internal.enable_flapping_detect = off ## See zone.$name.force_shutdown_policy ## ## Default: -## - 10000|64MB on ARCH_64 system -## - 1000|32MB on ARCH_32 sytem +## - "10000|64MB" on ARCH_64 system +## - "1000|32MB" on ARCH_32 sytem #zone.internal.force_shutdown_policy = 10000|64MB ## All the topics will be prefixed with the mountpoint path if this option is enabled. @@ -999,7 +999,7 @@ zone.internal.enable_flapping_detect = off ## - %u: username ## ## Value: String -## zone.internal.mountpoint = cloudbound/ +## zone.internal.mountpoint = "cloudbound/" ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) ## @@ -1033,8 +1033,8 @@ zone.internal.bypass_auth_plugins = true ## ## Value: IP:Port | Port ## -## Examples: 1883, 127.0.0.1:1883, ::1:1883 -listener.tcp.external = 0.0.0.0:1883 +## Examples: 1883, "127.0.0.1:1883", "::1:1883" +listener.tcp.external.endpoint = "0.0.0.0:1883" ## The acceptor pool for external MQTT/TCP listener. ## @@ -1069,8 +1069,8 @@ listener.tcp.external.zone = external ## ## Value: ACL Rule ## -## Example: allow 192.168.0.0/24 -listener.tcp.external.access.1 = allow all +## Example: "allow 192.168.0.0/24" +listener.tcp.external.access.1 = "allow all" ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed ## behind HAProxy or Nginx. @@ -1165,8 +1165,8 @@ listener.tcp.external.reuseaddr = true ## ## Value: IP:Port, Port ## -## Examples: 11883, 127.0.0.1:11883, ::1:11883 -listener.tcp.internal = 127.0.0.1:11883 +## Examples: 11883, "127.0.0.1:11883", "::1:11883" +listener.tcp.internal.endpoint = "127.0.0.1:11883" ## The acceptor pool for internal MQTT/TCP listener. ## @@ -1262,8 +1262,8 @@ listener.tcp.internal.reuseaddr = true ## ## Value: IP:Port | Port ## -## Examples: 8883, 127.0.0.1:8883, ::1:8883 -listener.ssl.external = 8883 +## Examples: 8883, "127.0.0.1:8883", "::1:8883" +listener.ssl.external.endpoint = 8883 ## The acceptor pool for external MQTT/SSL listener. ## @@ -1295,7 +1295,7 @@ listener.ssl.external.zone = external ## See: listener.tcp.$name.access ## ## Value: ACL Rule -listener.ssl.external.access.1 = allow all +listener.ssl.external.access.1 = "allow all" ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind ## HAProxy or Nginx. @@ -1317,7 +1317,7 @@ listener.ssl.external.access.1 = allow all ## See: http://erlang.org/doc/man/ssl.html ## ## Value: String, seperated by ',' -## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 +## listener.ssl.external.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" ## TLS Handshake timeout. ## @@ -1341,20 +1341,20 @@ listener.ssl.external.handshake_timeout = 15s ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File -listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem +listener.ssl.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ## Path to a file containing the user certificate. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File -listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem +listener.ssl.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. The CA certificates ## are used during server authentication and when building the client certificate chain. ## ## Value: File -## listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +## listener.ssl.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## The Ephemeral Diffie-Helman key exchange is a very effective way of ## ensuring Forward Secrecy by exchanging a set of keys that never hit @@ -1371,7 +1371,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## openssl dhparam -out dh-params.pem 2048 ## ## Value: File -## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem +## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem" ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this @@ -1406,13 +1406,13 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers -listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +listener.ssl.external.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA +#listener.ssl.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" ## SSL parameter renegotiation is a feature that allows a client and a server ## to renegotiate the parameters of the SSL connection on the fly. @@ -1514,13 +1514,13 @@ listener.ssl.external.reuseaddr = true ## ## Value: IP:Port | Port ## -## Examples: 8083, 127.0.0.1:8083, ::1:8083 -listener.ws.external = 8083 +## Examples: 8083, "127.0.0.1:8083", "::1:8083" +listener.ws.external.endpoint = 8083 ## The path of WebSocket MQTT endpoint ## ## Value: URL Path -listener.ws.external.mqtt_path = /mqtt +listener.ws.external.mqtt_path = "/mqtt" ## The acceptor pool for external MQTT/WebSocket listener. ## @@ -1552,7 +1552,7 @@ listener.ws.external.zone = external ## See: listener.ws.$name.access ## ## Value: ACL Rule -listener.ws.external.access.1 = allow all +listener.ws.external.access.1 = "allow all" ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send. ## Set to false for WeChat MiniApp. @@ -1723,7 +1723,7 @@ listener.ws.external.allow_origin_absence = true ## Comma separated list of allowed origin in header for websocket connection ## ## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083 -listener.ws.external.check_origins = http://localhost:18083, http://127.0.0.1:18083 +listener.ws.external.check_origins = "http://localhost:18083, http://127.0.0.1:18083" ##-------------------------------------------------------------------- ## External WebSocket/SSL listener for MQTT Protocol @@ -1733,13 +1733,13 @@ listener.ws.external.check_origins = http://localhost:18083, http://127.0.0.1:18 ## ## Value: IP:Port | Port ## -## Examples: 8084, 127.0.0.1:8084, ::1:8084 -listener.wss.external = 8084 +## Examples: 8084, "127.0.0.1:8084", "::1:8084" +listener.wss.external.endpoint = 8084 ## The path of WebSocket MQTT endpoint ## ## Value: URL Path -listener.wss.external.mqtt_path = /mqtt +listener.wss.external.mqtt_path = "/mqtt" ## The acceptor pool for external MQTT/WebSocket/SSL listener. ## @@ -1773,7 +1773,7 @@ listener.wss.external.zone = external ## See: listener.tcp.$name.access. ## ## Value: ACL Rule -listener.wss.external.access.1 = allow all +listener.wss.external.access.1 = "allow all" ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send. ## Set to false for WeChat MiniApp. @@ -1805,28 +1805,28 @@ listener.wss.external.access.1 = allow all ## See: listener.ssl.$name.tls_versions ## ## Value: String, seperated by ',' -## listener.wss.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 +## listener.wss.external.tls_versions = "tlsv1.2,tlsv1.1,tlsv1" ## Path to the file containing the user's private PEM-encoded key. ## ## See: listener.ssl.$name.keyfile ## ## Value: File -listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem +listener.wss.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ## Path to a file containing the user certificate. ## ## See: listener.ssl.$name.certfile ## ## Value: File -listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem +listener.wss.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem" ## Path to the file containing PEM-encoded CA certificates. ## ## See: listener.ssl.$name.cacert ## ## Value: File -## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem +## listener.wss.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## Maximum number of non-self-issued intermediate certificates that ## can follow the peer certificate in a valid certification path. @@ -1847,7 +1847,7 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## See: listener.ssl.$name.dhfile ## ## Value: File -## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem +## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem" ## See: listener.ssl.$name.vefify ## @@ -1862,13 +1862,13 @@ listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## See: listener.ssl.$name.ciphers ## ## Value: Ciphers -listener.wss.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +listener.wss.external.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. -## listener.wss.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA +## listener.wss.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" ## See: listener.ssl.$name.secure_renegotiate ## @@ -2022,7 +2022,7 @@ listener.wss.external.allow_origin_absence = true ## Comma separated list of allowed origin in header for secure websocket connection ## ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084 -listener.wss.external.check_origins = https://localhost:8084, https://127.0.0.1:8084 +listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084" ##-------------------------------------------------------------------- ## Modules @@ -2030,7 +2030,7 @@ listener.wss.external.check_origins = https://localhost:8084, https://127.0.0.1: ## The file to store loaded module names. ## ## Value: File -modules.loaded_file = {{ platform_data_dir }}/loaded_modules +modules.loaded_file = "{{ platform_data_dir }}/loaded_modules" ##-------------------------------------------------------------------- ## Presence Module @@ -2046,7 +2046,7 @@ module.presence.qos = 1 ## Subscribe the Topics automatically when client connected. ## ## Value: String -## module.subscription.1.topic = connected/%c/%u +## module.subscription.1.topic = "connected/%c/%u" ## Qos of the proxy subscription. ## @@ -2079,8 +2079,8 @@ module.presence.qos = 1 ## Rewrite Module ## {rewrite, Topic, Re, Dest} -## module.rewrite.pub.rule.1 = x/# ^x/y/(.+)$ z/y/$1 -## module.rewrite.sub.rule.1 = y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2 +## module.rewrite.pub.rule.1 = "x/# ^x/y/(.+)$ z/y/$1" +## module.rewrite.sub.rule.1 = "y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2" ##------------------------------------------------------------------- ## Plugins @@ -2089,17 +2089,17 @@ module.presence.qos = 1 ## The etc dir for plugins' config. ## ## Value: Folder -plugins.etc_dir = {{ platform_etc_dir }}/plugins/ +plugins.etc_dir = "{{ platform_etc_dir }}/plugins/" ## The file to store loaded plugin names. ## ## Value: File -plugins.loaded_file = {{ platform_data_dir }}/loaded_plugins +plugins.loaded_file = "{{ platform_data_dir }}/loaded_plugins" ## The directory of extension plugins. ## ## Value: File -plugins.expand_plugins_dir = {{ platform_plugins_dir }}/ +plugins.expand_plugins_dir = "{{ platform_plugins_dir }}/" ##-------------------------------------------------------------------- ## Broker @@ -2189,7 +2189,6 @@ sysmon.long_gc = 0 ## Examples: ## - 2h: 2 hours ## - 30m: 30 minutes -## - 0.1s: 0.1 seconds ## - 100ms: 100 milliseconds ## ## Default: 0ms @@ -2281,8 +2280,8 @@ vm_mon.process_low_watermark = 60% ## - log ## - publish ## -## Default: log,publish -alarm.actions = log,publish +## Default: "log,publish" +alarm.actions = "log,publish" ## The maximum number of deactivated alarms ## diff --git a/priv/emqx.schema b/priv/emqx.schema index bdf8a053f..f1c510de3 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -482,7 +482,7 @@ end}. {datatype, integer} ]}. -{mapping, "log.rotation", "kernel.logger", [ +{mapping, "log.rotation.enable", "kernel.logger", [ {default, on}, {datatype, flag} ]}. @@ -576,7 +576,7 @@ end}. {translation, "kernel.logger", fun(Conf) -> LogTo = cuttlefish:conf_get("log.to", Conf), LogLevel = cuttlefish:conf_get("log.level", Conf), - LogType = case cuttlefish:conf_get("log.rotation", Conf) of + LogType = case cuttlefish:conf_get("log.rotation.enable", Conf) of true -> wrap; false -> halt end, @@ -1166,7 +1166,7 @@ end}. %%-------------------------------------------------------------------- %% TCP Listeners -{mapping, "listener.tcp.$name", "emqx.listeners", [ +{mapping, "listener.tcp.$name.endpoint", "emqx.listeners", [ {datatype, [integer, ip]} ]}. @@ -1267,7 +1267,7 @@ end}. %%-------------------------------------------------------------------- %% SSL Listeners -{mapping, "listener.ssl.$name", "emqx.listeners", [ +{mapping, "listener.ssl.$name.endpoint", "emqx.listeners", [ {datatype, [integer, ip]} ]}. @@ -1431,7 +1431,7 @@ end}. %%-------------------------------------------------------------------- %% MQTT/WebSocket Listeners -{mapping, "listener.ws.$name", "emqx.listeners", [ +{mapping, "listener.ws.$name.endpoint", "emqx.listeners", [ {datatype, [integer, ip]} ]}. @@ -1607,7 +1607,7 @@ end}. %%-------------------------------------------------------------------- %% MQTT/WebSocket/SSL Listeners -{mapping, "listener.wss.$name", "emqx.listeners", [ +{mapping, "listener.wss.$name.endpoint", "emqx.listeners", [ {datatype, [integer, ip]} ]}. @@ -1845,7 +1845,6 @@ end}. ]}. {translation, "emqx.listeners", fun(Conf) -> - Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, Atom = fun(undefined) -> undefined; (S) -> list_to_atom(S) end, @@ -1984,7 +1983,7 @@ end}. TcpListeners = fun(Type, Name) -> Prefix = string:join(["listener", Type, Name], "."), - ListenOnN = case cuttlefish:conf_get(Prefix, Conf, undefined) of + ListenOnN = case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of undefined -> []; ListenOn -> case ListenOn of @@ -2001,7 +2000,7 @@ end}. end, SslListeners = fun(Type, Name) -> Prefix = string:join(["listener", Type, Name], "."), - case cuttlefish:conf_get(Prefix, Conf, undefined) of + case cuttlefish:conf_get(Prefix ++ ".endpoint", Conf, undefined) of undefined -> []; ListenOn -> @@ -2010,12 +2009,11 @@ end}. {ssl_options, SslOpts(Prefix)} | LisOpts(Prefix)]}] end end, - - lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name], ListenOn} + lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name, "endpoint"], ListenOn} <- cuttlefish_variable:filter_by_prefix("listener.tcp", Conf) ++ cuttlefish_variable:filter_by_prefix("listener.ws", Conf)] ++ - [SslListeners(Type, Name) || {["listener", Type, Name], ListenOn} + [SslListeners(Type, Name) || {["listener", Type, Name, "endpoint"], ListenOn} <- cuttlefish_variable:filter_by_prefix("listener.ssl", Conf) ++ cuttlefish_variable:filter_by_prefix("listener.wss", Conf)]) end}. diff --git a/rebar.config b/rebar.config index 28bf456e0..455683a20 100644 --- a/rebar.config +++ b/rebar.config @@ -47,7 +47,7 @@ , {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.8.0"}}} , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.8.0"}}} , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.0"}}} - , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}} + , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {branch, "hocon"}}} , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.3"}}} , {ecpool, {git, "https://github.com/emqx/ecpool", {tag, "0.5.0"}}} , {replayq, {git, "https://github.com/emqx/replayq", {tag, "0.3.1"}}} diff --git a/rebar.config.erl b/rebar.config.erl index 8c9caf138..e16ac0471 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -29,7 +29,7 @@ plugins() -> test_deps() -> [ {bbmustache, "1.10.0"} - , {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "1.3.4"}}} + , {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {branch, "hocon"}}} , meck ]. diff --git a/test/emqx_listeners_SUITE.erl b/test/emqx_listeners_SUITE.erl index ecfcf46ed..969ff6af5 100644 --- a/test/emqx_listeners_SUITE.erl +++ b/test/emqx_listeners_SUITE.erl @@ -67,14 +67,16 @@ mustache_vars() -> generate_config() -> Schema = cuttlefish_schema:files([local_path(["priv", "emqx.schema"])]), ConfFile = render_config_file(), - Conf = conf_parse:file(ConfFile), + {ok, Conf} = hocon:load(ConfFile, #{format => proplists}), cuttlefish_generator:map(Schema, Conf). set_app_env({App, Lists}) -> lists:foreach(fun({acl_file, _Var}) -> application:set_env(App, acl_file, local_path(["etc", "acl.conf"])); ({plugins_loaded_file, _Var}) -> - application:set_env(App, plugins_loaded_file, local_path(["test", "emqx_SUITE_data","loaded_plugins"])); + application:set_env(App, + plugins_loaded_file, + local_path(["test", "emqx_SUITE_data","loaded_plugins"])); ({Par, Var}) -> application:set_env(App, Par, Var) end, Lists). @@ -91,4 +93,4 @@ get_base_dir(Module) -> get_base_dir() -> get_base_dir(?MODULE). - + diff --git a/test/emqx_plugins_SUITE_data/emqx_mini_plugin/rebar.config b/test/emqx_plugins_SUITE_data/emqx_mini_plugin/rebar.config index c690b88b1..0bc2e3d93 100644 --- a/test/emqx_plugins_SUITE_data/emqx_mini_plugin/rebar.config +++ b/test/emqx_plugins_SUITE_data/emqx_mini_plugin/rebar.config @@ -15,11 +15,3 @@ {cover_enabled, true}. {cover_opts, [verbose]}. {cover_export_enabled, true}. - -{profiles, - [{test, [ - {deps, [ {emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.1.4"}}} - , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.0.0"}}} - ]} - ]} -]}.