From f6f6fe47dac97532bbecef678902bc943699c370 Mon Sep 17 00:00:00 2001 From: Zaiming Shi Date: Sat, 12 Dec 2020 11:59:26 +0100 Subject: [PATCH] chore(build): Remove plugin config collection Plugin configs are to be added manually --- etc/emqx.d/emqx_auth_clientid.conf | 18 -- etc/emqx.d/emqx_auth_http.conf | 162 -------------- etc/emqx.d/emqx_auth_jwt.conf | 39 ---- etc/emqx.d/emqx_auth_mnesia.conf | 20 -- etc/emqx.d/emqx_auth_mysql.conf | 116 ---------- etc/emqx.d/emqx_auth_username.conf | 16 -- etc/emqx.d/emqx_bridge_mqtt.conf | 172 --------------- etc/emqx.d/emqx_coap.conf | 82 ------- etc/emqx.d/emqx_dashboard.conf | 129 ----------- etc/emqx.d/emqx_management.conf | 52 ----- etc/emqx.d/emqx_recon.conf | 4 - etc/emqx.d/emqx_retainer.conf | 41 ---- etc/emqx.d/emqx_rule_engine.conf | 42 ---- etc/emqx.d/emqx_sasl.conf | 0 etc/emqx.d/emqx_sn.conf | 53 ----- etc/emqx.d/emqx_stomp.conf | 123 ----------- etc/emqx.d/emqx_telemetry.conf | 28 --- etc/emqx.d/emqx_web_hook.conf | 66 ------ etc/emqx_cloud.d/emqx_auth_ldap.conf | 78 ------- etc/emqx_cloud.d/emqx_auth_mongo.conf | 172 --------------- etc/emqx_cloud.d/emqx_auth_pgsql.conf | 110 ---------- etc/emqx_cloud.d/emqx_auth_redis.conf | 97 --------- etc/emqx_cloud.d/emqx_exhook.conf | 15 -- etc/emqx_cloud.d/emqx_exproto.conf | 252 ---------------------- etc/emqx_cloud.d/emqx_lua_hook.conf | 4 - etc/emqx_cloud.d/emqx_lwm2m.conf | 136 ------------ etc/emqx_cloud.d/emqx_prometheus.conf | 13 -- etc/emqx_cloud.d/emqx_psk_file.conf | 2 - etc/emqx_edge.d/{vm.args.edge => vm.args} | 0 etc/vm.args | 115 ---------- etc/vm.args.edge | 114 ---------- 31 files changed, 2271 deletions(-) delete mode 100644 etc/emqx.d/emqx_auth_clientid.conf delete mode 100644 etc/emqx.d/emqx_auth_http.conf delete mode 100644 etc/emqx.d/emqx_auth_jwt.conf delete mode 100644 etc/emqx.d/emqx_auth_mnesia.conf delete mode 100644 etc/emqx.d/emqx_auth_mysql.conf delete mode 100644 etc/emqx.d/emqx_auth_username.conf delete mode 100644 etc/emqx.d/emqx_bridge_mqtt.conf delete mode 100644 etc/emqx.d/emqx_coap.conf delete mode 100644 etc/emqx.d/emqx_dashboard.conf delete mode 100644 etc/emqx.d/emqx_management.conf delete mode 100644 etc/emqx.d/emqx_recon.conf delete mode 100644 etc/emqx.d/emqx_retainer.conf delete mode 100644 etc/emqx.d/emqx_rule_engine.conf delete mode 100644 etc/emqx.d/emqx_sasl.conf delete mode 100644 etc/emqx.d/emqx_sn.conf delete mode 100644 etc/emqx.d/emqx_stomp.conf delete mode 100644 etc/emqx.d/emqx_telemetry.conf delete mode 100644 etc/emqx.d/emqx_web_hook.conf delete mode 100644 etc/emqx_cloud.d/emqx_auth_ldap.conf delete mode 100644 etc/emqx_cloud.d/emqx_auth_mongo.conf delete mode 100644 etc/emqx_cloud.d/emqx_auth_pgsql.conf delete mode 100644 etc/emqx_cloud.d/emqx_auth_redis.conf delete mode 100644 etc/emqx_cloud.d/emqx_exhook.conf delete mode 100644 etc/emqx_cloud.d/emqx_exproto.conf delete mode 100644 etc/emqx_cloud.d/emqx_lua_hook.conf delete mode 100644 etc/emqx_cloud.d/emqx_lwm2m.conf delete mode 100644 etc/emqx_cloud.d/emqx_prometheus.conf delete mode 100644 etc/emqx_cloud.d/emqx_psk_file.conf rename etc/emqx_edge.d/{vm.args.edge => vm.args} (100%) delete mode 100644 etc/vm.args delete mode 100644 etc/vm.args.edge diff --git a/etc/emqx.d/emqx_auth_clientid.conf b/etc/emqx.d/emqx_auth_clientid.conf deleted file mode 100644 index 0bdcd0c62..000000000 --- a/etc/emqx.d/emqx_auth_clientid.conf +++ /dev/null @@ -1,18 +0,0 @@ -##-------------------------------------------------------------------- -## ClientId Authentication Plugin -##-------------------------------------------------------------------- - -## Examples -##auth.client.1.clientid = id -##auth.client.1.password = passwd -##auth.client.2.clientid = dev:devid -##auth.client.2.password = passwd2 -##auth.client.3.clientid = app:appid -##auth.client.3.password = passwd3 -##auth.client.4.clientid = client~!@#$%^&*()_+ -##auth.client.4.password = passwd~!@#$%^&*()_+ - -## Password hash. -## -## Value: plain | md5 | sha | sha256 -auth.client.password_hash = sha256 diff --git a/etc/emqx.d/emqx_auth_http.conf b/etc/emqx.d/emqx_auth_http.conf deleted file mode 100644 index 86c4ac002..000000000 --- a/etc/emqx.d/emqx_auth_http.conf +++ /dev/null @@ -1,162 +0,0 @@ -##-------------------------------------------------------------------- -## HTTP Auth/ACL Plugin -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## Authentication request. - -## HTTP URL API path for authentication request -## -## Value: URL -## -## Examples: http://127.0.0.1:8991/mqtt/auth, https://[::1]:8991/mqtt/auth -auth.http.auth_req = http://127.0.0.1:8991/mqtt/auth - -## Value: post | get -auth.http.auth_req.method = post - -## It only works when method=post -## Value: json | x-www-form-urlencoded -auth.http.auth_req.content_type = x-www-form-urlencoded - -## Variables: -## - %u: username -## - %c: clientid -## - %a: ipaddress -## - %r: protocol -## - %P: password -## - %p: sockport of server accepted -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -## Value: Params -auth.http.auth_req.params = clientid=%c,username=%u,password=%P - -##-------------------------------------------------------------------- -## Superuser request. - -## HTTP URL API path for Superuser request -## -## Value: URL -## -## Examples: http://127.0.0.1:8991/mqtt/superuser, https://[::1]:8991/mqtt/superuser -#auth.http.super_req = http://127.0.0.1:8991/mqtt/superuser - -## Value: post | get -#auth.http.super_req.method = post - -## It only works when method=pos -## Value: json | x-www-form-urlencoded -#auth.http.super_req.content_type = x-www-form-urlencoded - -## Variables: -## - %u: username -## - %c: clientid -## - %a: ipaddress -## - %r: protocol -## - %P: password -## - %p: sockport of server accepted -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -## Value: Params -#auth.http.super_req.params = clientid=%c,username=%u - -##-------------------------------------------------------------------- -## ACL request. - -## HTTP URL API path for ACL request -## -## Value: URL -## -## Examples: http://127.0.0.1:8991/mqtt/acl, https://[::1]:8991/mqtt/acl -auth.http.acl_req = http://127.0.0.1:8991/mqtt/acl - -## Value: post | get -auth.http.acl_req.method = get - -## It only works when method=post -## Value: json | x-www-form-urlencoded -auth.http.acl_req.content_type = x-www-form-urlencoded - -## Variables: -## - %A: 1 | 2, 1 = sub, 2 = pub -## - %u: username -## - %c: clientid -## - %a: ipaddress -## - %r: protocol -## - %m: mountpoint -## - %t: topic -## -## Value: Params -auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m - -##------------------------------------------------------------------------------ -## Http Reqeust options - -## Time-out time for the http request, 0 is never timeout. -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 0 -## auth.http.request.timeout = 0 - -## Connection time-out time, used during the initial request -## when the client is connecting to the server -## -## Value: Duration -## -## Default is same with the timeout option -## auth.http.request.connect_timeout = 0 - -## Re-send http reuqest times -## -## Value: integer -## -## Default: 3 -auth.http.request.retry_times = 3 - -## The interval for re-sending the http request -## -## Value: Duration -## -## Default: 1s -auth.http.request.retry_interval = 1s - -## The 'Exponential Backoff' mechanism for re-sending request. The actually -## re-send time interval is `interval * backoff ^ times` -## -## Value: float -## -## Default: 2.0 -auth.http.request.retry_backoff = 2.0 - -##------------------------------------------------------------------------------ -## SSL options - -## Path to the file containing PEM-encoded CA certificates. The CA certificates -## are used during server authentication and when building the client certificate chain. -## -## Value: File -## auth.http.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem - -## The path to a file containing the client's certificate. -## -## Value: File -## auth.http.ssl.certfile = {{ platform_etc_dir }}/certs/client-cert.pem - -## Path to a file containing the client's private PEM-encoded key. -## -## Value: File -## auth.http.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem - -##-------------------------------------------------------------------- -## HTTP Request Headers -## -## Example: auth.http.header.Accept-Encoding = * -## -## Value: String -## auth.http.header.Accept = */* diff --git a/etc/emqx.d/emqx_auth_jwt.conf b/etc/emqx.d/emqx_auth_jwt.conf deleted file mode 100644 index b9a1caa04..000000000 --- a/etc/emqx.d/emqx_auth_jwt.conf +++ /dev/null @@ -1,39 +0,0 @@ -##-------------------------------------------------------------------- -## JWT Auth Plugin -##-------------------------------------------------------------------- - -## HMAC Hash Secret. -## -## Value: String -auth.jwt.secret = emqxsecret - -## From where the JWT string can be got -## -## Value: username | password -## Default: password -auth.jwt.from = password - -## RSA or ECDSA public key file. -## -## Value: File -## auth.jwt.pubkey = etc/certs/jwt_public_key.pem - -## Enable to verify claims fields -## -## Value: on | off -auth.jwt.verify_claims = off - -## The checklist of claims to validate -## -## Value: String -## auth.jwt.verify_claims.$name = expected -## -## Variables: -## - %u: username -## - %c: clientid -# auth.jwt.verify_claims.username = %u - -## The Signature format -## - `der`: The erlang default format -## - `raw`: Compatible with others platform maybe -#auth.jwt.signature_format = der diff --git a/etc/emqx.d/emqx_auth_mnesia.conf b/etc/emqx.d/emqx_auth_mnesia.conf deleted file mode 100644 index 5782ed459..000000000 --- a/etc/emqx.d/emqx_auth_mnesia.conf +++ /dev/null @@ -1,20 +0,0 @@ -## Examples: -##auth.mnesia.1.login = admin -##auth.mnesia.1.password = public -##auth.mnesia.1.is_superuser = true -##auth.mnesia.2.login = feng@emqtt.io -##auth.mnesia.2.password = public -##auth.mnesia.2.is_superuser = false -##auth.mnesia.3.login = name~!@#$%^&*()_+ -##auth.mnesia.3.password = pwsswd~!@#$%^&*()_+ -##auth.mnesia.3.is_superuser = false - -## Password hash. -## -## Value: plain | md5 | sha | sha256 -auth.mnesia.password_hash = sha256 - -## Auth as username or auth as clientid. -## -## Value: username | clientid -auth.mnesia.as = username diff --git a/etc/emqx.d/emqx_auth_mysql.conf b/etc/emqx.d/emqx_auth_mysql.conf deleted file mode 100644 index 0efccce29..000000000 --- a/etc/emqx.d/emqx_auth_mysql.conf +++ /dev/null @@ -1,116 +0,0 @@ -##-------------------------------------------------------------------- -## MySQL Auth/ACL Plugin -##-------------------------------------------------------------------- - -## MySQL server address. -## -## Value: Port | IP:Port -## -## Examples: 3306, 127.0.0.1:3306, localhost:3306 -auth.mysql.server = 127.0.0.1:3306 - -## MySQL pool size. -## -## Value: Number -auth.mysql.pool = 8 - -## MySQL username. -## -## Value: String -## auth.mysql.username = - -## MySQL password. -## -## Value: String -## auth.mysql.password = - -## MySQL database. -## -## Value: String -auth.mysql.database = mqtt - -## MySQL query timeout -## -## Value: Duration -## auth.mysql.query_timeout = 5s - -## Variables: %u = username, %c = clientid - -## Authentication query. -## -## Note that column names should be 'password' and 'salt' (if used). -## In case column names differ in your DB - please use aliases, -## e.g. "my_column_name as password". -## -## Value: SQL -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1 -## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1 - -## Password hash. -## -## Value: plain | md5 | sha | sha256 | bcrypt -auth.mysql.password_hash = sha256 - -## sha256 with salt prefix -## auth.mysql.password_hash = salt,sha256 - -## bcrypt with salt only prefix -## auth.mysql.password_hash = salt,bcrypt - -## sha256 with salt suffix -## auth.mysql.password_hash = sha256,salt - -## pbkdf2 with macfun iterations dklen -## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.mysql.password_hash = pbkdf2,sha256,1000,20 - -## Superuser query. -## -## Value: SQL -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1 - -## ACL query. -## -## Value: SQL -## -## Variables: -## - %a: ipaddr -## - %u: username -## - %c: clientid -## -## Note: You can add the 'ORDER BY' statement to control the rules match order -auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c' - -## Mysql ssl configuration. -## -## Value: on | off -auth.mysql.ssl = off - -## CA certificate. -## -## Value: File -## auth.mysql.ssl.cafile = path to your ca file - -## Client ssl certificate. -## -## Value: File -## auth.mysql.ssl.certfile = path to your clientcert file - -## Client ssl keyfile. -## -## Value: File -## auth.mysql.ssl.keyfile = path to your clientkey file diff --git a/etc/emqx.d/emqx_auth_username.conf b/etc/emqx.d/emqx_auth_username.conf deleted file mode 100644 index 7af8597ff..000000000 --- a/etc/emqx.d/emqx_auth_username.conf +++ /dev/null @@ -1,16 +0,0 @@ -##-------------------------------------------------------------------- -## Username Authentication Plugin -##-------------------------------------------------------------------- - -## Examples: -##auth.user.1.username = admin -##auth.user.1.password = public -##auth.user.2.username = feng@emqtt.io -##auth.user.2.password = public -##auth.user.3.username = name~!@#$%^&*()_+ -##auth.user.3.password = pwsswd~!@#$%^&*()_+ - -## Password hash. -## -## Value: plain | md5 | sha | sha256 -auth.user.password_hash = sha256 diff --git a/etc/emqx.d/emqx_bridge_mqtt.conf b/etc/emqx.d/emqx_bridge_mqtt.conf deleted file mode 100644 index 93f0f5579..000000000 --- a/etc/emqx.d/emqx_bridge_mqtt.conf +++ /dev/null @@ -1,172 +0,0 @@ -##==================================================================== -## Configuration for EMQ X MQTT Broker Bridge -##==================================================================== - -##-------------------------------------------------------------------- -## Bridges to aws -##-------------------------------------------------------------------- - -## Bridge address: node name for local bridge, host:port for remote. -## -## Value: String -## Example: emqx@127.0.0.1, 127.0.0.1:1883 -bridge.mqtt.aws.address = 127.0.0.1:1883 - -## Protocol version of the bridge. -## -## Value: Enum -## - mqttv5 -## - mqttv4 -## - mqttv3 -bridge.mqtt.aws.proto_ver = mqttv4 - -## Start type of the bridge. -## -## Value: enum -## manual -## auto -bridge.mqtt.aws.start_type = manual - -## Whether to enable bridge mode for mqtt bridge -## -## This option is prepared for the mqtt broker which does not -## support bridge_mode such as the mqtt-plugin of the rabbitmq -## -## Value: boolean -#bridge.mqtt.aws.bridge_mode = false - -## The ClientId of a remote bridge. -## -## Placeholders: -## ${node}: Node name -## -## Value: String -bridge.mqtt.aws.clientid = bridge_aws - -## The Clean start flag of a remote bridge. -## -## Value: boolean -## Default: true -## -## NOTE: Some IoT platforms require clean_start -## must be set to 'true' -bridge.mqtt.aws.clean_start = true - -## The username for a remote bridge. -## -## Value: String -bridge.mqtt.aws.username = user - -## The password for a remote bridge. -## -## Value: String -bridge.mqtt.aws.password = passwd - -## Topics that need to be forward to AWS IoTHUB -## -## Value: String -## Example: topic1/#,topic2/# -bridge.mqtt.aws.forwards = topic1/#,topic2/# - -## Forward messages to the mountpoint of an AWS IoTHUB -## -## Value: String -bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/ - -## Need to subscribe to AWS topics -## -## Value: String -## bridge.mqtt.aws.subscription.1.topic = cmd/topic1 - -## Need to subscribe to AWS topics QoS. -## -## Value: Number -## bridge.mqtt.aws.subscription.1.qos = 1 - -## A mountpoint that receives messages from AWS IoTHUB -## -## Value: String -## bridge.mqtt.aws.receive_mountpoint = receive/aws/ - - -## Bribge to remote server via SSL. -## -## Value: on | off -bridge.mqtt.aws.ssl = off - -## PEM-encoded CA certificates of the bridge. -## -## Value: File -bridge.mqtt.aws.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem - -## Client SSL Certfile of the bridge. -## -## Value: File -bridge.mqtt.aws.certfile = {{ platform_etc_dir }}/certs/client-cert.pem - -## Client SSL Keyfile of the bridge. -## -## Value: File -bridge.mqtt.aws.keyfile = {{ platform_etc_dir }}/certs/client-key.pem - -## SSL Ciphers used by the bridge. -## -## Value: String -bridge.mqtt.aws.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## Ciphers for TLS PSK. -## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot -## be configured at the same time. -## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#bridge.mqtt.aws.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA - -## Ping interval of a down bridge. -## -## Value: Duration -## Default: 10 seconds -bridge.mqtt.aws.keepalive = 60s - -## TLS versions used by the bridge. -## -## Value: String -bridge.mqtt.aws.tls_versions = tlsv1.2,tlsv1.1,tlsv1 - -## Bridge reconnect time. -## -## Value: Duration -## Default: 30 seconds -bridge.mqtt.aws.reconnect_interval = 30s - -## Retry interval for bridge QoS1 message delivering. -## -## Value: Duration -bridge.mqtt.aws.retry_interval = 20s - -## Publish messages in batches, only RPC Bridge supports -## -## Value: Integer -## default: 32 -bridge.mqtt.aws.batch_size = 32 - -## Inflight size. -## -## Value: Integer -bridge.mqtt.aws.max_inflight_size = 32 - -## Base directory for replayq to store messages on disk -## If this config entry is missing or set to undefined, -## replayq works in a mem-only manner. -## -## Value: String -bridge.mqtt.aws.queue.replayq_dir = {{ platform_data_dir }}/replayq/emqx_aws_bridge/ - -## Replayq segment size -## -## Value: Bytesize -bridge.mqtt.aws.queue.replayq_seg_bytes = 10MB - -## Replayq max total size -## -## Value: Bytesize -bridge.mqtt.aws.queue.max_total_size = 5GB - diff --git a/etc/emqx.d/emqx_coap.conf b/etc/emqx.d/emqx_coap.conf deleted file mode 100644 index 0590a348e..000000000 --- a/etc/emqx.d/emqx_coap.conf +++ /dev/null @@ -1,82 +0,0 @@ -##-------------------------------------------------------------------- -## CoAP Gateway -##-------------------------------------------------------------------- - -## The IP and UDP port that CoAP bind with. -## -## Default: 0.0.0.0:5683 -## -## Examples: -## coap.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683 -## -coap.bind.udp.1 = 0.0.0.0:5683 -##coap.bind.udp.2 = 0.0.0.0:6683 - -## Whether to enable statistics for CoAP clients. -## -## Value: on | off -coap.enable_stats = off - - -##------------------------------------------------------------------------------ -## DTLS options - -## The DTLS port that CoAP is listening on. -## -## Default: 0.0.0.0:5684 -## -## Examples: -## coap.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684 -## -coap.bind.dtls.1 = 0.0.0.0:5684 -##coap.bind.dtls.2 = 0.0.0.0:6684 - -## A server only does x509-path validation in mode verify_peer, -## as it then sends a certificate request to the client (this -## message is not sent if the verify option is verify_none). -## You can then also want to specify option fail_if_no_peer_cert. -## More information at: http://erlang.org/doc/man/ssl.html -## -## Value: verify_peer | verify_none -## coap.dtls.verify = verify_peer - -## Private key file for DTLS -## -## Value: File -coap.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem - -## Server certificate for DTLS. -## -## Value: File -coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem - -## PEM-encoded CA certificates for DTLS -## -## Value: File -## coap.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem - -## Used together with {verify, verify_peer} by an SSL server. If set to true, -## the server fails if the client does not have a certificate to send, that is, -## sends an empty certificate. -## -## Value: true | false -## coap.dtls.fail_if_no_peer_cert = false - -## This is the single most important configuration option of an Erlang SSL -## application. Ciphers (and their ordering) define the way the client and -## server encrypt information over the wire, from the initial Diffie-Helman -## key exchange, the session key encryption ## algorithm and the message -## digest algorithm. Selecting a good cipher suite is critical for the -## application’s data security, confidentiality and performance. -## -## The cipher list above offers: -## -## A good balance between compatibility with older browsers. -## It can get stricter for Machine-To-Machine scenarios. -## Perfect Forward Secrecy. -## No old/insecure encryption and HMAC algorithms -## -## Most of it was copied from Mozilla’s Server Side TLS article -## -## Value: Ciphers -coap.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA diff --git a/etc/emqx.d/emqx_dashboard.conf b/etc/emqx.d/emqx_dashboard.conf deleted file mode 100644 index 7c2125b4c..000000000 --- a/etc/emqx.d/emqx_dashboard.conf +++ /dev/null @@ -1,129 +0,0 @@ -##-------------------------------------------------------------------- -## EMQ X Dashboard -##-------------------------------------------------------------------- - -## Default user's login name. -## -## Value: String -dashboard.default_user.login = admin - -## Default user's password. -## -## Value: String -dashboard.default_user.password = public - -##-------------------------------------------------------------------- -## HTTP Listener - -## The port that the Dashboard HTTP listener will bind. -## -## Value: Port -## -## Examples: 18083 -dashboard.listener.http = 18083 - -## The acceptor pool for external Dashboard HTTP listener. -## -## Value: Number -dashboard.listener.http.acceptors = 4 - -## Maximum number of concurrent Dashboard HTTP connections. -## -## Value: Number -dashboard.listener.http.max_clients = 512 - -## Set up the socket for IPv6. -## -## Value: false | true -dashboard.listener.http.inet6 = false - -## Listen on IPv4 and IPv6 (false) or only on IPv6 (true). Use with inet6. -## -## Value: false | true -dashboard.listener.http.ipv6_v6only = false - -##-------------------------------------------------------------------- -## HTTPS Listener - -## The port that the Dashboard HTTPS listener will bind. -## -## Value: Port -## -## Examples: 18084 -## dashboard.listener.https = 18084 - -## The acceptor pool for external Dashboard HTTPS listener. -## -## Value: Number -## dashboard.listener.https.acceptors = 2 - -## Maximum number of concurrent Dashboard HTTPS connections. -## -## Value: Number -## dashboard.listener.https.max_clients = 512 - -## Set up the socket for IPv6. -## -## Value: false | true -## dashboard.listener.https.inet6 = false - -## Listen on IPv4 and IPv6 (false) or only on IPv6 (true). Use with inet6. -## -## Value: false | true -## dashboard.listener.https.ipv6_v6only = false - -## Path to the file containing the user's private PEM-encoded key. -## -## Value: File -## dashboard.listener.https.keyfile = etc/certs/key.pem - -## Path to a file containing the user certificate. -## -## Value: File -## dashboard.listener.https.certfile = etc/certs/cert.pem - -## Path to the file containing PEM-encoded CA certificates. -## -## Value: File -## dashboard.listener.https.cacertfile = etc/certs/cacert.pem - -## See: 'listener.ssl..dhfile' in emq.conf -## -## Value: File -## dashboard.listener.https.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem - -## See: 'listener.ssl..vefify' in emq.conf -## -## Value: vefify_peer | verify_none -## dashboard.listener.https.verify = verify_peer - -## See: 'listener.ssl..fail_if_no_peer_cert' in emq.conf -## -## Value: false | true -## dashboard.listener.https.fail_if_no_peer_cert = true - -## TLS versions only to protect from POODLE attack. -## -## Value: String, seperated by ',' -## dashboard.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1 - -## See: 'listener.ssl..ciphers' in emq.conf -## -## Value: Ciphers -## dashboard.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## See: 'listener.ssl..secure_renegotiate' in emq.conf -## -## Value: on | off -## dashboard.listener.https.secure_renegotiate = off - -## See: 'listener.ssl..reuse_sessions' in emq.conf -## -## Value: on | off -## dashboard.listener.https.reuse_sessions = on - -## See: 'listener.ssl..honor_cipher_order' in emq.conf -## -## Value: on | off -## dashboard.listener.https.honor_cipher_order = on - diff --git a/etc/emqx.d/emqx_management.conf b/etc/emqx.d/emqx_management.conf deleted file mode 100644 index 31a3c1dc5..000000000 --- a/etc/emqx.d/emqx_management.conf +++ /dev/null @@ -1,52 +0,0 @@ -##-------------------------------------------------------------------- -## EMQ X Management Plugin -##-------------------------------------------------------------------- - -## Max Row Limit -management.max_row_limit = 10000 - -## Application default secret -## -## Value: String -## management.application.default_secret = public - -## Default Application ID -## -## Value: String -management.default_application.id = admin - -## Default Application Secret -## -## Value: String -management.default_application.secret = public - -##-------------------------------------------------------------------- -## HTTP Listener - -management.listener.http = 8081 -management.listener.http.acceptors = 2 -management.listener.http.max_clients = 512 -management.listener.http.backlog = 512 -management.listener.http.send_timeout = 15s -management.listener.http.send_timeout_close = on -management.listener.http.inet6 = false -management.listener.http.ipv6_v6only = false - -##-------------------------------------------------------------------- -## HTTPS Listener - -## management.listener.https = 8081 -## management.listener.https.acceptors = 2 -## management.listener.https.max_clients = 512 -## management.listener.https.backlog = 512 -## management.listener.https.send_timeout = 15s -## management.listener.https.send_timeout_close = on -## management.listener.https.certfile = etc/certs/cert.pem -## management.listener.https.keyfile = etc/certs/key.pem -## management.listener.https.cacertfile = etc/certs/cacert.pem -## management.listener.https.verify = verify_peer -## management.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1 -## management.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA -## management.listener.https.fail_if_no_peer_cert = true -## management.listener.https.inet6 = false -## management.listener.https.ipv6_v6only = false diff --git a/etc/emqx.d/emqx_recon.conf b/etc/emqx.d/emqx_recon.conf deleted file mode 100644 index 1ca23bfc2..000000000 --- a/etc/emqx.d/emqx_recon.conf +++ /dev/null @@ -1,4 +0,0 @@ -##-------------------------------------------------------------------- -## Recon Plugin -##-------------------------------------------------------------------- - diff --git a/etc/emqx.d/emqx_retainer.conf b/etc/emqx.d/emqx_retainer.conf deleted file mode 100644 index 0a883cee5..000000000 --- a/etc/emqx.d/emqx_retainer.conf +++ /dev/null @@ -1,41 +0,0 @@ -##-------------------------------------------------------------------- -## EMQ X Retainer -##-------------------------------------------------------------------- - -## Where to store the retained messages. -## -## Notice that all nodes in the same cluster have to be configured to -## use the same storage_type. -## -## Value: ram | disc | disc_only -## - ram: memory only -## - disc: both memory and disc -## - disc_only: disc only -## -## Default: ram -retainer.storage_type = ram - -## Maximum number of retained messages. 0 means no limit. -## -## Value: Number >= 0 -retainer.max_retained_messages = 0 - -## Maximum retained message size. -## -## Value: Bytes -retainer.max_payload_size = 1MB - -## Expiry interval of the retained messages. Never expire if the value is 0. -## -## Value: Duration -## - h: hour -## - m: minute -## - s: second -## -## Examples: -## - 2h: 2 hours -## - 30m: 30 minutes -## - 20s: 20 seconds -## -## Defaut: 0 -retainer.expiry_interval = 0 diff --git a/etc/emqx.d/emqx_rule_engine.conf b/etc/emqx.d/emqx_rule_engine.conf deleted file mode 100644 index 2fe946779..000000000 --- a/etc/emqx.d/emqx_rule_engine.conf +++ /dev/null @@ -1,42 +0,0 @@ -##==================================================================== -## Rule Engine for EMQ X R4.0 -##==================================================================== - -rule_engine.ignore_sys_message = on - -## Event Messages -## -## If enabled (on), rule engine publishes the event as an MQTT message -## with topic='$events/' on the occurrence of an emqx event. -## -## If disabled, rule engine stops publishing the event messages, but -## the event message can still be processed by the rule SQL. e.g. rule SQL: -## -## SELECT * FROM "$events/client_connected" -## -## will still work even if 'rule_engine.events.client_connected' is set to 'off' -## -## EMQ Event to event message mapping: -## -## - client.connected -> $events/client_connected -## - client.disconnected -> $events/client_disconnected -## - session.subscribed -> $events/session_subscribed -## - session.unsubscribed -> $events/session_unsubscribed -## - message.delivered -> $events/message_delivered -## - message.acked -> $events/message_acked -## - message.dropped -> $events/message_dropped -## -## Config Value Format: Toggle, QoS-Level -## -## Toggle: on/off -## -## QoS-Level: qos0/qos1/qos2 - -#rule_engine.events.client_connected = on, qos1 -rule_engine.events.client_connected = off -rule_engine.events.client_disconnected = off -rule_engine.events.session_subscribed = off -rule_engine.events.session_unsubscribed = off -rule_engine.events.message_delivered = off -rule_engine.events.message_acked = off -rule_engine.events.message_dropped = off diff --git a/etc/emqx.d/emqx_sasl.conf b/etc/emqx.d/emqx_sasl.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/etc/emqx.d/emqx_sn.conf b/etc/emqx.d/emqx_sn.conf deleted file mode 100644 index 6572812c1..000000000 --- a/etc/emqx.d/emqx_sn.conf +++ /dev/null @@ -1,53 +0,0 @@ -##-------------------------------------------------------------------- -## MQTT-SN -##-------------------------------------------------------------------- - -## The UDP port which emq-sn is listening on. -## -## Value: IP:Port | Port -## -## Examples: 1884, 127.0.0.1:1884, ::1:1884 -mqtt.sn.port = 1884 - -## The duration that emqx-sn broadcast ADVERTISE message through. -## -## Value: Duration -mqtt.sn.advertise_duration = 15m - -## The MQTT-SN Gateway id in ADVERTISE message. -## -## Value: Number -mqtt.sn.gateway_id = 1 - -## To control whether write statistics data into ETS table for dashbord to read. -## -## Value: on | off -mqtt.sn.enable_stats = off - -## To control whether accept and process the received publish message with qos=-1. -## -## Value: on | off -mqtt.sn.enable_qos3 = off - -## MQTT SN idle timeout, specified in seconds. -## -## Value: Duration -mqtt.sn.idle_timeout = 30s - -## The pre-defined topic name corresponding to the pre-defined topic id of N. -## Note that the pre-defined topic id of 0 is reserved. -mqtt.sn.predefined.topic.0 = reserved -mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello -mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice - -## Default username for MQTT-SN. This parameter is optional. If specified, -## emq-sn will connect EMQ core with this username. It is useful if any auth -## plug-in is enabled. -## -## Value: String -mqtt.sn.username = mqtt_sn_user - -## This parameter is optional. Pair with username above. -## -## Value: String -mqtt.sn.password = abc diff --git a/etc/emqx.d/emqx_stomp.conf b/etc/emqx.d/emqx_stomp.conf deleted file mode 100644 index e47f40b54..000000000 --- a/etc/emqx.d/emqx_stomp.conf +++ /dev/null @@ -1,123 +0,0 @@ -##-------------------------------------------------------------------- -## Stomp Plugin -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## Stomp listener - -## The Port that stomp listener will bind. -## -## Value: Port -stomp.listener = 61613 - -## The acceptor pool for stomp listener. -## -## Value: Number -stomp.listener.acceptors = 4 - -## Maximum number of concurrent stomp connections. -## -## Value: Number -stomp.listener.max_connections = 512 - -## Whether to enable SSL. -## -## Value: on | off -## stomp.listener.ssl = off - -## Path to the file containing the user's private PEM-encoded key. -## -## Value: File -## stomp.listener.keyfile = etc/certs/key.pem - -## Path to a file containing the user certificate. -## -## Value: File -## stomp.listener.certfile = etc/certs/cert.pem - -## Path to the file containing PEM-encoded CA certificates. -## -## Value: File -## stomp.listener.cacertfile = etc/certs/cacert.pem - -## See: 'listener.ssl..dhfile' in emq.conf -## -## Value: File -## stomp.listener.dhfile = etc/certs/dh-params.pem - -## See: 'listener.ssl..vefify' in emq.conf -## -## Value: vefify_peer | verify_none -## stomp.listener.verify = verify_peer - -## See: 'listener.ssl..fail_if_no_peer_cert' in emq.conf -## -## Value: false | true -## stomp.listener.fail_if_no_peer_cert = true - -## TLS versions only to protect from POODLE attack. -## -## Value: String, seperated by ',' -## stomp.listener.tls_versions = tlsv1.2,tlsv1.1,tlsv1 - -## SSL Handshake timeout. -## -## Value: Duration -## stomp.listener.handshake_timeout = 15s - -## See: 'listener.ssl..ciphers' in emq.conf -## -## Value: Ciphers -## stomp.listener.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## See: 'listener.ssl..secure_renegotiate' in emq.conf -## -## Value: on | off -## stomp.listener.secure_renegotiate = off - -## See: 'listener.ssl..reuse_sessions' in emq.conf -## -## Value: on | off -## stomp.listener.reuse_sessions = on - -## See: 'listener.ssl..honor_cipher_order' in emq.conf -## -## Value: on | off -## stomp.listener.honor_cipher_order = on - -##-------------------------------------------------------------------- -## Stomp login user and password - -## Default login user -## -## Value: String -stomp.default_user.login = guest - -## Default login password -## -## Value: String -stomp.default_user.passcode = guest - -## Allow anonymous authentication. -## -## Value: true | false -stomp.allow_anonymous = true - -##-------------------------------------------------------------------- -## Stomp frame - -## Maximum numbers of frame headers. -## -## Value: Number -stomp.frame.max_headers = 10 - -## Maximum length of frame header. -## -## Value: Number -stomp.frame.max_header_length = 1024 - -## Maximum body length of frame. -## -## Value: Number -stomp.frame.max_body_length = 8192 - diff --git a/etc/emqx.d/emqx_telemetry.conf b/etc/emqx.d/emqx_telemetry.conf deleted file mode 100644 index 041b54f60..000000000 --- a/etc/emqx.d/emqx_telemetry.conf +++ /dev/null @@ -1,28 +0,0 @@ -##-------------------------------------------------------------------- -## Telemetry -##-------------------------------------------------------------------- - -## Enable telemetry -## -## Value: true | false -## -## Default: true -telemetry.enabled = true - -## The destination URL for the telemetry data report -## -## Value: String -## -## Default: https://telemetry.emqx.io/api/telemetry -telemetry.url = https://telemetry.emqx.io/api/telemetry - -## Interval for reporting telemetry data -## -## Value: Duration -## -d: day -## -h: hour -## -m: minute -## -s: second -## -## Default: 7d -telemetry.report_interval = 7d \ No newline at end of file diff --git a/etc/emqx.d/emqx_web_hook.conf b/etc/emqx.d/emqx_web_hook.conf deleted file mode 100644 index ff370ce9b..000000000 --- a/etc/emqx.d/emqx_web_hook.conf +++ /dev/null @@ -1,66 +0,0 @@ -##==================================================================== -## WebHook -##==================================================================== - -## The web services URL for Hook request -## -## Value: String -web.hook.api.url = http://127.0.0.1:8080 - -##-------------------------------------------------------------------- -## HTTP Request Headers -## -## The header params what you extra need -## Format: -## web.hook.headers. = your-param -## Example: -## 1. web.hook.headers.token = your-token -## 2. web.hook.headers.other = others-param -## -## Value: String -## web.hook.headers.token = your-token - -##-------------------------------------------------------------------- -## Encode message payload field -## -## Value: base64 | base62 -## web.hook.encode_payload = base64 -## Mysql ssl configuration. -## -## Value: on | off -## web.hook.ssl = off - -##-------------------------------------------------------------------- -## CA certificate. -## -## Value: File -## web.hook.ssl.cafile = path to your ca file -## Client ssl certificate. -## -## Value: File -## web.hook.ssl.certfile = path to your clientcert file - -##-------------------------------------------------------------------- -## Client ssl keyfile. -## -## Value: File -## web.hook.ssl.keyfile = path to your clientkey file - -##-------------------------------------------------------------------- -## Hook Rules -## These configuration items represent a list of events should be forwarded -## -## Format: -## web.hook.rule.. = -#web.hook.rule.client.connect.1 = {"action": "on_client_connect"} -#web.hook.rule.client.connack.1 = {"action": "on_client_connack"} -#web.hook.rule.client.connected.1 = {"action": "on_client_connected"} -#web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"} -#web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"} -#web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"} -#web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"} -#web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"} -#web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"} -#web.hook.rule.message.publish.1 = {"action": "on_message_publish"} -#web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"} -#web.hook.rule.message.acked.1 = {"action": "on_message_acked"} diff --git a/etc/emqx_cloud.d/emqx_auth_ldap.conf b/etc/emqx_cloud.d/emqx_auth_ldap.conf deleted file mode 100644 index 746510fb3..000000000 --- a/etc/emqx_cloud.d/emqx_auth_ldap.conf +++ /dev/null @@ -1,78 +0,0 @@ -##-------------------------------------------------------------------- -## LDAP Auth Plugin -##-------------------------------------------------------------------- - -## LDAP server list, seperated by ','. -## -## Value: String -auth.ldap.servers = 127.0.0.1 - -## LDAP server port. -## -## Value: Port -auth.ldap.port = 389 - -## LDAP pool size -## -## Value: String -auth.ldap.pool = 8 - -## LDAP Bind DN. -## -## Value: DN -auth.ldap.bind_dn = cn=root,dc=emqx,dc=io - -## LDAP Bind Password. -## -## Value: String -auth.ldap.bind_password = public - -## LDAP query timeout. -## -## Value: Number -auth.ldap.timeout = 30s - -## Device DN. -## -## Variables: -## -## Value: DN -auth.ldap.device_dn = ou=device,dc=emqx,dc=io - -## Specified ObjectClass -## -## Variables: -## -## Value: string -auth.ldap.match_objectclass = mqttUser - -## attributetype for username -## -## Variables: -## -## Value: string -auth.ldap.username.attributetype = uid - -## attributetype for password -## -## Variables: -## -## Value: string -auth.ldap.password.attributetype = userPassword - -## Whether to enable SSL. -## -## Value: true | false -auth.ldap.ssl = false - -#auth.ldap.ssl.certfile = etc/certs/cert.pem - -#auth.ldap.ssl.keyfile = etc/certs/key.pem - -#auth.ldap.ssl.cacertfile = etc/certs/cacert.pem - -#auth.ldap.ssl.verify = verify_peer - -#auth.ldap.ssl.fail_if_no_peer_cert = true - -#auth.ldap.ssl.server_name_indication = your_server_name diff --git a/etc/emqx_cloud.d/emqx_auth_mongo.conf b/etc/emqx_cloud.d/emqx_auth_mongo.conf deleted file mode 100644 index cf1614efa..000000000 --- a/etc/emqx_cloud.d/emqx_auth_mongo.conf +++ /dev/null @@ -1,172 +0,0 @@ -##-------------------------------------------------------------------- -## MongoDB Auth/ACL Plugin -##-------------------------------------------------------------------- - -## MongoDB Topology Type. -## -## Value: single | unknown | sharded | rs -auth.mongo.type = single - -## The set name if type is rs. -## -## Value: String -## auth.mongo.rs_set_name = - -## MongoDB server list. -## -## Value: String -## -## Examples: 127.0.0.1:27017,127.0.0.2:27017... -auth.mongo.server = 127.0.0.1:27017 - -## MongoDB pool size -## -## Value: Number -auth.mongo.pool = 8 - -## MongoDB login user. -## -## Value: String -## auth.mongo.login = - -## MongoDB password. -## -## Value: String -## auth.mongo.password = - -## MongoDB AuthSource -## -## Value: String -## Default: mqtt -## auth.mongo.auth_source = admin - -## MongoDB database -## -## Value: String -auth.mongo.database = mqtt - -## MongoDB query timeout -## -## Value: Duration -## auth.mongo.query_timeout = 5s - -## Whether to enable SSL connection. -## -## Value: true | false -## auth.mongo.ssl = false - -## SSL keyfile. -## -## Value: File -## auth.mongo.ssl_opts.keyfile = - -## SSL certfile. -## -## Value: File -## auth.mongo.ssl_opts.certfile = - -## SSL cacertfile. -## -## Value: File -## auth.mongo.ssl_opts.cacertfile = - -## MongoDB write mode. -## -## Value: unsafe | safe -## auth.mongo.w_mode = - -## Mongo read mode. -## -## Value: master | slave_ok -## auth.mongo.r_mode = - -## MongoDB topology options. -auth.mongo.topology.pool_size = 1 -auth.mongo.topology.max_overflow = 0 -## auth.mongo.topology.overflow_ttl = 1000 -## auth.mongo.topology.overflow_check_period = 1000 -## auth.mongo.topology.local_threshold_ms = 1000 -## auth.mongo.topology.connect_timeout_ms = 20000 -## auth.mongo.topology.socket_timeout_ms = 100 -## auth.mongo.topology.server_selection_timeout_ms = 30000 -## auth.mongo.topology.wait_queue_timeout_ms = 1000 -## auth.mongo.topology.heartbeat_frequency_ms = 10000 -## auth.mongo.topology.min_heartbeat_frequency_ms = 1000 - -## ------------------------------------------------- -## Auth Query -## ------------------------------------------------- -## Password hash. -## -## Value: plain | md5 | sha | sha256 | bcrypt -auth.mongo.auth_query.password_hash = sha256 - -## sha256 with salt suffix -## auth.mongo.auth_query.password_hash = sha256,salt - -## sha256 with salt prefix -## auth.mongo.auth_query.password_hash = salt,sha256 - -## bcrypt with salt prefix -## auth.mongo.auth_query.password_hash = salt,bcrypt - -## pbkdf2 with macfun iterations dklen -## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20 - -## Authentication query. -auth.mongo.auth_query.collection = mqtt_user - -## Password mainly fields -## -## Value: password | password,salt -auth.mongo.auth_query.password_field = password - -## Authentication Selector. -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -## auth.mongo.auth_query.selector = {Field}={Placeholder} -auth.mongo.auth_query.selector = username=%u - -## ------------------------------------------------- -## Super User Query -## ------------------------------------------------- -auth.mongo.super_query.collection = mqtt_user -auth.mongo.super_query.super_field = is_superuser -#auth.mongo.super_query.selector = username=%u, clientid=%c -auth.mongo.super_query.selector = username=%u - -## ACL Selector. -## -## Multiple selectors could be combined with '$or' -## when query acl from mongo. -## -## e.g. -## -## With following 2 selectors configured: -## -## auth.mongo.acl_query.selector.1 = username=%u -## auth.mongo.acl_query.selector.2 = username=$all -## -## And if a client connected using username 'ilyas', -## then the following mongo command will be used to -## retrieve acl entries: -## -## db.mqtt_acl.find({$or: [{username: "ilyas"}, {username: "$all"}]}); -## -## Variables: -## - %u: username -## - %c: clientid -## -## Examples: -## -## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c -## auth.mongo.acl_query.selector.2 = username=$all -## auth.mongo.acl_query.selector.3 = clientid=$all -auth.mongo.acl_query.collection = mqtt_acl -auth.mongo.acl_query.selector = username=%u diff --git a/etc/emqx_cloud.d/emqx_auth_pgsql.conf b/etc/emqx_cloud.d/emqx_auth_pgsql.conf deleted file mode 100644 index 3e79d96d8..000000000 --- a/etc/emqx_cloud.d/emqx_auth_pgsql.conf +++ /dev/null @@ -1,110 +0,0 @@ -##-------------------------------------------------------------------- -## PostgreSQL Auth/ACL Plugin -##-------------------------------------------------------------------- - -## PostgreSQL server address. -## -## Value: Port | IP:Port -## -## Examples: 5432, 127.0.0.1:5432, localhost:5432 -auth.pgsql.server = 127.0.0.1:5432 - -## PostgreSQL pool size. -## -## Value: Number -auth.pgsql.pool = 8 - -## PostgreSQL username. -## -## Value: String -auth.pgsql.username = root - -## PostgreSQL password. -## -## Value: String -## auth.pgsql.password = - -## PostgreSQL database. -## -## Value: String -auth.pgsql.database = mqtt - -## PostgreSQL database encoding. -## -## Value: String -auth.pgsql.encoding = utf8 - -## Whether to enable SSL connection. -## -## Value: true | false -auth.pgsql.ssl = false - -## SSL keyfile. -## -## Value: File -## auth.pgsql.ssl_opts.keyfile = - -## SSL certfile. -## -## Value: File -## auth.pgsql.ssl_opts.certfile = - -## SSL cacertfile. -## -## Value: File -## auth.pgsql.ssl_opts.cacertfile = - -## Authentication query. -## -## Value: SQL -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1 - -## Password hash. -## -## Value: plain | md5 | sha | sha256 | bcrypt -auth.pgsql.password_hash = sha256 - -## sha256 with salt prefix -## auth.pgsql.password_hash = salt,sha256 - -## sha256 with salt suffix -## auth.pgsql.password_hash = sha256,salt - -## bcrypt with salt prefix -## auth.pgsql.password_hash = salt,bcrypt - -## pbkdf2 with macfun iterations dklen -## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.pgsql.password_hash = pbkdf2,sha256,1000,20 - -## Superuser query. -## -## Value: SQL -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1 - -## ACL query. Comment this query, the ACL will be disabled. -## -## Value: SQL -## -## Variables: -## - %a: ipaddress -## - %u: username -## - %c: clientid -## -## Note: You can add the 'ORDER BY' statement to control the rules match order -auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c' - diff --git a/etc/emqx_cloud.d/emqx_auth_redis.conf b/etc/emqx_cloud.d/emqx_auth_redis.conf deleted file mode 100644 index aa00c4392..000000000 --- a/etc/emqx_cloud.d/emqx_auth_redis.conf +++ /dev/null @@ -1,97 +0,0 @@ -##-------------------------------------------------------------------- -## Redis Auth/ACL Plugin -##-------------------------------------------------------------------- -## Redis Server cluster type -## single Single redis server -## sentinel Redis cluster through sentinel -## cluster Redis through cluster -auth.redis.type = single - -## Redis server address. -## -## Value: Port | IP:Port -## -## Single Redis Server: 127.0.0.1:6379, localhost:6379 -## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379 -## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379 -auth.redis.server = 127.0.0.1:6379 - -## Redis sentinel cluster name. -## -## Value: String -## auth.redis.sentinel = mymaster - -## Redis pool size. -## -## Value: Number -auth.redis.pool = 8 - -## Redis database no. -## -## Value: Number -auth.redis.database = 0 - -## Redis password. -## -## Value: String -## auth.redis.password = - -## Redis query timeout -## -## Value: Duration -## auth.redis.query_timeout = 5s - -## Authentication query command. -## -## Value: Redis cmd -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -## Examples: -## - HGET mqtt_user:%u password -## - HMGET mqtt_user:%u password -## - HMGET mqtt_user:%u password salt -auth.redis.auth_cmd = HMGET mqtt_user:%u password - -## Password hash. -## -## Value: plain | md5 | sha | sha256 | bcrypt -auth.redis.password_hash = plain - -## sha256 with salt prefix -## auth.redis.password_hash = salt,sha256 - -## sha256 with salt suffix -## auth.redis.password_hash = sha256,salt - -## bcrypt with salt prefix -## auth.redis.password_hash = salt,bcrypt - -## pbkdf2 with macfun iterations dklen -## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 -## auth.redis.password_hash = pbkdf2,sha256,1000,20 - -## Superuser query command. -## -## Value: Redis cmd -## -## Variables: -## - %u: username -## - %c: clientid -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -auth.redis.super_cmd = HGET mqtt_user:%u is_superuser - -## ACL query command. -## -## Value: Redis cmd -## -## Variables: -## - %u: username -## - %c: clientid -auth.redis.acl_cmd = HGETALL mqtt_acl:%u - diff --git a/etc/emqx_cloud.d/emqx_exhook.conf b/etc/emqx_cloud.d/emqx_exhook.conf deleted file mode 100644 index f6f5213f7..000000000 --- a/etc/emqx_cloud.d/emqx_exhook.conf +++ /dev/null @@ -1,15 +0,0 @@ -##==================================================================== -## EMQ X Hooks -##==================================================================== - -##-------------------------------------------------------------------- -## Server Address - -## The gRPC server url -## -## exhook.server.$name.url = url() -exhook.server.default.url = http://127.0.0.1:9000 - -#exhook.server.default.ssl.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem -#exhook.server.default.ssl.certfile = {{ platform_etc_dir }}/certs/cert.pem -#exhook.server.default.ssl.keyfile = {{ platform_etc_dir }}/certs/key.pem diff --git a/etc/emqx_cloud.d/emqx_exproto.conf b/etc/emqx_cloud.d/emqx_exproto.conf deleted file mode 100644 index a64153791..000000000 --- a/etc/emqx_cloud.d/emqx_exproto.conf +++ /dev/null @@ -1,252 +0,0 @@ -##==================================================================== -## EMQ X ExProto -##==================================================================== - -exproto.server.http.port = 9100 - -exproto.server.https.port = 9101 -exproto.server.https.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem -exproto.server.https.certfile = {{ platform_etc_dir }}/certs/cert.pem -exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem - -##-------------------------------------------------------------------- -## Listeners -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## MQTT/TCP - External TCP Listener for MQTT Protocol - -## The IP address and port that the listener will bind. -## -## Value: ://: -## -## Examples: tcp://0.0.0.0:7993 | ssl://127.0.0.1:7994 -exproto.listener.protoname = tcp://0.0.0.0:7993 - -## The ConnectionHandler server address -## -exproto.listener.protoname.connection_handler_url = http://127.0.0.1:9001 - -#exproto.listener.protoname.connection_handler_certfile = -#exproto.listener.protoname.connection_handler_cacertfile = -#exproto.listener.protoname.connection_handler_keyfile = - -## The acceptor pool for external MQTT/TCP listener. -## -## Value: Number -exproto.listener.protoname.acceptors = 8 - -## Maximum number of concurrent MQTT/TCP connections. -## -## Value: Number -exproto.listener.protoname.max_connections = 1024000 - -## Maximum external connections per second. -## -## Value: Number -exproto.listener.protoname.max_conn_rate = 1000 - -## Specify the {active, N} option for the external MQTT/TCP Socket. -## -## Value: Number -exproto.listener.protoname.active_n = 100 - -## Idle timeout -## -## Value: Duration -exproto.listener.protoname.idle_timeout = 30s - -## The access control rules for the MQTT/TCP listener. -## -## See: https://github.com/emqtt/esockd#allowdeny -## -## Value: ACL Rule -## -## Example: allow 192.168.0.0/24 -exproto.listener.protoname.access.1 = allow all - -## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed -## behind HAProxy or Nginx. -## -## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/ -## -## Value: on | off -## exproto.listener.protoname.proxy_protocol = on - -## Sets the timeout for proxy protocol. EMQ X will close the TCP connection -## if no proxy protocol packet recevied within the timeout. -## -## Value: Duration -#exproto.listener.protoname.proxy_protocol_timeout = 3s - -## The TCP backlog defines the maximum length that the queue of pending -## connections can grow to. -## -## Value: Number >= 0 -exproto.listener.protoname.backlog = 1024 - -## The TCP send timeout for external MQTT connections. -## -## Value: Duration -exproto.listener.protoname.send_timeout = 15s - -## Close the TCP connection if send timeout. -## -## Value: on | off -exproto.listener.protoname.send_timeout_close = on - -## The TCP receive buffer(os kernel) for MQTT connections. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -#exproto.listener.protoname.recbuf = 2KB - -## The TCP send buffer(os kernel) for MQTT connections. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -#exproto.listener.protoname.sndbuf = 2KB - -## The size of the user-level software buffer used by the driver. -## Not to be confused with options sndbuf and recbuf, which correspond -## to the Kernel socket buffers. It is recommended to have val(buffer) -## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because -## of unnecessary copying. val(buffer) is automatically set to the above -## maximum when values sndbuf or recbuf are set. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -#exproto.listener.protoname.buffer = 2KB - -## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. -## -## Value: on | off -#exproto.listener.protoname.tune_buffer = off - -## The TCP_NODELAY flag for MQTT connections. Small amounts of data are -## sent immediately if the option is enabled. -## -## Value: true | false -exproto.listener.protoname.nodelay = true - -## The SO_REUSEADDR flag for TCP listener. -## -## Value: true | false -exproto.listener.protoname.reuseaddr = true - - -##-------------------------------------------------------------------- -## TLS/DTLS options - -## TLS versions only to protect from POODLE attack. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: String, seperated by ',' -#exproto.listener.protoname.tls_versions = tlsv1.2,tlsv1.1,tlsv1 - -## Path to the file containing the user's private PEM-encoded key. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: File -#exproto.listener.protoname.keyfile = {{ platform_etc_dir }}/certs/key.pem - -## Path to a file containing the user certificate. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: File -#exproto.listener.protoname.certfile = {{ platform_etc_dir }}/certs/cert.pem - -## Path to the file containing PEM-encoded CA certificates. The CA certificates -## are used during server authentication and when building the client certificate chain. -## -## Value: File -#exproto.listener.protoname.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem - -## The Ephemeral Diffie-Helman key exchange is a very effective way of -## ensuring Forward Secrecy by exchanging a set of keys that never hit -## the wire. Since the DH key is effectively signed by the private key, -## it needs to be at least as strong as the private key. In addition, -## the default DH groups that most of the OpenSSL installations have -## are only a handful (since they are distributed with the OpenSSL -## package that has been built for the operating system it’s running on) -## and hence predictable (not to mention, 1024 bits only). -## In order to escape this situation, first we need to generate a fresh, -## strong DH group, store it in a file and then use the option above, -## to force our SSL application to use the new DH group. Fortunately, -## OpenSSL provides us with a tool to do that. Simply run: -## openssl dhparam -out dh-params.pem 2048 -## -## Value: File -#exproto.listener.protoname.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem - -## A server only does x509-path validation in mode verify_peer, -## as it then sends a certificate request to the client (this -## message is not sent if the verify option is verify_none). -## You can then also want to specify option fail_if_no_peer_cert. -## More information at: http://erlang.org/doc/man/ssl.html -## -## Value: verify_peer | verify_none -#exproto.listener.protoname.verify = verify_peer - -## Used together with {verify, verify_peer} by an SSL server. If set to true, -## the server fails if the client does not have a certificate to send, that is, -## sends an empty certificate. -## -## Value: true | false -#exproto.listener.protoname.fail_if_no_peer_cert = true - -## This is the single most important configuration option of an Erlang SSL -## application. Ciphers (and their ordering) define the way the client and -## server encrypt information over the wire, from the initial Diffie-Helman -## key exchange, the session key encryption ## algorithm and the message -## digest algorithm. Selecting a good cipher suite is critical for the -## application’s data security, confidentiality and performance. -## -## The cipher list above offers: -## -## A good balance between compatibility with older browsers. -## It can get stricter for Machine-To-Machine scenarios. -## Perfect Forward Secrecy. -## No old/insecure encryption and HMAC algorithms -## -## Most of it was copied from Mozilla’s Server Side TLS article -## -## Value: Ciphers -#exproto.listener.protoname.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## Ciphers for TLS PSK. -## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot -## be configured at the same time. -## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#exproto.listener.protoname.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA - -## SSL parameter renegotiation is a feature that allows a client and a server -## to renegotiate the parameters of the SSL connection on the fly. -## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, -## you drop support for the insecure renegotiation, prone to MitM attacks. -## -## Value: on | off -#exproto.listener.protoname.secure_renegotiate = off - -## A performance optimization setting, it allows clients to reuse -## pre-existing sessions, instead of initializing new ones. -## Read more about it here. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: on | off -#exproto.listener.protoname.reuse_sessions = on - -## An important security setting, it forces the cipher to be set based -## on the server-specified order instead of the client-specified order, -## hence enforcing the (usually more properly configured) security -## ordering of the server administrator. -## -## Value: on | off -#exproto.listener.protoname.honor_cipher_order = on diff --git a/etc/emqx_cloud.d/emqx_lua_hook.conf b/etc/emqx_cloud.d/emqx_lua_hook.conf deleted file mode 100644 index f0256afae..000000000 --- a/etc/emqx_cloud.d/emqx_lua_hook.conf +++ /dev/null @@ -1,4 +0,0 @@ -##-------------------------------------------------------------------- -## EMQ X Lua Hook -##-------------------------------------------------------------------- - diff --git a/etc/emqx_cloud.d/emqx_lwm2m.conf b/etc/emqx_cloud.d/emqx_lwm2m.conf deleted file mode 100644 index c9baf6feb..000000000 --- a/etc/emqx_cloud.d/emqx_lwm2m.conf +++ /dev/null @@ -1,136 +0,0 @@ -##-------------------------------------------------------------------- -## LwM2M Gateway -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## Protocols - -# To Limit the range of lifetime, in seconds -lwm2m.lifetime_min = 1s -lwm2m.lifetime_max = 86400s - -# The time window for Q Mode, indicating that after how long time -# the downlink commands sent to the client will be cached. -#lwm2m.qmode_time_window = 22 - -# Auto send observer command to device -# on | off -#lwm2m.auto_observe = off - -# The topic subscribed by the lwm2m client after it is connected -# Placeholders supported: -# '%e': Endpoint Name -# '%a': IP Address -lwm2m.mountpoint = lwm2m/%e/ - -# The topic subscribed by the lwm2m client after it is connected -# Placeholders supported: -# '%e': Endpoint Name -# '%a': IP Address -lwm2m.topics.command = dn/# - -# The topic to which the lwm2m client's response is published -lwm2m.topics.response = up/resp - -# The topic to which the lwm2m client's notify message is published -lwm2m.topics.notify = up/notify - -# The topic to which the lwm2m client's register message is published -lwm2m.topics.register = up/resp - -# The topic to which the lwm2m client's update message is published -lwm2m.topics.update = up/resp - -# Dir where the object definition files can be found -lwm2m.xml_dir = {{ platform_etc_dir }}/lwm2m_xml - -##-------------------------------------------------------------------- -## UDP Listener options - -## The IP and port of the LwM2M Gateway -## -## Default: 0.0.0.0:5683 -## Examples: -## lwm2m.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683 -lwm2m.bind.udp.1 = 0.0.0.0:5683 -#lwm2m.bind.udp.2 = 0.0.0.0:6683 - -## Socket options, used for performance tuning -## -## Examples: -## lwm2m.opts.$name = $value -## See: https://erlang.org/doc/man/gen_udp.html#type-option -lwm2m.opts.buffer = 1024KB -lwm2m.opts.recbuf = 1024KB -lwm2m.opts.sndbuf = 1024KB -lwm2m.opts.read_packets = 20 - -##-------------------------------------------------------------------- -## DTLS Listener Options - -## The DTLS port that LwM2M is listening on. -## -## Default: 0.0.0.0:5684 -## -## Examples: -## lwm2m.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684 -## -lwm2m.bind.dtls.1 = 0.0.0.0:5684 -#lwm2m.bind.dtls.2 = 0.0.0.0:6684 - -## A server only does x509-path validation in mode verify_peer, -## as it then sends a certificate request to the client (this -## message is not sent if the verify option is verify_none). -## You can then also want to specify option fail_if_no_peer_cert. -## More information at: http://erlang.org/doc/man/ssl.html -## -## Value: verify_peer | verify_none -#lwm2m.dtls.verify = verify_peer - -## Private key file for DTLS -## -## Value: File -lwm2m.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem - -## Server certificate for DTLS. -## -## Value: File -lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem - -## PEM-encoded CA certificates for DTLS -## -## Value: File -#lwm2m.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem - -## Used together with {verify, verify_peer} by an SSL server. If set to true, -## the server fails if the client does not have a certificate to send, that is, -## sends an empty certificate. -## -## Value: true | false -#lwm2m.dtls.fail_if_no_peer_cert = false - -## This is the single most important configuration option of an Erlang SSL -## application. Ciphers (and their ordering) define the way the client and -## server encrypt information over the wire, from the initial Diffie-Helman -## key exchange, the session key encryption ## algorithm and the message -## digest algorithm. Selecting a good cipher suite is critical for the -## application’s data security, confidentiality and performance. -## -## The cipher list above offers: -## -## A good balance between compatibility with older browsers. -## It can get stricter for Machine-To-Machine scenarios. -## Perfect Forward Secrecy. -## No old/insecure encryption and HMAC algorithms -## -## Most of it was copied from Mozilla’s Server Side TLS article -## -## Value: Ciphers -lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## Ciphers for TLS PSK. -## -## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot -## be configured at the same time. -## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#lwm2m.dtls.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA diff --git a/etc/emqx_cloud.d/emqx_prometheus.conf b/etc/emqx_cloud.d/emqx_prometheus.conf deleted file mode 100644 index 7bfa22095..000000000 --- a/etc/emqx_cloud.d/emqx_prometheus.conf +++ /dev/null @@ -1,13 +0,0 @@ -##-------------------------------------------------------------------- -## emqx_prometheus for EMQ X -##-------------------------------------------------------------------- - -## The Prometheus Push Gateway URL address -## -## Note: You can comment out this line to disable it -prometheus.push.gateway.server = http://127.0.0.1:9091 - -## The metrics data push interval (millisecond) -## -## Default: 15000 -prometheus.interval = 15000 diff --git a/etc/emqx_cloud.d/emqx_psk_file.conf b/etc/emqx_cloud.d/emqx_psk_file.conf deleted file mode 100644 index 3cee1c926..000000000 --- a/etc/emqx_cloud.d/emqx_psk_file.conf +++ /dev/null @@ -1,2 +0,0 @@ -psk.file.path = {{ platform_etc_dir }}/psk.txt -psk.file.delimiter = : \ No newline at end of file diff --git a/etc/emqx_edge.d/vm.args.edge b/etc/emqx_edge.d/vm.args similarity index 100% rename from etc/emqx_edge.d/vm.args.edge rename to etc/emqx_edge.d/vm.args diff --git a/etc/vm.args b/etc/vm.args deleted file mode 100644 index d18d2f20d..000000000 --- a/etc/vm.args +++ /dev/null @@ -1,115 +0,0 @@ -###################################################################### -## Erlang VM Args for EMQ X Broker -###################################################################### - -## NOTE: -## -## Arguments configured in this file might be overridden by configs from `emqx.conf`. -## -## Some basic VM arguments are to be configured in `emqx.conf`, -## such as `node.name` for `-name` and `node.cooke` for `-setcookie`. - -## Sets the maximum number of simultaneously existing processes for this system. -+P 2097152 - -## Sets the maximum number of simultaneously existing ports for this system. -+Q 1048576 - -## Sets the maximum number of ETS tables -+e 262144 - -## Sets the maximum number of atoms the virtual machine can handle. -#+t 1048576 - -## Set the location of crash dumps -#-env ERL_CRASH_DUMP {{ platform_log_dir }}/crash.dump - -## Set how many times generational garbages collections can be done without -## forcing a fullsweep collection. --env ERL_FULLSWEEP_AFTER 1000 - -## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive -## (Disabled by default..use with caution!) -#-heart - -## Specify the erlang distributed protocol. -## Can be one of: inet_tcp, inet6_tcp, inet_tls -#-proto_dist inet_tcp - -## Specify SSL Options in the file if using SSL for Erlang Distribution. -## Used only when -proto_dist set to inet_tls -#-ssl_dist_optfile {{ platform_etc_dir }}/ssl_dist.conf - -## Specifies the net_kernel tick time in seconds. -## This is the approximate time a connected node may be unresponsive until -## it is considered down and thereby disconnected. --kernel net_ticktime 120 - -## Sets the distribution buffer busy limit (dist_buf_busy_limit). -#+zdbbl 8192 - -## Sets default scheduler hint for port parallelism. -+spp true - -## Sets the number of threads in async thread pool. Valid range is 0-1024. -## Increase the parameter if there are many simultaneous file I/O operations. -+A 4 - -## Sets the default heap size of processes to the size Size. -#+hms 233 - -## Sets the default binary virtual heap size of processes to the size Size. -#+hmbs 46422 - -## Sets the default maximum heap size of processes to the size Size. -## Defaults to 0, which means that no maximum heap size is used. -##For more information, see process_flag(max_heap_size, MaxHeapSize). -#+hmax 0 - -## Sets the default value for process flag message_queue_data. Defaults to on_heap. -#+hmqd on_heap | off_heap - -## Sets the number of IO pollsets to use when polling for I/O. -#+IOp 1 - -## Sets the number of IO poll threads to use when polling for I/O. -## Increase this for the busy systems with many concurrent connection. -+IOt 4 - -## Sets the number of scheduler threads to create and scheduler threads to set online. -#+S 8:8 - -## Sets the number of dirty CPU scheduler threads to create and dirty CPU scheduler threads to set online. -#+SDcpu 8:8 - -## Sets the number of dirty I/O scheduler threads to create. -+SDio 8 - -## Suggested stack size, in kilowords, for scheduler threads. -#+sss 32 - -## Suggested stack size, in kilowords, for dirty CPU scheduler threads. -#+sssdcpu 40 - -## Suggested stack size, in kilowords, for dirty IO scheduler threads. -#+sssdio 40 - -## Sets scheduler bind type. -## Can be one of: u, ns, ts, ps, s, nnts, nnps, tnnps, db -#+sbt db - -## Sets a user-defined CPU topology. -#+sct L0-3c0-3p0N0:L4-7c0-3p1N1 - -## Sets the mapping of warning messages for error_logger -#+W w - -## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp -#+C no_time_warp - -## Prevents loading information about source filenames and line numbers. -#+L - -## Specifies how long time (in milliseconds) to spend shutting down the system. -## See: http://erlang.org/doc/man/erl.html --shutdown_time 30000 diff --git a/etc/vm.args.edge b/etc/vm.args.edge deleted file mode 100644 index 9f722d1dd..000000000 --- a/etc/vm.args.edge +++ /dev/null @@ -1,114 +0,0 @@ -###################################################################### -## Erlang VM Args for EMQ X Edge -###################################################################### - -## NOTE: -## -## Arguments configured in this file might be overridden by configs from `emqx.conf`. -## -## Some basic VM arguments are to be configured in `emqx.conf`, -## such as `node.name` for `-name` and `node.cooke` for `-setcookie`. - -## Sets the maximum number of simultaneously existing processes for this system. -+P 16384 -## Sets the maximum number of simultaneously existing ports for this system. -+Q 4096 - -## Sets the maximum number of ETS tables -+e 512 - -## Sets the maximum number of atoms the virtual machine can handle. -+t 262144 - -## Set the location of crash dumps --env ERL_CRASH_DUMP {{ platform_log_dir }}/crash.dump - -## Set how many times generational garbages collections can be done without -## forcing a fullsweep collection. --env ERL_FULLSWEEP_AFTER 0 - -## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive -## (Disabled by default..use with caution!) --heart - -## Specify the erlang distributed protocol. -## Can be one of: inet_tcp, inet6_tcp, inet_tls -#-proto_dist inet_tcp - -## Specify SSL Options in the file if using SSL for Erlang Distribution. -## Used only when -proto_dist set to inet_tls -#-ssl_dist_optfile {{ platform_etc_dir }}/ssl_dist.conf - -## Specifies the net_kernel tick time in seconds. -## This is the approximate time a connected node may be unresponsive until -## it is considered down and thereby disconnected. -#-kernel net_ticktime 60 - -## Sets the distribution buffer busy limit (dist_buf_busy_limit). -+zdbbl 1024 - -## Sets default scheduler hint for port parallelism. -+spp false - -## Sets the number of threads in async thread pool. Valid range is 0-1024. -## Increase the parameter if there are many simultaneous file I/O operations. -+A 1 - -## Sets the default heap size of processes to the size Size. -#+hms 233 - -## Sets the default binary virtual heap size of processes to the size Size. -#+hmbs 46422 - -## Sets the default maximum heap size of processes to the size Size. -## Defaults to 0, which means that no maximum heap size is used. -##For more information, see process_flag(max_heap_size, MaxHeapSize). -#+hmax 0 - -## Sets the default value for process flag message_queue_data. Defaults to on_heap. -#+hmqd on_heap | off_heap - -## Sets the number of IO pollsets to use when polling for I/O. -+IOp 1 - -## Sets the number of IO poll threads to use when polling for I/O. -+IOt 1 - -## Sets the number of scheduler threads to create and scheduler threads to set online. -+S 1:1 - -## Sets the number of dirty CPU scheduler threads to create and dirty CPU scheduler threads to set online. -+SDcpu 1:1 - -## Sets the number of dirty I/O scheduler threads to create. -+SDio 1 - -## Suggested stack size, in kilowords, for scheduler threads. -#+sss 32 - -## Suggested stack size, in kilowords, for dirty CPU scheduler threads. -#+sssdcpu 40 - -## Suggested stack size, in kilowords, for dirty IO scheduler threads. -#+sssdio 40 - -## Sets scheduler bind type. -## Can be one of: u, ns, ts, ps, s, nnts, nnps, tnnps, db -#+sbt db - -## Sets a user-defined CPU topology. -#+sct L0-3c0-3p0N0:L4-7c0-3p1N1 - -## Sets the mapping of warning messages for error_logger -#+W w - -## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp -#+C no_time_warp - -## Prevents loading information about source filenames and line numbers. -+L - -## Specifies how long time (in milliseconds) to spend shutting down the system. -## See: http://erlang.org/doc/man/erl.html --shutdown_time 10000 -