diff --git a/etc/emq.conf b/etc/emq.conf index 196ea99f3..49ec5ac10 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -228,6 +228,10 @@ mqtt.listener.tcp.max_clients = 1024 ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec ## mqtt.listener.tcp.rate_limit = 100,10 +## Proxy Protocol V1 +mqtt.listener.tcp.proxy_protocol = 1 +mqtt.listener.tcp.proxy_protocol_timeout = 10 + ## TCP Socket Options mqtt.listener.tcp.backlog = 1024 ## mqtt.listener.tcp.recbuf = 4096 @@ -246,6 +250,8 @@ mqtt.listener.ssl.max_clients = 512 ## Rate Limit. Format is 'burst,rate', Unit is KB/Sec ## mqtt.listener.ssl.rate_limit = 100,10 +mqtt.listener.ssl.proxy_protocol = 1 +mqtt.listener.ssl.proxy_protocol_timeout = 10 ## Configuring SSL Options. See http://erlang.org/doc/man/ssl.html ### TLS only for POODLE attack @@ -262,6 +268,10 @@ mqtt.listener.http = 8083 mqtt.listener.http.acceptors = 4 mqtt.listener.http.max_clients = 64 +## Proxy Protocol V1 +mqtt.listener.http.proxy_protocol = 1 +mqtt.listener.http.proxy_protocol_timeout = 10 + ## HTTP(SSL) Listener mqtt.listener.https = 8084 mqtt.listener.https.acceptors = 4 diff --git a/priv/emq.schema b/priv/emq.schema index 697c6c7ae..3ef4fe60d 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -552,6 +552,19 @@ end}. {datatype, string} ]}. +{mapping, "mqtt.listener.tcp.proxy_protocol", "emqttd.listeners", [ + {default, 1}, + {datatype, integer}, + {validators, ["range:1-2"]}, + hidden +]}. + +{mapping, "mqtt.listener.tcp.proxy_protocol_timeout", "emqttd.listeners", [ + {default, 10}, + {datatype, integer}, + hidden +]}. + {mapping, "mqtt.listener.tcp.backlog", "emqttd.listeners", [ {default, 1024}, {datatype, integer} @@ -601,6 +614,16 @@ end}. {datatype, string} ]}. +{mapping, "mqtt.listener.ssl.proxy_protocol", "emqttd.listeners", [ + {default, off}, + {datatype, flag} +]}. + +{mapping, "mqtt.listener.ssl.proxy_protocol_timeout", "emqttd.listeners", [ + {default, 5s}, + {datatype, {duration, ms}} +]}. + {mapping, "mqtt.listener.ssl.tls_versions", "emqttd.listeners", [ {datatype, string} ]}. @@ -645,6 +668,19 @@ end}. {datatype, integer} ]}. +{mapping, "mqtt.listener.http.proxy_protocol", "emqttd.listeners", [ + {default, 1}, + {datatype, integer}, + {validators, ["range:1-2"]}, + hidden +]}. + +{mapping, "mqtt.listener.http.proxy_protocol_timeout", "emqttd.listeners", [ + {default, 10}, + {datatype, integer}, + hidden +]}. + {mapping, "mqtt.listener.https", "emqttd.listeners", [ %%{default, 8084}, {datatype, [integer, ip]} @@ -660,6 +696,18 @@ end}. {datatype, integer} ]}. +{mapping, "mqtt.listener.https.proxy_protocol", "emqttd.listeners", [ + {default, 1}, + {datatype, integer}, + {validators, ["range:1-2"]}, + hidden +]}. + +{mapping, "mqtt.listener.https.proxy_protocol_timeout", "emqttd.listeners", [ + {datatype, integer}, + hidden +]}. + {mapping, "mqtt.listener.https.handshake_timeout", "emqttd.listeners", [ {default, 15}, {datatype, integer} @@ -722,7 +770,9 @@ end}. undefined -> []; Port -> - ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)}]), + ConnOpts = Filter([{rate_limit, cuttlefish:conf_get(Key ++ ".rate_limit", Conf, undefined)}, + {proxy_protocol, cuttlefish:conf_get(Key ++ ".proxy_protocol", Conf, undefined)}, + {proxy_protocol_timeout, cuttlefish:conf_get(Key ++ ".proxy_protocol_timeout", Conf, undefined)}]), Opts = [{connopts, ConnOpts}, {sockopts, TcpOpts(Key)} | LisOpts(Key)], [{Name, Port, case Name =:= ssl orelse Name =:= https of true -> [{sslopts, SslOpts(Key)} | Opts];