chore(build): Remove plugin config collection

Plugin configs are to be added manually
2020-12-12 11:59:26 +01:00 · 2020-12-12 11:59:26 +01:00 · f6f6fe47da
parent 10dbb5bc96
commit f6f6fe47da
31 changed files with 0 additions and 2271 deletions
--- a/etc/emqx.d/emqx_auth_clientid.conf
+++ b/etc/emqx.d/emqx_auth_clientid.conf
@ -1,18 +0,0 @@
 ##--------------------------------------------------------------------
 ## ClientId Authentication Plugin
 ##--------------------------------------------------------------------
 ## Examples
 ##auth.client.1.clientid = id
 ##auth.client.1.password = passwd
 ##auth.client.2.clientid = dev:devid
 ##auth.client.2.password = passwd2
 ##auth.client.3.clientid = app:appid
 ##auth.client.3.password = passwd3
 ##auth.client.4.clientid = client~!@#$%^&*()_+
 ##auth.client.4.password = passwd~!@#$%^&*()_+
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256
 auth.client.password_hash = sha256
--- a/etc/emqx.d/emqx_auth_http.conf
+++ b/etc/emqx.d/emqx_auth_http.conf
@ -1,162 +0,0 @@
 ##--------------------------------------------------------------------
 ## HTTP Auth/ACL Plugin
 ##--------------------------------------------------------------------
 ##--------------------------------------------------------------------
 ## Authentication request.
 ## HTTP URL API path for authentication request
 ##
 ## Value: URL
 ##
 ## Examples: http://127.0.0.1:8991/mqtt/auth, https://[::1]:8991/mqtt/auth
 auth.http.auth_req = http://127.0.0.1:8991/mqtt/auth
 ## Value: post | get
 auth.http.auth_req.method = post
 ## It only works when method=post
 ## Value: json | x-www-form-urlencoded
 auth.http.auth_req.content_type = x-www-form-urlencoded
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %a: ipaddress
 ##  - %r: protocol
 ##  - %P: password
 ##  - %p: sockport of server accepted
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 ## Value: Params
 auth.http.auth_req.params = clientid=%c,username=%u,password=%P
 ##--------------------------------------------------------------------
 ## Superuser request.
 ## HTTP URL API path for Superuser request
 ##
 ## Value: URL
 ##
 ## Examples: http://127.0.0.1:8991/mqtt/superuser, https://[::1]:8991/mqtt/superuser
 #auth.http.super_req = http://127.0.0.1:8991/mqtt/superuser
 ## Value: post | get
 #auth.http.super_req.method = post
 ## It only works when method=pos
 ## Value: json | x-www-form-urlencoded
 #auth.http.super_req.content_type = x-www-form-urlencoded
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %a: ipaddress
 ##  - %r: protocol
 ##  - %P: password
 ##  - %p: sockport of server accepted
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 ## Value: Params
 #auth.http.super_req.params = clientid=%c,username=%u
 ##--------------------------------------------------------------------
 ## ACL request.
 ## HTTP URL API path for ACL request
 ##
 ## Value: URL
 ##
 ## Examples: http://127.0.0.1:8991/mqtt/acl, https://[::1]:8991/mqtt/acl
 auth.http.acl_req = http://127.0.0.1:8991/mqtt/acl
 ## Value: post | get
 auth.http.acl_req.method = get
 ## It only works when method=post
 ## Value: json | x-www-form-urlencoded
 auth.http.acl_req.content_type = x-www-form-urlencoded
 ## Variables:
 ##  - %A: 1 | 2, 1 = sub, 2 = pub
 ##  - %u: username
 ##  - %c: clientid
 ##  - %a: ipaddress
 ##  - %r: protocol
 ##  - %m: mountpoint
 ##  - %t: topic
 ##
 ## Value: Params
 auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
 ##------------------------------------------------------------------------------
 ## Http Reqeust options
 ## Time-out time for the http request, 0 is never timeout.
 ##
 ## Value: Duration
 ## -h: hour, e.g. '2h' for 2 hours
 ## -m: minute, e.g. '5m' for 5 minutes
 ## -s: second, e.g. '30s' for 30 seconds
 ##
 ## Default: 0
 ## auth.http.request.timeout = 0
 ## Connection time-out time, used during the initial request
 ## when the client is connecting to the server
 ##
 ## Value: Duration
 ##
 ## Default is same with the timeout option
 ## auth.http.request.connect_timeout = 0
 ## Re-send http reuqest times
 ##
 ## Value: integer
 ##
 ## Default: 3
 auth.http.request.retry_times = 3
 ## The interval for re-sending the http request
 ##
 ## Value: Duration
 ##
 ## Default: 1s
 auth.http.request.retry_interval = 1s
 ## The 'Exponential Backoff' mechanism for re-sending request. The actually
 ## re-send time interval is `interval * backoff ^ times`
 ##
 ## Value: float
 ##
 ## Default: 2.0
 auth.http.request.retry_backoff = 2.0
 ##------------------------------------------------------------------------------
 ## SSL options
 ## Path to the file containing PEM-encoded CA certificates. The CA certificates
 ## are used during server authentication and when building the client certificate chain.
 ##
 ## Value: File
 ## auth.http.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
 ## The path to a file containing the client's certificate.
 ##
 ## Value: File
 ## auth.http.ssl.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
 ## Path to a file containing the client's private PEM-encoded key.
 ##
 ## Value: File
 ## auth.http.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
 ##--------------------------------------------------------------------
 ## HTTP Request Headers
 ##
 ## Example: auth.http.header.Accept-Encoding = *
 ##
 ## Value: String
 ## auth.http.header.Accept = */*
--- a/etc/emqx.d/emqx_auth_jwt.conf
+++ b/etc/emqx.d/emqx_auth_jwt.conf
@ -1,39 +0,0 @@
 ##--------------------------------------------------------------------
 ## JWT Auth Plugin
 ##--------------------------------------------------------------------
 ## HMAC Hash Secret.
 ##
 ## Value: String
 auth.jwt.secret = emqxsecret
 ## From where the JWT string can be got
 ##
 ## Value: username | password
 ## Default: password
 auth.jwt.from = password
 ## RSA or ECDSA public key file.
 ##
 ## Value: File
 ## auth.jwt.pubkey = etc/certs/jwt_public_key.pem
 ## Enable to verify claims fields
 ##
 ## Value: on | off
 auth.jwt.verify_claims = off
 ## The checklist of claims to validate
 ##
 ## Value: String
 ## auth.jwt.verify_claims.$name = expected
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 # auth.jwt.verify_claims.username = %u
 ## The Signature format
 ##   - `der`: The erlang default format
 ##   - `raw`: Compatible with others platform maybe
 #auth.jwt.signature_format = der
--- a/etc/emqx.d/emqx_auth_mnesia.conf
+++ b/etc/emqx.d/emqx_auth_mnesia.conf
@ -1,20 +0,0 @@
 ## Examples:
 ##auth.mnesia.1.login = admin
 ##auth.mnesia.1.password = public
 ##auth.mnesia.1.is_superuser = true
 ##auth.mnesia.2.login = feng@emqtt.io
 ##auth.mnesia.2.password = public
 ##auth.mnesia.2.is_superuser = false
 ##auth.mnesia.3.login = name~!@#$%^&*()_+
 ##auth.mnesia.3.password = pwsswd~!@#$%^&*()_+
 ##auth.mnesia.3.is_superuser = false
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256 
 auth.mnesia.password_hash = sha256
 ## Auth as username or auth as clientid.
 ##
 ## Value: username | clientid
 auth.mnesia.as = username
--- a/etc/emqx.d/emqx_auth_mysql.conf
+++ b/etc/emqx.d/emqx_auth_mysql.conf
@ -1,116 +0,0 @@
 ##--------------------------------------------------------------------
 ## MySQL Auth/ACL Plugin
 ##--------------------------------------------------------------------
 ## MySQL server address.
 ##
 ## Value: Port | IP:Port
 ##
 ## Examples: 3306, 127.0.0.1:3306, localhost:3306
 auth.mysql.server = 127.0.0.1:3306
 ## MySQL pool size.
 ##
 ## Value: Number
 auth.mysql.pool = 8
 ## MySQL username.
 ##
 ## Value: String
 ## auth.mysql.username =
 ## MySQL password.
 ##
 ## Value: String
 ## auth.mysql.password =
 ## MySQL database.
 ##
 ## Value: String
 auth.mysql.database = mqtt
 ## MySQL query timeout
 ##
 ## Value: Duration
 ## auth.mysql.query_timeout = 5s
 ## Variables: %u = username, %c = clientid
 ## Authentication query.
 ##
 ## Note that column names should be 'password' and 'salt' (if used).
 ## In case column names differ in your DB - please use aliases,
 ## e.g. "my_column_name as password".
 ##
 ## Value: SQL
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
 ## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256 | bcrypt
 auth.mysql.password_hash = sha256
 ## sha256 with salt prefix
 ## auth.mysql.password_hash = salt,sha256
 ## bcrypt with salt only prefix
 ## auth.mysql.password_hash = salt,bcrypt
 ## sha256 with salt suffix
 ## auth.mysql.password_hash = sha256,salt
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
 ## auth.mysql.password_hash = pbkdf2,sha256,1000,20
 ## Superuser query.
 ##
 ## Value: SQL
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
 ## ACL query.
 ##
 ## Value: SQL
 ##
 ## Variables:
 ##  - %a: ipaddr
 ##  - %u: username
 ##  - %c: clientid
 ##
 ## Note: You can add the 'ORDER BY' statement to control the rules match order
 auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
 ## Mysql ssl configuration.
 ##
 ## Value: on | off
 auth.mysql.ssl = off
 ## CA certificate.
 ##
 ## Value: File
 ## auth.mysql.ssl.cafile  = path to your ca file
 ## Client ssl certificate.
 ##
 ## Value: File
 ## auth.mysql.ssl.certfile = path to your clientcert file
 ## Client ssl keyfile.
 ##
 ## Value: File
 ## auth.mysql.ssl.keyfile = path to your clientkey file
--- a/etc/emqx.d/emqx_auth_username.conf
+++ b/etc/emqx.d/emqx_auth_username.conf
@ -1,16 +0,0 @@
 ##--------------------------------------------------------------------
 ## Username Authentication Plugin
 ##--------------------------------------------------------------------
 ## Examples:
 ##auth.user.1.username = admin
 ##auth.user.1.password = public
 ##auth.user.2.username = feng@emqtt.io
 ##auth.user.2.password = public
 ##auth.user.3.username = name~!@#$%^&*()_+
 ##auth.user.3.password = pwsswd~!@#$%^&*()_+
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256 
 auth.user.password_hash = sha256
--- a/etc/emqx.d/emqx_bridge_mqtt.conf
+++ b/etc/emqx.d/emqx_bridge_mqtt.conf
@ -1,172 +0,0 @@
 ##====================================================================
 ## Configuration for EMQ X MQTT Broker Bridge
 ##====================================================================
 ##--------------------------------------------------------------------
 ## Bridges to aws
 ##--------------------------------------------------------------------
 ## Bridge address: node name for local bridge, host:port for remote.
 ##
 ## Value: String
 ## Example: emqx@127.0.0.1,  127.0.0.1:1883
 bridge.mqtt.aws.address = 127.0.0.1:1883
 ## Protocol version of the bridge.
 ##
 ## Value: Enum
 ## - mqttv5
 ## - mqttv4
 ## - mqttv3
 bridge.mqtt.aws.proto_ver = mqttv4
 ## Start type of the bridge.
 ##
 ## Value: enum
 ## manual
 ## auto
 bridge.mqtt.aws.start_type = manual
 ## Whether to enable bridge mode for mqtt bridge
 ##
 ## This option is prepared for the mqtt broker which does not
 ## support bridge_mode such as the mqtt-plugin of the rabbitmq
 ##
 ## Value: boolean
 #bridge.mqtt.aws.bridge_mode = false
 ## The ClientId of a remote bridge.
 ##
 ## Placeholders:
 ##  ${node}: Node name
 ##
 ## Value: String
 bridge.mqtt.aws.clientid = bridge_aws
 ## The Clean start flag of a remote bridge.
 ##
 ## Value: boolean
 ## Default: true
 ##
 ## NOTE: Some IoT platforms require clean_start
 ##       must be set to 'true'
 bridge.mqtt.aws.clean_start = true
 ## The username for a remote bridge.
 ##
 ## Value: String
 bridge.mqtt.aws.username = user
 ## The password for a remote bridge.
 ##
 ## Value: String
 bridge.mqtt.aws.password = passwd
 ## Topics that need to be forward to AWS IoTHUB
 ##
 ## Value: String
 ## Example: topic1/#,topic2/#
 bridge.mqtt.aws.forwards = topic1/#,topic2/#
 ## Forward messages to the mountpoint of an AWS IoTHUB
 ##
 ## Value: String
 bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/
 ## Need to subscribe to AWS topics
 ##
 ## Value: String
 ## bridge.mqtt.aws.subscription.1.topic = cmd/topic1
 ## Need to subscribe to AWS topics QoS.
 ##
 ## Value: Number
 ## bridge.mqtt.aws.subscription.1.qos = 1
 ## A mountpoint that receives messages from AWS IoTHUB
 ##
 ## Value: String
 ## bridge.mqtt.aws.receive_mountpoint = receive/aws/
 ## Bribge to remote server via SSL.
 ##
 ## Value: on | off
 bridge.mqtt.aws.ssl = off
 ## PEM-encoded CA certificates of the bridge.
 ##
 ## Value: File
 bridge.mqtt.aws.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 ## Client SSL Certfile of the bridge.
 ##
 ## Value: File
 bridge.mqtt.aws.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
 ## Client SSL Keyfile of the bridge.
 ##
 ## Value: File
 bridge.mqtt.aws.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
 ## SSL Ciphers used by the bridge.
 ##
 ## Value: String
 bridge.mqtt.aws.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 ## Ciphers for TLS PSK.
 ## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot
 ## be configured at the same time.
 ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
 #bridge.mqtt.aws.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 ## Ping interval of a down bridge.
 ##
 ## Value: Duration
 ## Default: 10 seconds
 bridge.mqtt.aws.keepalive = 60s
 ## TLS versions used by the bridge.
 ##
 ## Value: String
 bridge.mqtt.aws.tls_versions = tlsv1.2,tlsv1.1,tlsv1
 ## Bridge reconnect time.
 ##
 ## Value: Duration
 ## Default: 30 seconds
 bridge.mqtt.aws.reconnect_interval = 30s
 ## Retry interval for bridge QoS1 message delivering.
 ##
 ## Value: Duration
 bridge.mqtt.aws.retry_interval = 20s
 ## Publish messages in batches, only RPC Bridge supports
 ##
 ## Value: Integer
 ## default: 32
 bridge.mqtt.aws.batch_size = 32
 ## Inflight size.
 ##
 ## Value: Integer
 bridge.mqtt.aws.max_inflight_size = 32
 ## Base directory for replayq to store messages on disk
 ## If this config entry is missing or set to undefined,
 ## replayq works in a mem-only manner.
 ##
 ## Value: String
 bridge.mqtt.aws.queue.replayq_dir = {{ platform_data_dir }}/replayq/emqx_aws_bridge/
 ## Replayq segment size
 ##
 ## Value: Bytesize
 bridge.mqtt.aws.queue.replayq_seg_bytes = 10MB
 ## Replayq max total size
 ##
 ## Value: Bytesize
 bridge.mqtt.aws.queue.max_total_size = 5GB
--- a/etc/emqx.d/emqx_coap.conf
+++ b/etc/emqx.d/emqx_coap.conf
@ -1,82 +0,0 @@
 ##--------------------------------------------------------------------
 ## CoAP Gateway
 ##--------------------------------------------------------------------
 ## The IP and UDP port that CoAP bind with.
 ##
 ## Default: 0.0.0.0:5683
 ##
 ## Examples:
 ##    coap.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683
 ##
 coap.bind.udp.1 = 0.0.0.0:5683
 ##coap.bind.udp.2 = 0.0.0.0:6683
 ## Whether to enable statistics for CoAP clients.
 ##
 ## Value: on | off
 coap.enable_stats = off
 ##------------------------------------------------------------------------------
 ## DTLS options
 ## The DTLS port that CoAP is listening on.
 ##
 ## Default: 0.0.0.0:5684
 ##
 ## Examples:
 ##    coap.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684
 ##
 coap.bind.dtls.1 = 0.0.0.0:5684
 ##coap.bind.dtls.2 = 0.0.0.0:6684
 ## A server only does x509-path validation in mode verify_peer,
 ## as it then sends a certificate request to the client (this
 ## message is not sent if the verify option is verify_none).
 ## You can then also want to specify option fail_if_no_peer_cert.
 ## More information at: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: verify_peer | verify_none
 ## coap.dtls.verify = verify_peer
 ## Private key file for DTLS
 ##
 ## Value: File
 coap.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem
 ## Server certificate for DTLS.
 ##
 ## Value: File
 coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## PEM-encoded CA certificates for DTLS
 ##
 ## Value: File
 ## coap.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 ## Used together with {verify, verify_peer} by an SSL server. If set to true,
 ## the server fails if the client does not have a certificate to send, that is,
 ## sends an empty certificate.
 ##
 ## Value: true | false
 ## coap.dtls.fail_if_no_peer_cert = false
 ## This is the single most important configuration option of an Erlang SSL
 ## application. Ciphers (and their ordering) define the way the client and
 ## server encrypt information over the wire, from the initial Diffie-Helman
 ## key exchange, the session key encryption ## algorithm and the message
 ## digest algorithm. Selecting a good cipher suite is critical for the
 ## application’s data security, confidentiality and performance.
 ##
 ## The cipher list above offers:
 ##
 ## A good balance between compatibility with older browsers.
 ## It can get stricter for Machine-To-Machine scenarios.
 ## Perfect Forward Secrecy.
 ## No old/insecure encryption and HMAC algorithms
 ##
 ## Most of it was copied from Mozilla’s Server Side TLS article
 ##
 ## Value: Ciphers
 coap.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
--- a/etc/emqx.d/emqx_dashboard.conf
+++ b/etc/emqx.d/emqx_dashboard.conf
@ -1,129 +0,0 @@
 ##--------------------------------------------------------------------
 ## EMQ X Dashboard
 ##--------------------------------------------------------------------
 ## Default user's login name.
 ##
 ## Value: String
 dashboard.default_user.login = admin
 ## Default user's password.
 ##
 ## Value: String
 dashboard.default_user.password = public
 ##--------------------------------------------------------------------
 ## HTTP Listener
 ## The port that the Dashboard HTTP listener will bind.
 ##
 ## Value: Port
 ##
 ## Examples: 18083
 dashboard.listener.http = 18083
 ## The acceptor pool for external Dashboard HTTP listener.
 ##
 ## Value: Number
 dashboard.listener.http.acceptors = 4
 ## Maximum number of concurrent Dashboard HTTP connections.
 ##
 ## Value: Number
 dashboard.listener.http.max_clients = 512
 ## Set up the socket for IPv6.
 ##
 ## Value: false | true
 dashboard.listener.http.inet6 = false
 ## Listen on IPv4 and IPv6 (false) or only on IPv6 (true). Use with inet6.
 ##
 ## Value: false | true
 dashboard.listener.http.ipv6_v6only = false
 ##--------------------------------------------------------------------
 ## HTTPS Listener
 ## The port that the Dashboard HTTPS listener will bind.
 ##
 ## Value: Port
 ##
 ## Examples: 18084
 ## dashboard.listener.https = 18084
 ## The acceptor pool for external Dashboard HTTPS listener.
 ##
 ## Value: Number
 ## dashboard.listener.https.acceptors = 2
 ## Maximum number of concurrent Dashboard HTTPS connections.
 ##
 ## Value: Number
 ## dashboard.listener.https.max_clients = 512
 ## Set up the socket for IPv6.
 ##
 ## Value: false | true
 ## dashboard.listener.https.inet6 = false
 ## Listen on IPv4 and IPv6 (false) or only on IPv6 (true). Use with inet6.
 ##
 ## Value: false | true
 ## dashboard.listener.https.ipv6_v6only = false
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## Value: File
 ## dashboard.listener.https.keyfile = etc/certs/key.pem
 ## Path to a file containing the user certificate.
 ##
 ## Value: File
 ## dashboard.listener.https.certfile = etc/certs/cert.pem
 ## Path to the file containing PEM-encoded CA certificates.
 ##
 ## Value: File
 ## dashboard.listener.https.cacertfile = etc/certs/cacert.pem
 ## See: 'listener.ssl.<name>.dhfile' in emq.conf
 ##
 ## Value: File
 ## dashboard.listener.https.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
 ## See: 'listener.ssl.<name>.vefify' in emq.conf
 ##
 ## Value: vefify_peer | verify_none
 ## dashboard.listener.https.verify = verify_peer
 ## See: 'listener.ssl.<name>.fail_if_no_peer_cert' in emq.conf
 ##
 ## Value: false | true
 ## dashboard.listener.https.fail_if_no_peer_cert = true
 ## TLS versions only to protect from POODLE attack.
 ##
 ## Value: String, seperated by ','
 ## dashboard.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1
 ## See: 'listener.ssl.<name>.ciphers' in emq.conf
 ##
 ## Value: Ciphers
 ## dashboard.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 ## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
 ##
 ## Value: on | off
 ## dashboard.listener.https.secure_renegotiate = off
 ## See: 'listener.ssl.<name>.reuse_sessions' in emq.conf
 ##
 ## Value: on | off
 ## dashboard.listener.https.reuse_sessions = on
 ## See: 'listener.ssl.<name>.honor_cipher_order' in emq.conf
 ##
 ## Value: on | off
 ## dashboard.listener.https.honor_cipher_order = on
--- a/etc/emqx.d/emqx_management.conf
+++ b/etc/emqx.d/emqx_management.conf
@ -1,52 +0,0 @@
 ##--------------------------------------------------------------------
 ## EMQ X Management Plugin
 ##--------------------------------------------------------------------
 ## Max Row Limit
 management.max_row_limit = 10000
 ## Application default secret
 ##
 ## Value: String
 ## management.application.default_secret = public
 ## Default Application ID
 ##
 ## Value: String
 management.default_application.id = admin
 ## Default Application Secret
 ##
 ## Value: String
 management.default_application.secret = public
 ##--------------------------------------------------------------------
 ## HTTP Listener
 management.listener.http = 8081
 management.listener.http.acceptors = 2
 management.listener.http.max_clients = 512
 management.listener.http.backlog = 512
 management.listener.http.send_timeout = 15s
 management.listener.http.send_timeout_close = on
 management.listener.http.inet6 = false
 management.listener.http.ipv6_v6only = false
 ##--------------------------------------------------------------------
 ## HTTPS Listener
 ## management.listener.https = 8081
 ## management.listener.https.acceptors = 2
 ## management.listener.https.max_clients = 512
 ## management.listener.https.backlog = 512
 ## management.listener.https.send_timeout = 15s
 ## management.listener.https.send_timeout_close = on
 ## management.listener.https.certfile = etc/certs/cert.pem
 ## management.listener.https.keyfile = etc/certs/key.pem
 ## management.listener.https.cacertfile = etc/certs/cacert.pem
 ## management.listener.https.verify = verify_peer
 ## management.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1
 ## management.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 ## management.listener.https.fail_if_no_peer_cert = true
 ## management.listener.https.inet6 = false
 ## management.listener.https.ipv6_v6only = false
--- a/etc/emqx.d/emqx_recon.conf
+++ b/etc/emqx.d/emqx_recon.conf
@ -1,4 +0,0 @@
 ##--------------------------------------------------------------------
 ## Recon Plugin
 ##--------------------------------------------------------------------
--- a/etc/emqx.d/emqx_retainer.conf
+++ b/etc/emqx.d/emqx_retainer.conf
@ -1,41 +0,0 @@
 ##--------------------------------------------------------------------
 ## EMQ X Retainer
 ##--------------------------------------------------------------------
 ## Where to store the retained messages.
 ##
 ## Notice that all nodes in the same cluster have to be configured to
 ## use the same storage_type.
 ##
 ## Value: ram | disc | disc_only
 ##  - ram: memory only
 ##  - disc: both memory and disc
 ##  - disc_only: disc only
 ##
 ## Default: ram
 retainer.storage_type = ram
 ## Maximum number of retained messages. 0 means no limit.
 ##
 ## Value: Number >= 0
 retainer.max_retained_messages = 0
 ## Maximum retained message size.
 ##
 ## Value: Bytes
 retainer.max_payload_size = 1MB
 ## Expiry interval of the retained messages. Never expire if the value is 0.
 ##
 ## Value: Duration
 ##  - h: hour
 ##  - m: minute
 ##  - s: second
 ##
 ## Examples:
 ##  - 2h:  2 hours
 ##  - 30m: 30 minutes
 ##  - 20s: 20 seconds
 ##
 ## Defaut: 0
 retainer.expiry_interval = 0
--- a/etc/emqx.d/emqx_rule_engine.conf
+++ b/etc/emqx.d/emqx_rule_engine.conf
@ -1,42 +0,0 @@
 ##====================================================================
 ## Rule Engine for EMQ X R4.0
 ##====================================================================
 rule_engine.ignore_sys_message = on
 ## Event Messages
 ##
 ## If enabled (on), rule engine publishes the event as an MQTT message
 ## with topic='$events/<event-name>' on the occurrence of an emqx event.
 ##
 ## If disabled, rule engine stops publishing the event messages, but
 ## the event message can still be processed by the rule SQL. e.g. rule SQL:
 ##
 ##   SELECT * FROM "$events/client_connected"
 ##
 ## will still work even if 'rule_engine.events.client_connected' is set to 'off'
 ##
 ## EMQ Event to event message mapping:
 ##
 ##   - client.connected      -> $events/client_connected
 ##   - client.disconnected   -> $events/client_disconnected
 ##   - session.subscribed    -> $events/session_subscribed
 ##   - session.unsubscribed  -> $events/session_unsubscribed
 ##   - message.delivered     -> $events/message_delivered
 ##   - message.acked         -> $events/message_acked
 ##   - message.dropped       -> $events/message_dropped
 ##
 ## Config Value Format: Toggle, QoS-Level
 ##
 ## Toggle: on/off
 ##
 ## QoS-Level: qos0/qos1/qos2
 #rule_engine.events.client_connected = on, qos1
 rule_engine.events.client_connected = off
 rule_engine.events.client_disconnected = off
 rule_engine.events.session_subscribed = off
 rule_engine.events.session_unsubscribed = off
 rule_engine.events.message_delivered = off
 rule_engine.events.message_acked = off
 rule_engine.events.message_dropped = off
--- a/etc/emqx.d/emqx_sasl.conf
+++ b/etc/emqx.d/emqx_sasl.conf
--- a/etc/emqx.d/emqx_sn.conf
+++ b/etc/emqx.d/emqx_sn.conf
@ -1,53 +0,0 @@
 ##--------------------------------------------------------------------
 ## MQTT-SN
 ##--------------------------------------------------------------------
 ## The UDP port which emq-sn is listening on.
 ##
 ## Value: IP:Port | Port
 ##
 ## Examples: 1884, 127.0.0.1:1884, ::1:1884
 mqtt.sn.port = 1884
 ## The duration that emqx-sn broadcast ADVERTISE message through.
 ##
 ## Value: Duration
 mqtt.sn.advertise_duration = 15m
 ## The MQTT-SN Gateway id in ADVERTISE message.
 ##
 ## Value: Number
 mqtt.sn.gateway_id = 1
 ## To control whether write statistics data into ETS table for dashbord to read.
 ##
 ## Value: on | off
 mqtt.sn.enable_stats = off
 ## To control whether accept and process the received publish message with qos=-1.
 ##
 ## Value: on | off
 mqtt.sn.enable_qos3 = off
 ## MQTT SN idle timeout, specified in seconds.
 ##
 ## Value: Duration
 mqtt.sn.idle_timeout = 30s
 ## The pre-defined topic name corresponding to the pre-defined topic id of N.
 ## Note that the pre-defined topic id of 0 is reserved.
 mqtt.sn.predefined.topic.0 = reserved
 mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello
 mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice
 ## Default username for MQTT-SN. This parameter is optional. If specified,
 ## emq-sn will connect EMQ core with this username. It is useful if any auth
 ## plug-in is enabled.
 ##
 ## Value: String
 mqtt.sn.username = mqtt_sn_user
 ## This parameter is optional. Pair with username above.
 ##
 ## Value: String
 mqtt.sn.password = abc
--- a/etc/emqx.d/emqx_stomp.conf
+++ b/etc/emqx.d/emqx_stomp.conf
@ -1,123 +0,0 @@
 ##--------------------------------------------------------------------
 ## Stomp Plugin
 ##--------------------------------------------------------------------
 ##--------------------------------------------------------------------
 ## Stomp listener
 ## The Port that stomp listener will bind.
 ##
 ## Value: Port
 stomp.listener = 61613
 ## The acceptor pool for stomp listener.
 ##
 ## Value: Number
 stomp.listener.acceptors = 4
 ## Maximum number of concurrent stomp connections.
 ##
 ## Value: Number
 stomp.listener.max_connections = 512
 ## Whether to enable SSL.
 ##
 ## Value: on | off
 ## stomp.listener.ssl = off
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## Value: File
 ## stomp.listener.keyfile = etc/certs/key.pem
 ## Path to a file containing the user certificate.
 ##
 ## Value: File
 ## stomp.listener.certfile = etc/certs/cert.pem
 ## Path to the file containing PEM-encoded CA certificates.
 ##
 ## Value: File
 ## stomp.listener.cacertfile = etc/certs/cacert.pem
 ## See: 'listener.ssl.<name>.dhfile' in emq.conf
 ##
 ## Value: File
 ## stomp.listener.dhfile = etc/certs/dh-params.pem
 ## See: 'listener.ssl.<name>.vefify' in emq.conf
 ##
 ## Value: vefify_peer | verify_none
 ## stomp.listener.verify = verify_peer
 ## See: 'listener.ssl.<name>.fail_if_no_peer_cert' in emq.conf
 ##
 ## Value: false | true
 ## stomp.listener.fail_if_no_peer_cert = true
 ## TLS versions only to protect from POODLE attack.
 ##
 ## Value: String, seperated by ','
 ## stomp.listener.tls_versions = tlsv1.2,tlsv1.1,tlsv1
 ## SSL Handshake timeout.
 ##
 ## Value: Duration
 ## stomp.listener.handshake_timeout = 15s
 ## See: 'listener.ssl.<name>.ciphers' in emq.conf
 ##
 ## Value: Ciphers
 ## stomp.listener.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 ## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
 ##
 ## Value: on | off
 ## stomp.listener.secure_renegotiate = off
 ## See: 'listener.ssl.<name>.reuse_sessions' in emq.conf
 ##
 ## Value: on | off
 ## stomp.listener.reuse_sessions = on
 ## See: 'listener.ssl.<name>.honor_cipher_order' in emq.conf
 ##
 ## Value: on | off
 ## stomp.listener.honor_cipher_order = on
 ##--------------------------------------------------------------------
 ## Stomp login user and password
 ## Default login user
 ##
 ## Value: String
 stomp.default_user.login = guest
 ## Default login password
 ##
 ## Value: String
 stomp.default_user.passcode = guest
 ## Allow anonymous authentication.
 ##
 ## Value: true | false
 stomp.allow_anonymous = true
 ##--------------------------------------------------------------------
 ## Stomp frame
 ## Maximum numbers of frame headers.
 ##
 ## Value: Number
 stomp.frame.max_headers = 10
 ## Maximum length of frame header.
 ##
 ## Value: Number
 stomp.frame.max_header_length = 1024
 ## Maximum body length of frame.
 ##
 ## Value: Number
 stomp.frame.max_body_length = 8192
--- a/etc/emqx.d/emqx_telemetry.conf
+++ b/etc/emqx.d/emqx_telemetry.conf
@ -1,28 +0,0 @@
 ##--------------------------------------------------------------------
 ## Telemetry
 ##--------------------------------------------------------------------
 ## Enable telemetry
 ##
 ## Value: true | false
 ##
 ## Default: true
 telemetry.enabled = true
 ## The destination URL for the telemetry data report
 ##
 ## Value: String
 ##
 ## Default: https://telemetry.emqx.io/api/telemetry
 telemetry.url = https://telemetry.emqx.io/api/telemetry
 ## Interval for reporting telemetry data
 ##
 ## Value: Duration
 ## -d: day
 ## -h: hour
 ## -m: minute
 ## -s: second
 ##
 ## Default: 7d
 telemetry.report_interval = 7d
--- a/etc/emqx.d/emqx_web_hook.conf
+++ b/etc/emqx.d/emqx_web_hook.conf
@ -1,66 +0,0 @@
 ##====================================================================
 ## WebHook
 ##====================================================================
 ## The web services URL for Hook request
 ##
 ## Value: String
 web.hook.api.url = http://127.0.0.1:8080
 ##--------------------------------------------------------------------
 ## HTTP Request Headers
 ##
 ## The header params what you extra need
 ## Format:
 ##    web.hook.headers.<param> = your-param
 ## Example:
 ## 1. web.hook.headers.token = your-token
 ## 2. web.hook.headers.other = others-param
 ##
 ## Value: String
 ## web.hook.headers.token = your-token
 ##--------------------------------------------------------------------
 ## Encode message payload field
 ##
 ## Value: base64 | base62
 ## web.hook.encode_payload = base64
 ## Mysql ssl configuration.
 ##
 ## Value: on | off
 ## web.hook.ssl = off
 ##--------------------------------------------------------------------
 ## CA certificate.
 ##
 ## Value: File
 ## web.hook.ssl.cafile  = path to your ca file
 ## Client ssl certificate.
 ##
 ## Value: File
 ## web.hook.ssl.certfile = path to your clientcert file
 ##--------------------------------------------------------------------
 ## Client ssl keyfile.
 ##
 ## Value: File
 ## web.hook.ssl.keyfile = path to your clientkey file
 ##--------------------------------------------------------------------
 ## Hook Rules
 ## These configuration items represent a list of events should be forwarded
 ##
 ## Format:
 ##   web.hook.rule.<HookName>.<No> = <Spec>
 #web.hook.rule.client.connect.1       = {"action": "on_client_connect"}
 #web.hook.rule.client.connack.1       = {"action": "on_client_connack"}
 #web.hook.rule.client.connected.1     = {"action": "on_client_connected"}
 #web.hook.rule.client.disconnected.1  = {"action": "on_client_disconnected"}
 #web.hook.rule.client.subscribe.1     = {"action": "on_client_subscribe"}
 #web.hook.rule.client.unsubscribe.1   = {"action": "on_client_unsubscribe"}
 #web.hook.rule.session.subscribed.1   = {"action": "on_session_subscribed"}
 #web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
 #web.hook.rule.session.terminated.1   = {"action": "on_session_terminated"}
 #web.hook.rule.message.publish.1      = {"action": "on_message_publish"}
 #web.hook.rule.message.delivered.1    = {"action": "on_message_delivered"}
 #web.hook.rule.message.acked.1        = {"action": "on_message_acked"}
--- a/etc/emqx_cloud.d/emqx_auth_ldap.conf
+++ b/etc/emqx_cloud.d/emqx_auth_ldap.conf
@ -1,78 +0,0 @@
 ##--------------------------------------------------------------------
 ## LDAP Auth Plugin
 ##--------------------------------------------------------------------
 ## LDAP server list, seperated by ','.
 ##
 ## Value: String
 auth.ldap.servers = 127.0.0.1
 ## LDAP server port.
 ##
 ## Value: Port
 auth.ldap.port = 389
 ## LDAP pool size
 ##
 ## Value: String
 auth.ldap.pool = 8
 ## LDAP Bind DN.
 ##
 ## Value: DN
 auth.ldap.bind_dn = cn=root,dc=emqx,dc=io
 ## LDAP Bind Password.
 ##
 ## Value: String
 auth.ldap.bind_password = public
 ## LDAP query timeout.
 ##
 ## Value: Number
 auth.ldap.timeout = 30s
 ## Device DN.
 ##
 ## Variables:
 ##
 ## Value: DN
 auth.ldap.device_dn = ou=device,dc=emqx,dc=io
 ## Specified ObjectClass
 ##
 ## Variables:
 ##
 ## Value: string
 auth.ldap.match_objectclass = mqttUser
 ## attributetype for username
 ##
 ## Variables:
 ##
 ## Value: string
 auth.ldap.username.attributetype = uid
 ## attributetype for password
 ##
 ## Variables:
 ##
 ## Value: string
 auth.ldap.password.attributetype = userPassword
 ## Whether to enable SSL.
 ##
 ## Value: true | false
 auth.ldap.ssl = false
 #auth.ldap.ssl.certfile = etc/certs/cert.pem
 #auth.ldap.ssl.keyfile = etc/certs/key.pem
 #auth.ldap.ssl.cacertfile = etc/certs/cacert.pem
 #auth.ldap.ssl.verify = verify_peer
 #auth.ldap.ssl.fail_if_no_peer_cert = true
 #auth.ldap.ssl.server_name_indication = your_server_name
--- a/etc/emqx_cloud.d/emqx_auth_mongo.conf
+++ b/etc/emqx_cloud.d/emqx_auth_mongo.conf
@ -1,172 +0,0 @@
 ##--------------------------------------------------------------------
 ## MongoDB Auth/ACL Plugin
 ##--------------------------------------------------------------------
 ## MongoDB Topology Type.
 ##
 ## Value: single | unknown | sharded | rs
 auth.mongo.type = single
 ## The set name if type is rs.
 ##
 ## Value: String
 ## auth.mongo.rs_set_name =
 ## MongoDB server list.
 ##
 ## Value: String
 ##
 ## Examples: 127.0.0.1:27017,127.0.0.2:27017...
 auth.mongo.server = 127.0.0.1:27017
 ## MongoDB pool size
 ##
 ## Value: Number
 auth.mongo.pool = 8
 ## MongoDB login user.
 ##
 ## Value: String
 ## auth.mongo.login =
 ## MongoDB password.
 ##
 ## Value: String
 ## auth.mongo.password =
 ## MongoDB AuthSource
 ##
 ## Value: String
 ## Default: mqtt
 ## auth.mongo.auth_source = admin
 ## MongoDB database
 ##
 ## Value: String
 auth.mongo.database = mqtt
 ## MongoDB query timeout
 ##
 ## Value: Duration
 ## auth.mongo.query_timeout = 5s
 ## Whether to enable SSL connection.
 ##
 ## Value: true | false
 ## auth.mongo.ssl = false
 ## SSL keyfile.
 ##
 ## Value: File
 ## auth.mongo.ssl_opts.keyfile =
 ## SSL certfile.
 ##
 ## Value: File
 ## auth.mongo.ssl_opts.certfile =
 ## SSL cacertfile.
 ##
 ## Value: File
 ## auth.mongo.ssl_opts.cacertfile =
 ## MongoDB write mode.
 ##
 ## Value: unsafe | safe
 ## auth.mongo.w_mode =
 ## Mongo read mode.
 ##
 ## Value: master | slave_ok
 ## auth.mongo.r_mode =
 ## MongoDB topology options.
 auth.mongo.topology.pool_size = 1
 auth.mongo.topology.max_overflow = 0
 ## auth.mongo.topology.overflow_ttl = 1000
 ## auth.mongo.topology.overflow_check_period = 1000
 ## auth.mongo.topology.local_threshold_ms = 1000
 ## auth.mongo.topology.connect_timeout_ms = 20000
 ## auth.mongo.topology.socket_timeout_ms = 100
 ## auth.mongo.topology.server_selection_timeout_ms = 30000
 ## auth.mongo.topology.wait_queue_timeout_ms = 1000
 ## auth.mongo.topology.heartbeat_frequency_ms = 10000
 ## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
 ## -------------------------------------------------
 ## Auth Query
 ## -------------------------------------------------
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256 | bcrypt
 auth.mongo.auth_query.password_hash = sha256
 ## sha256 with salt suffix
 ## auth.mongo.auth_query.password_hash = sha256,salt
 ## sha256 with salt prefix
 ## auth.mongo.auth_query.password_hash = salt,sha256
 ## bcrypt with salt prefix
 ## auth.mongo.auth_query.password_hash = salt,bcrypt
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
 ## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
 ## Authentication query.
 auth.mongo.auth_query.collection = mqtt_user
 ## Password mainly fields
 ##
 ## Value:  password | password,salt
 auth.mongo.auth_query.password_field = password
 ## Authentication Selector.
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 ## auth.mongo.auth_query.selector = {Field}={Placeholder}
 auth.mongo.auth_query.selector = username=%u
 ## -------------------------------------------------
 ## Super User Query
 ## -------------------------------------------------
 auth.mongo.super_query.collection = mqtt_user
 auth.mongo.super_query.super_field = is_superuser
 #auth.mongo.super_query.selector = username=%u, clientid=%c
 auth.mongo.super_query.selector = username=%u
 ## ACL Selector.
 ##
 ## Multiple selectors could be combined with '$or'
 ##   when query acl from mongo.
 ##
 ## e.g.
 ##
 ## With following 2 selectors configured:
 ##
 ## auth.mongo.acl_query.selector.1 = username=%u
 ## auth.mongo.acl_query.selector.2 = username=$all
 ##
 ## And if a client connected using username 'ilyas',
 ##   then the following mongo command will be used to
 ##   retrieve acl entries:
 ##
 ## db.mqtt_acl.find({$or: [{username: "ilyas"},  {username: "$all"}]});
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##
 ## Examples:
 ##
 ## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c
 ## auth.mongo.acl_query.selector.2 = username=$all
 ## auth.mongo.acl_query.selector.3 = clientid=$all
 auth.mongo.acl_query.collection = mqtt_acl
 auth.mongo.acl_query.selector = username=%u
--- a/etc/emqx_cloud.d/emqx_auth_pgsql.conf
+++ b/etc/emqx_cloud.d/emqx_auth_pgsql.conf
@ -1,110 +0,0 @@
 ##--------------------------------------------------------------------
 ## PostgreSQL Auth/ACL Plugin
 ##--------------------------------------------------------------------
 ## PostgreSQL server address.
 ##
 ## Value: Port | IP:Port
 ##
 ## Examples: 5432, 127.0.0.1:5432, localhost:5432
 auth.pgsql.server = 127.0.0.1:5432
 ## PostgreSQL pool size.
 ##
 ## Value: Number
 auth.pgsql.pool = 8
 ## PostgreSQL username.
 ##
 ## Value: String
 auth.pgsql.username = root
 ## PostgreSQL password.
 ##
 ## Value: String
 ## auth.pgsql.password =
 ## PostgreSQL database.
 ##
 ## Value: String
 auth.pgsql.database = mqtt
 ## PostgreSQL database encoding.
 ##
 ## Value: String
 auth.pgsql.encoding = utf8
 ## Whether to enable SSL connection.
 ##
 ## Value: true | false
 auth.pgsql.ssl = false
 ## SSL keyfile.
 ##
 ## Value: File
 ## auth.pgsql.ssl_opts.keyfile =
 ## SSL certfile.
 ##
 ## Value: File
 ## auth.pgsql.ssl_opts.certfile =
 ## SSL cacertfile.
 ##
 ## Value: File
 ## auth.pgsql.ssl_opts.cacertfile =
 ## Authentication query.
 ##
 ## Value: SQL
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256 | bcrypt
 auth.pgsql.password_hash = sha256
 ## sha256 with salt prefix
 ## auth.pgsql.password_hash = salt,sha256
 ## sha256 with salt suffix
 ## auth.pgsql.password_hash = sha256,salt
 ## bcrypt with salt prefix
 ## auth.pgsql.password_hash = salt,bcrypt
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
 ## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
 ## Superuser query.
 ##
 ## Value: SQL
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
 ## ACL query. Comment this query, the ACL will be disabled.
 ##
 ## Value: SQL
 ##
 ## Variables:
 ##  - %a: ipaddress
 ##  - %u: username
 ##  - %c: clientid
 ##
 ## Note: You can add the 'ORDER BY' statement to control the rules match order
 auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
--- a/etc/emqx_cloud.d/emqx_auth_redis.conf
+++ b/etc/emqx_cloud.d/emqx_auth_redis.conf
@ -1,97 +0,0 @@
 ##--------------------------------------------------------------------
 ## Redis Auth/ACL Plugin
 ##--------------------------------------------------------------------
 ## Redis Server cluster type
 ## single    Single redis server
 ## sentinel  Redis cluster through sentinel
 ## cluster   Redis through cluster
 auth.redis.type = single
 ## Redis server address.
 ##
 ## Value: Port | IP:Port
 ##
 ## Single Redis Server: 127.0.0.1:6379, localhost:6379
 ## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
 ## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379
 auth.redis.server = 127.0.0.1:6379
 ## Redis sentinel cluster name.
 ##
 ## Value: String
 ## auth.redis.sentinel = mymaster
 ## Redis pool size.
 ##
 ## Value: Number
 auth.redis.pool = 8
 ## Redis database no.
 ##
 ## Value: Number
 auth.redis.database = 0
 ## Redis password.
 ##
 ## Value: String
 ## auth.redis.password =
 ## Redis query timeout
 ##
 ## Value: Duration
 ## auth.redis.query_timeout = 5s
 ## Authentication query command.
 ##
 ## Value: Redis cmd
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 ##
 ## Examples:
 ##  - HGET mqtt_user:%u password
 ##  - HMGET mqtt_user:%u password
 ##  - HMGET mqtt_user:%u password salt
 auth.redis.auth_cmd = HMGET mqtt_user:%u password
 ## Password hash.
 ##
 ## Value: plain | md5 | sha | sha256 | bcrypt
 auth.redis.password_hash = plain
 ## sha256 with salt prefix
 ## auth.redis.password_hash = salt,sha256
 ## sha256 with salt suffix
 ## auth.redis.password_hash = sha256,salt
 ## bcrypt with salt prefix
 ## auth.redis.password_hash = salt,bcrypt
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
 ## auth.redis.password_hash = pbkdf2,sha256,1000,20
 ## Superuser query command.
 ##
 ## Value: Redis cmd
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 ##  - %C: common name of client TLS cert
 ##  - %d: subject of client TLS cert
 auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
 ## ACL query command.
 ##
 ## Value: Redis cmd
 ##
 ## Variables:
 ##  - %u: username
 ##  - %c: clientid
 auth.redis.acl_cmd = HGETALL mqtt_acl:%u
--- a/etc/emqx_cloud.d/emqx_exhook.conf
+++ b/etc/emqx_cloud.d/emqx_exhook.conf
@ -1,15 +0,0 @@
 ##====================================================================
 ## EMQ X Hooks
 ##====================================================================
 ##--------------------------------------------------------------------
 ## Server Address
 ## The gRPC server url
 ##
 ## exhook.server.$name.url = url()
 exhook.server.default.url = http://127.0.0.1:9000
 #exhook.server.default.ssl.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 #exhook.server.default.ssl.certfile = {{ platform_etc_dir }}/certs/cert.pem
 #exhook.server.default.ssl.keyfile = {{ platform_etc_dir }}/certs/key.pem
--- a/etc/emqx_cloud.d/emqx_exproto.conf
+++ b/etc/emqx_cloud.d/emqx_exproto.conf
@ -1,252 +0,0 @@
 ##====================================================================
 ## EMQ X ExProto
 ##====================================================================
 exproto.server.http.port = 9100
 exproto.server.https.port = 9101
 exproto.server.https.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 exproto.server.https.certfile = {{ platform_etc_dir }}/certs/cert.pem
 exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem
 ##--------------------------------------------------------------------
 ## Listeners
 ##--------------------------------------------------------------------
 ##--------------------------------------------------------------------
 ## MQTT/TCP - External TCP Listener for MQTT Protocol
 ## The IP address and port that the listener will bind.
 ##
 ## Value: <tcp|ssl|udp|dtls>://<ip>:<port>
 ##
 ## Examples: tcp://0.0.0.0:7993 | ssl://127.0.0.1:7994
 exproto.listener.protoname = tcp://0.0.0.0:7993
 ## The ConnectionHandler server address
 ##
 exproto.listener.protoname.connection_handler_url = http://127.0.0.1:9001
 #exproto.listener.protoname.connection_handler_certfile =
 #exproto.listener.protoname.connection_handler_cacertfile =
 #exproto.listener.protoname.connection_handler_keyfile =
 ## The acceptor pool for external MQTT/TCP listener.
 ##
 ## Value: Number
 exproto.listener.protoname.acceptors = 8
 ## Maximum number of concurrent MQTT/TCP connections.
 ##
 ## Value: Number
 exproto.listener.protoname.max_connections = 1024000
 ## Maximum external connections per second.
 ##
 ## Value: Number
 exproto.listener.protoname.max_conn_rate = 1000
 ## Specify the {active, N} option for the external MQTT/TCP Socket.
 ##
 ## Value: Number
 exproto.listener.protoname.active_n = 100
 ## Idle timeout
 ##
 ## Value: Duration
 exproto.listener.protoname.idle_timeout = 30s
 ## The access control rules for the MQTT/TCP listener.
 ##
 ## See: https://github.com/emqtt/esockd#allowdeny
 ##
 ## Value: ACL Rule
 ##
 ## Example: allow 192.168.0.0/24
 exproto.listener.protoname.access.1 = allow all
 ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
 ## behind HAProxy or Nginx.
 ##
 ## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
 ##
 ## Value: on | off
 ## exproto.listener.protoname.proxy_protocol = on
 ## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
 ## if no proxy protocol packet recevied within the timeout.
 ##
 ## Value: Duration
 #exproto.listener.protoname.proxy_protocol_timeout = 3s
 ## The TCP backlog defines the maximum length that the queue of pending
 ## connections can grow to.
 ##
 ## Value: Number >= 0
 exproto.listener.protoname.backlog = 1024
 ## The TCP send timeout for external MQTT connections.
 ##
 ## Value: Duration
 exproto.listener.protoname.send_timeout = 15s
 ## Close the TCP connection if send timeout.
 ##
 ## Value: on | off
 exproto.listener.protoname.send_timeout_close = on
 ## The TCP receive buffer(os kernel) for MQTT connections.
 ##
 ## See: http://erlang.org/doc/man/inet.html
 ##
 ## Value: Bytes
 #exproto.listener.protoname.recbuf = 2KB
 ## The TCP send buffer(os kernel) for MQTT connections.
 ##
 ## See: http://erlang.org/doc/man/inet.html
 ##
 ## Value: Bytes
 #exproto.listener.protoname.sndbuf = 2KB
 ## The size of the user-level software buffer used by the driver.
 ## Not to be confused with options sndbuf and recbuf, which correspond
 ## to the Kernel socket buffers. It is recommended to have val(buffer)
 ## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because
 ## of unnecessary copying. val(buffer) is automatically set to the above
 ## maximum when values sndbuf or recbuf are set.
 ##
 ## See: http://erlang.org/doc/man/inet.html
 ##
 ## Value: Bytes
 #exproto.listener.protoname.buffer = 2KB
 ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
 ##
 ## Value: on | off
 #exproto.listener.protoname.tune_buffer = off
 ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
 ## sent immediately if the option is enabled.
 ##
 ## Value: true | false
 exproto.listener.protoname.nodelay = true
 ## The SO_REUSEADDR flag for TCP listener.
 ##
 ## Value: true | false
 exproto.listener.protoname.reuseaddr = true
 ##--------------------------------------------------------------------
 ## TLS/DTLS options
 ## TLS versions only to protect from POODLE attack.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: String, seperated by ','
 #exproto.listener.protoname.tls_versions = tlsv1.2,tlsv1.1,tlsv1
 ## Path to the file containing the user's private PEM-encoded key.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: File
 #exproto.listener.protoname.keyfile = {{ platform_etc_dir }}/certs/key.pem
 ## Path to a file containing the user certificate.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: File
 #exproto.listener.protoname.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## Path to the file containing PEM-encoded CA certificates. The CA certificates
 ## are used during server authentication and when building the client certificate chain.
 ##
 ## Value: File
 #exproto.listener.protoname.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 ## The Ephemeral Diffie-Helman key exchange is a very effective way of
 ## ensuring Forward Secrecy by exchanging a set of keys that never hit
 ## the wire. Since the DH key is effectively signed by the private key,
 ## it needs to be at least as strong as the private key. In addition,
 ## the default DH groups that most of the OpenSSL installations have
 ## are only a handful (since they are distributed with the OpenSSL
 ## package that has been built for the operating system it’s running on)
 ## and hence predictable (not to mention, 1024 bits only).
 ## In order to escape this situation, first we need to generate a fresh,
 ## strong DH group, store it in a file and then use the option above,
 ## to force our SSL application to use the new DH group. Fortunately,
 ## OpenSSL provides us with a tool to do that. Simply run:
 ## openssl dhparam -out dh-params.pem 2048
 ##
 ## Value: File
 #exproto.listener.protoname.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
 ## A server only does x509-path validation in mode verify_peer,
 ## as it then sends a certificate request to the client (this
 ## message is not sent if the verify option is verify_none).
 ## You can then also want to specify option fail_if_no_peer_cert.
 ## More information at: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: verify_peer | verify_none
 #exproto.listener.protoname.verify = verify_peer
 ## Used together with {verify, verify_peer} by an SSL server. If set to true,
 ## the server fails if the client does not have a certificate to send, that is,
 ## sends an empty certificate.
 ##
 ## Value: true | false
 #exproto.listener.protoname.fail_if_no_peer_cert = true
 ## This is the single most important configuration option of an Erlang SSL
 ## application. Ciphers (and their ordering) define the way the client and
 ## server encrypt information over the wire, from the initial Diffie-Helman
 ## key exchange, the session key encryption ## algorithm and the message
 ## digest algorithm. Selecting a good cipher suite is critical for the
 ## application’s data security, confidentiality and performance.
 ##
 ## The cipher list above offers:
 ##
 ## A good balance between compatibility with older browsers.
 ## It can get stricter for Machine-To-Machine scenarios.
 ## Perfect Forward Secrecy.
 ## No old/insecure encryption and HMAC algorithms
 ##
 ## Most of it was copied from Mozilla’s Server Side TLS article
 ##
 ## Value: Ciphers
 #exproto.listener.protoname.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 ## Ciphers for TLS PSK.
 ## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
 ## be configured at the same time.
 ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
 #exproto.listener.protoname.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 ## SSL parameter renegotiation is a feature that allows a client and a server
 ## to renegotiate the parameters of the SSL connection on the fly.
 ## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
 ## you drop support for the insecure renegotiation, prone to MitM attacks.
 ##
 ## Value: on | off
 #exproto.listener.protoname.secure_renegotiate = off
 ## A performance optimization setting, it allows clients to reuse
 ## pre-existing sessions, instead of initializing new ones.
 ## Read more about it here.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: on | off
 #exproto.listener.protoname.reuse_sessions = on
 ## An important security setting, it forces the cipher to be set based
 ## on the server-specified order instead of the client-specified order,
 ## hence enforcing the (usually more properly configured) security
 ## ordering of the server administrator.
 ##
 ## Value: on | off
 #exproto.listener.protoname.honor_cipher_order = on
--- a/etc/emqx_cloud.d/emqx_lua_hook.conf
+++ b/etc/emqx_cloud.d/emqx_lua_hook.conf
@ -1,4 +0,0 @@
 ##--------------------------------------------------------------------
 ## EMQ X Lua Hook
 ##--------------------------------------------------------------------
--- a/etc/emqx_cloud.d/emqx_lwm2m.conf
+++ b/etc/emqx_cloud.d/emqx_lwm2m.conf
@ -1,136 +0,0 @@
 ##--------------------------------------------------------------------
 ## LwM2M Gateway
 ##--------------------------------------------------------------------
 ##--------------------------------------------------------------------
 ## Protocols
 # To Limit the range of lifetime, in seconds
 lwm2m.lifetime_min = 1s
 lwm2m.lifetime_max = 86400s
 # The time window for Q Mode, indicating that after how long time
 #   the downlink commands sent to the client will be cached.
 #lwm2m.qmode_time_window = 22
 # Auto send observer command to device
 # on | off
 #lwm2m.auto_observe = off
 # The topic subscribed by the lwm2m client after it is connected
 # Placeholders supported:
 #    '%e': Endpoint Name
 #    '%a': IP Address
 lwm2m.mountpoint = lwm2m/%e/
 # The topic subscribed by the lwm2m client after it is connected
 # Placeholders supported:
 #    '%e': Endpoint Name
 #    '%a': IP Address
 lwm2m.topics.command = dn/#
 # The topic to which the lwm2m client's response is published
 lwm2m.topics.response = up/resp
 # The topic to which the lwm2m client's notify message is published
 lwm2m.topics.notify = up/notify
 # The topic to which the lwm2m client's register message is published
 lwm2m.topics.register = up/resp
 # The topic to which the lwm2m client's update message is published
 lwm2m.topics.update = up/resp
 # Dir where the object definition files can be found
 lwm2m.xml_dir =  {{ platform_etc_dir }}/lwm2m_xml
 ##--------------------------------------------------------------------
 ## UDP Listener options
 ## The IP and port of the LwM2M Gateway
 ##
 ## Default: 0.0.0.0:5683
 ## Examples:
 ##     lwm2m.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683
 lwm2m.bind.udp.1 = 0.0.0.0:5683
 #lwm2m.bind.udp.2 = 0.0.0.0:6683
 ## Socket options, used for performance tuning
 ##
 ## Examples:
 ##     lwm2m.opts.$name = $value
 ## See: https://erlang.org/doc/man/gen_udp.html#type-option
 lwm2m.opts.buffer = 1024KB
 lwm2m.opts.recbuf = 1024KB
 lwm2m.opts.sndbuf = 1024KB
 lwm2m.opts.read_packets = 20
 ##--------------------------------------------------------------------
 ## DTLS Listener Options
 ## The DTLS port that LwM2M is listening on.
 ##
 ## Default: 0.0.0.0:5684
 ##
 ## Examples:
 ##    lwm2m.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684
 ##
 lwm2m.bind.dtls.1 = 0.0.0.0:5684
 #lwm2m.bind.dtls.2 = 0.0.0.0:6684
 ## A server only does x509-path validation in mode verify_peer,
 ## as it then sends a certificate request to the client (this
 ## message is not sent if the verify option is verify_none).
 ## You can then also want to specify option fail_if_no_peer_cert.
 ## More information at: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: verify_peer | verify_none
 #lwm2m.dtls.verify = verify_peer
 ## Private key file for DTLS
 ##
 ## Value: File
 lwm2m.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem
 ## Server certificate for DTLS.
 ##
 ## Value: File
 lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## PEM-encoded CA certificates for DTLS
 ##
 ## Value: File
 #lwm2m.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 ## Used together with {verify, verify_peer} by an SSL server. If set to true,
 ## the server fails if the client does not have a certificate to send, that is,
 ## sends an empty certificate.
 ##
 ## Value: true | false
 #lwm2m.dtls.fail_if_no_peer_cert = false
 ## This is the single most important configuration option of an Erlang SSL
 ## application. Ciphers (and their ordering) define the way the client and
 ## server encrypt information over the wire, from the initial Diffie-Helman
 ## key exchange, the session key encryption ## algorithm and the message
 ## digest algorithm. Selecting a good cipher suite is critical for the
 ## application’s data security, confidentiality and performance.
 ##
 ## The cipher list above offers:
 ##
 ## A good balance between compatibility with older browsers.
 ## It can get stricter for Machine-To-Machine scenarios.
 ## Perfect Forward Secrecy.
 ## No old/insecure encryption and HMAC algorithms
 ##
 ## Most of it was copied from Mozilla’s Server Side TLS article
 ##
 ## Value: Ciphers
 lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
 ## Ciphers for TLS PSK.
 ##
 ## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot
 ## be configured at the same time.
 ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
 #lwm2m.dtls.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
--- a/etc/emqx_cloud.d/emqx_prometheus.conf
+++ b/etc/emqx_cloud.d/emqx_prometheus.conf
@ -1,13 +0,0 @@
 ##--------------------------------------------------------------------
 ## emqx_prometheus for EMQ X
 ##--------------------------------------------------------------------
 ## The Prometheus Push Gateway URL address
 ##
 ## Note: You can comment out this line to disable it
 prometheus.push.gateway.server = http://127.0.0.1:9091
 ## The metrics data push interval (millisecond)
 ##
 ## Default: 15000
 prometheus.interval = 15000
--- a/etc/emqx_cloud.d/emqx_psk_file.conf
+++ b/etc/emqx_cloud.d/emqx_psk_file.conf
@ -1,2 +0,0 @@
 psk.file.path = {{ platform_etc_dir }}/psk.txt
 psk.file.delimiter = :
--- a/etc/emqx_edge.d/vm.args.edge
+++ b/etc/emqx_edge.d/vm.args.edge
--- a/etc/vm.args
+++ b/etc/vm.args
@ -1,115 +0,0 @@
 ######################################################################
 ## Erlang VM Args for EMQ X Broker
 ######################################################################
 ## NOTE:
 ##
 ## Arguments configured in this file might be overridden by configs from `emqx.conf`.
 ##
 ## Some basic VM arguments are to be configured in `emqx.conf`,
 ## such as `node.name` for `-name` and `node.cooke` for `-setcookie`.
 ## Sets the maximum number of simultaneously existing processes for this system.
 +P 2097152
 ## Sets the maximum number of simultaneously existing ports for this system.
 +Q 1048576
 ## Sets the maximum number of ETS tables
 +e 262144
 ## Sets the maximum number of atoms the virtual machine can handle.
 #+t 1048576
 ## Set the location of crash dumps
 #-env ERL_CRASH_DUMP {{ platform_log_dir }}/crash.dump
 ## Set how many times generational garbages collections can be done without
 ## forcing a fullsweep collection.
 -env ERL_FULLSWEEP_AFTER 1000
 ## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
 ## (Disabled by default..use with caution!)
 #-heart
 ## Specify the erlang distributed protocol.
 ## Can be one of: inet_tcp, inet6_tcp, inet_tls
 #-proto_dist inet_tcp
 ## Specify SSL Options in the file if using SSL for Erlang Distribution.
 ## Used only when -proto_dist set to inet_tls
 #-ssl_dist_optfile {{ platform_etc_dir }}/ssl_dist.conf
 ## Specifies the net_kernel tick time in seconds.
 ## This is the approximate time a connected node may be unresponsive until
 ## it is considered down and thereby disconnected.
 -kernel net_ticktime 120
 ## Sets the distribution buffer busy limit (dist_buf_busy_limit).
 #+zdbbl 8192
 ## Sets default scheduler hint for port parallelism.
 +spp true
 ## Sets the number of threads in async thread pool. Valid range is 0-1024.
 ## Increase the parameter if there are many simultaneous file I/O operations.
 +A 4
 ## Sets the default heap size of processes to the size Size.
 #+hms 233
 ## Sets the default binary virtual heap size of processes to the size Size.
 #+hmbs 46422
 ## Sets the default maximum heap size of processes to the size Size.
 ## Defaults to 0, which means that no maximum heap size is used.
 ##For more information, see process_flag(max_heap_size, MaxHeapSize).
 #+hmax 0
 ## Sets the default value for process flag message_queue_data. Defaults to on_heap.
 #+hmqd on_heap | off_heap
 ## Sets the number of IO pollsets to use when polling for I/O.
 #+IOp 1
 ## Sets the number of IO poll threads to use when polling for I/O.
 ## Increase this for the busy systems with many concurrent connection.
 +IOt 4
 ## Sets the number of scheduler threads to create and scheduler threads to set online.
 #+S 8:8
 ## Sets the number of dirty CPU scheduler threads to create and dirty CPU scheduler threads to set online.
 #+SDcpu 8:8
 ## Sets the number of dirty I/O scheduler threads to create.
 +SDio 8
 ## Suggested stack size, in kilowords, for scheduler threads.
 #+sss 32
 ## Suggested stack size, in kilowords, for dirty CPU scheduler threads.
 #+sssdcpu 40
 ## Suggested stack size, in kilowords, for dirty IO scheduler threads.
 #+sssdio 40
 ## Sets scheduler bind type.
 ## Can be one of: u, ns, ts, ps, s, nnts, nnps, tnnps, db
 #+sbt db
 ## Sets a user-defined CPU topology.
 #+sct L0-3c0-3p0N0:L4-7c0-3p1N1
 ## Sets the mapping of warning messages for error_logger
 #+W w
 ## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp
 #+C no_time_warp
 ## Prevents loading information about source filenames and line numbers.
 #+L
 ## Specifies how long time (in milliseconds) to spend shutting down the system.
 ## See: http://erlang.org/doc/man/erl.html
 -shutdown_time 30000
--- a/etc/vm.args.edge
+++ b/etc/vm.args.edge
@ -1,114 +0,0 @@
 ######################################################################
 ## Erlang VM Args for EMQ X Edge
 ######################################################################
 ## NOTE:
 ##
 ## Arguments configured in this file might be overridden by configs from `emqx.conf`.
 ##
 ## Some basic VM arguments are to be configured in `emqx.conf`,
 ## such as `node.name` for `-name` and `node.cooke` for `-setcookie`.
 ## Sets the maximum number of simultaneously existing processes for this system.
 +P 16384
 ## Sets the maximum number of simultaneously existing ports for this system.
 +Q 4096
 ## Sets the maximum number of ETS tables
 +e 512
 ## Sets the maximum number of atoms the virtual machine can handle.
 +t 262144
 ## Set the location of crash dumps
 -env ERL_CRASH_DUMP {{ platform_log_dir }}/crash.dump
 ## Set how many times generational garbages collections can be done without
 ## forcing a fullsweep collection.
 -env ERL_FULLSWEEP_AFTER 0
 ## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
 ## (Disabled by default..use with caution!)
 -heart
 ## Specify the erlang distributed protocol.
 ## Can be one of: inet_tcp, inet6_tcp, inet_tls
 #-proto_dist inet_tcp
 ## Specify SSL Options in the file if using SSL for Erlang Distribution.
 ## Used only when -proto_dist set to inet_tls
 #-ssl_dist_optfile {{ platform_etc_dir }}/ssl_dist.conf
 ## Specifies the net_kernel tick time in seconds.
 ## This is the approximate time a connected node may be unresponsive until
 ## it is considered down and thereby disconnected.
 #-kernel net_ticktime 60
 ## Sets the distribution buffer busy limit (dist_buf_busy_limit).
 +zdbbl 1024
 ## Sets default scheduler hint for port parallelism.
 +spp false
 ## Sets the number of threads in async thread pool. Valid range is 0-1024.
 ## Increase the parameter if there are many simultaneous file I/O operations.
 +A 1
 ## Sets the default heap size of processes to the size Size.
 #+hms 233
 ## Sets the default binary virtual heap size of processes to the size Size.
 #+hmbs 46422
 ## Sets the default maximum heap size of processes to the size Size.
 ## Defaults to 0, which means that no maximum heap size is used.
 ##For more information, see process_flag(max_heap_size, MaxHeapSize).
 #+hmax 0
 ## Sets the default value for process flag message_queue_data. Defaults to on_heap.
 #+hmqd on_heap | off_heap
 ## Sets the number of IO pollsets to use when polling for I/O.
 +IOp 1
 ## Sets the number of IO poll threads to use when polling for I/O.
 +IOt 1
 ## Sets the number of scheduler threads to create and scheduler threads to set online.
 +S 1:1
 ## Sets the number of dirty CPU scheduler threads to create and dirty CPU scheduler threads to set online.
 +SDcpu 1:1
 ## Sets the number of dirty I/O scheduler threads to create.
 +SDio 1
 ## Suggested stack size, in kilowords, for scheduler threads.
 #+sss 32
 ## Suggested stack size, in kilowords, for dirty CPU scheduler threads.
 #+sssdcpu 40
 ## Suggested stack size, in kilowords, for dirty IO scheduler threads.
 #+sssdio 40
 ## Sets scheduler bind type.
 ## Can be one of: u, ns, ts, ps, s, nnts, nnps, tnnps, db
 #+sbt db
 ## Sets a user-defined CPU topology.
 #+sct L0-3c0-3p0N0:L4-7c0-3p1N1
 ## Sets the mapping of warning messages for error_logger
 #+W w
 ## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp
 #+C no_time_warp
 ## Prevents loading information about source filenames and line numbers.
 +L
 ## Specifies how long time (in milliseconds) to spend shutting down the system.
 ## See: http://erlang.org/doc/man/erl.html
 -shutdown_time 10000
		`@ -1,2 +0,0 @@`
			`psk.file.path = {{ platform_etc_dir }}/psk.txt`
			`psk.file.delimiter = :`