yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(build): Remove plugin config collection 

Plugin configs are to be added manually
This commit is contained in:
Zaiming Shi 2020-12-12 11:59:26 +01:00
parent 10dbb5bc96
commit f6f6fe47da
31 changed files with 0 additions and 2271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
etc/emqx.d/emqx_auth_clientid.conf
View File

@ -1,18 +0,0 @@
##--------------------------------------------------------------------
## ClientId Authentication Plugin
##--------------------------------------------------------------------
## Examples
##auth.client.1.clientid = id
##auth.client.1.password = passwd
##auth.client.2.clientid = dev:devid
##auth.client.2.password = passwd2
##auth.client.3.clientid = app:appid
##auth.client.3.password = passwd3
##auth.client.4.clientid = client~!@#$%^&*()_+
##auth.client.4.password = passwd~!@#$%^&*()_+
## Password hash.
##
## Value: plain | md5 | sha | sha256
auth.client.password_hash = sha256

162
etc/emqx.d/emqx_auth_http.conf
View File

@ -1,162 +0,0 @@
##--------------------------------------------------------------------
## HTTP Auth/ACL Plugin
##--------------------------------------------------------------------
##--------------------------------------------------------------------
## Authentication request.
## HTTP URL API path for authentication request
##
## Value: URL
##
## Examples: http://127.0.0.1:8991/mqtt/auth, https://[::1]:8991/mqtt/auth
auth.http.auth_req = http://127.0.0.1:8991/mqtt/auth
## Value: post | get
auth.http.auth_req.method = post
## It only works when method=post
## Value: json | x-www-form-urlencoded
auth.http.auth_req.content_type = x-www-form-urlencoded
## Variables:
## - %u: username
## - %c: clientid
## - %a: ipaddress
## - %r: protocol
## - %P: password
## - %p: sockport of server accepted
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
## Value: Params
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
##--------------------------------------------------------------------
## Superuser request.
## HTTP URL API path for Superuser request
##
## Value: URL
##
## Examples: http://127.0.0.1:8991/mqtt/superuser, https://[::1]:8991/mqtt/superuser
#auth.http.super_req = http://127.0.0.1:8991/mqtt/superuser
## Value: post | get
#auth.http.super_req.method = post
## It only works when method=pos
## Value: json | x-www-form-urlencoded
#auth.http.super_req.content_type = x-www-form-urlencoded
## Variables:
## - %u: username
## - %c: clientid
## - %a: ipaddress
## - %r: protocol
## - %P: password
## - %p: sockport of server accepted
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
## Value: Params
#auth.http.super_req.params = clientid=%c,username=%u
##--------------------------------------------------------------------
## ACL request.
## HTTP URL API path for ACL request
##
## Value: URL
##
## Examples: http://127.0.0.1:8991/mqtt/acl, https://[::1]:8991/mqtt/acl
auth.http.acl_req = http://127.0.0.1:8991/mqtt/acl
## Value: post | get
auth.http.acl_req.method = get
## It only works when method=post
## Value: json | x-www-form-urlencoded
auth.http.acl_req.content_type = x-www-form-urlencoded
## Variables:
## - %A: 1 | 2, 1 = sub, 2 = pub
## - %u: username
## - %c: clientid
## - %a: ipaddress
## - %r: protocol
## - %m: mountpoint
## - %t: topic
##
## Value: Params
auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
##------------------------------------------------------------------------------
## Http Reqeust options
## Time-out time for the http request, 0 is never timeout.
##
## Value: Duration
## -h: hour, e.g. '2h' for 2 hours
## -m: minute, e.g. '5m' for 5 minutes
## -s: second, e.g. '30s' for 30 seconds
##
## Default: 0
## auth.http.request.timeout = 0
## Connection time-out time, used during the initial request
## when the client is connecting to the server
##
## Value: Duration
##
## Default is same with the timeout option
## auth.http.request.connect_timeout = 0
## Re-send http reuqest times
##
## Value: integer
##
## Default: 3
auth.http.request.retry_times = 3
## The interval for re-sending the http request
##
## Value: Duration
##
## Default: 1s
auth.http.request.retry_interval = 1s
## The 'Exponential Backoff' mechanism for re-sending request. The actually
## re-send time interval is `interval * backoff ^ times`
##
## Value: float
##
## Default: 2.0
auth.http.request.retry_backoff = 2.0
##------------------------------------------------------------------------------
## SSL options
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
## auth.http.ssl.cacertfile = {{ platform_etc_dir }}/certs/ca.pem
## The path to a file containing the client's certificate.
##
## Value: File
## auth.http.ssl.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
## Path to a file containing the client's private PEM-encoded key.
##
## Value: File
## auth.http.ssl.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
##--------------------------------------------------------------------
## HTTP Request Headers
##
## Example: auth.http.header.Accept-Encoding = *
##
## Value: String
## auth.http.header.Accept = */*

39
etc/emqx.d/emqx_auth_jwt.conf
View File

@ -1,39 +0,0 @@
##--------------------------------------------------------------------
## JWT Auth Plugin
##--------------------------------------------------------------------
## HMAC Hash Secret.
##
## Value: String
auth.jwt.secret = emqxsecret
## From where the JWT string can be got
##
## Value: username | password
## Default: password
auth.jwt.from = password
## RSA or ECDSA public key file.
##
## Value: File
## auth.jwt.pubkey = etc/certs/jwt_public_key.pem
## Enable to verify claims fields
##
## Value: on | off
auth.jwt.verify_claims = off
## The checklist of claims to validate
##
## Value: String
## auth.jwt.verify_claims.$name = expected
##
## Variables:
## - %u: username
## - %c: clientid
# auth.jwt.verify_claims.username = %u
## The Signature format
## - `der`: The erlang default format
## - `raw`: Compatible with others platform maybe
#auth.jwt.signature_format = der

20
etc/emqx.d/emqx_auth_mnesia.conf
View File

@ -1,20 +0,0 @@
## Examples:
##auth.mnesia.1.login = admin
##auth.mnesia.1.password = public
##auth.mnesia.1.is_superuser = true
##auth.mnesia.2.login = feng@emqtt.io
##auth.mnesia.2.password = public
##auth.mnesia.2.is_superuser = false
##auth.mnesia.3.login = name~!@#$%^&*()_+
##auth.mnesia.3.password = pwsswd~!@#$%^&*()_+
##auth.mnesia.3.is_superuser = false
## Password hash.
##
## Value: plain | md5 | sha | sha256
auth.mnesia.password_hash = sha256
## Auth as username or auth as clientid.
##
## Value: username | clientid
auth.mnesia.as = username

116
etc/emqx.d/emqx_auth_mysql.conf
View File

@ -1,116 +0,0 @@
##--------------------------------------------------------------------
## MySQL Auth/ACL Plugin
##--------------------------------------------------------------------
## MySQL server address.
##
## Value: Port | IP:Port
##
## Examples: 3306, 127.0.0.1:3306, localhost:3306
auth.mysql.server = 127.0.0.1:3306
## MySQL pool size.
##
## Value: Number
auth.mysql.pool = 8
## MySQL username.
##
## Value: String
## auth.mysql.username =
## MySQL password.
##
## Value: String
## auth.mysql.password =
## MySQL database.
##
## Value: String
auth.mysql.database = mqtt
## MySQL query timeout
##
## Value: Duration
## auth.mysql.query_timeout = 5s
## Variables: %u = username, %c = clientid
## Authentication query.
##
## Note that column names should be 'password' and 'salt' (if used).
## In case column names differ in your DB - please use aliases,
## e.g. "my_column_name as password".
##
## Value: SQL
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.mysql.password_hash = sha256
## sha256 with salt prefix
## auth.mysql.password_hash = salt,sha256
## bcrypt with salt only prefix
## auth.mysql.password_hash = salt,bcrypt
## sha256 with salt suffix
## auth.mysql.password_hash = sha256,salt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.mysql.password_hash = pbkdf2,sha256,1000,20
## Superuser query.
##
## Value: SQL
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
## ACL query.
##
## Value: SQL
##
## Variables:
## - %a: ipaddr
## - %u: username
## - %c: clientid
##
## Note: You can add the 'ORDER BY' statement to control the rules match order
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
## Mysql ssl configuration.
##
## Value: on | off
auth.mysql.ssl = off
## CA certificate.
##
## Value: File
## auth.mysql.ssl.cafile = path to your ca file
## Client ssl certificate.
##
## Value: File
## auth.mysql.ssl.certfile = path to your clientcert file
## Client ssl keyfile.
##
## Value: File
## auth.mysql.ssl.keyfile = path to your clientkey file

16
etc/emqx.d/emqx_auth_username.conf
View File

@ -1,16 +0,0 @@
##--------------------------------------------------------------------
## Username Authentication Plugin
##--------------------------------------------------------------------
## Examples:
##auth.user.1.username = admin
##auth.user.1.password = public
##auth.user.2.username = feng@emqtt.io
##auth.user.2.password = public
##auth.user.3.username = name~!@#$%^&*()_+
##auth.user.3.password = pwsswd~!@#$%^&*()_+
## Password hash.
##
## Value: plain | md5 | sha | sha256
auth.user.password_hash = sha256

172
etc/emqx.d/emqx_bridge_mqtt.conf
View File

@ -1,172 +0,0 @@
##====================================================================
## Configuration for EMQ X MQTT Broker Bridge
##====================================================================
##--------------------------------------------------------------------
## Bridges to aws
##--------------------------------------------------------------------
## Bridge address: node name for local bridge, host:port for remote.
##
## Value: String
## Example: emqx@127.0.0.1, 127.0.0.1:1883
bridge.mqtt.aws.address = 127.0.0.1:1883
## Protocol version of the bridge.
##
## Value: Enum
## - mqttv5
## - mqttv4
## - mqttv3
bridge.mqtt.aws.proto_ver = mqttv4
## Start type of the bridge.
##
## Value: enum
## manual
## auto
bridge.mqtt.aws.start_type = manual
## Whether to enable bridge mode for mqtt bridge
##
## This option is prepared for the mqtt broker which does not
## support bridge_mode such as the mqtt-plugin of the rabbitmq
##
## Value: boolean
#bridge.mqtt.aws.bridge_mode = false
## The ClientId of a remote bridge.
##
## Placeholders:
## ${node}: Node name
##
## Value: String
bridge.mqtt.aws.clientid = bridge_aws
## The Clean start flag of a remote bridge.
##
## Value: boolean
## Default: true
##
## NOTE: Some IoT platforms require clean_start
## must be set to 'true'
bridge.mqtt.aws.clean_start = true
## The username for a remote bridge.
##
## Value: String
bridge.mqtt.aws.username = user
## The password for a remote bridge.
##
## Value: String
bridge.mqtt.aws.password = passwd
## Topics that need to be forward to AWS IoTHUB
##
## Value: String
## Example: topic1/#,topic2/#
bridge.mqtt.aws.forwards = topic1/#,topic2/#
## Forward messages to the mountpoint of an AWS IoTHUB
##
## Value: String
bridge.mqtt.aws.forward_mountpoint = bridge/aws/${node}/
## Need to subscribe to AWS topics
##
## Value: String
## bridge.mqtt.aws.subscription.1.topic = cmd/topic1
## Need to subscribe to AWS topics QoS.
##
## Value: Number
## bridge.mqtt.aws.subscription.1.qos = 1
## A mountpoint that receives messages from AWS IoTHUB
##
## Value: String
## bridge.mqtt.aws.receive_mountpoint = receive/aws/
## Bribge to remote server via SSL.
##
## Value: on | off
bridge.mqtt.aws.ssl = off
## PEM-encoded CA certificates of the bridge.
##
## Value: File
bridge.mqtt.aws.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## Client SSL Certfile of the bridge.
##
## Value: File
bridge.mqtt.aws.certfile = {{ platform_etc_dir }}/certs/client-cert.pem
## Client SSL Keyfile of the bridge.
##
## Value: File
bridge.mqtt.aws.keyfile = {{ platform_etc_dir }}/certs/client-key.pem
## SSL Ciphers used by the bridge.
##
## Value: String
bridge.mqtt.aws.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## Ciphers for TLS PSK.
## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#bridge.mqtt.aws.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
## Ping interval of a down bridge.
##
## Value: Duration
## Default: 10 seconds
bridge.mqtt.aws.keepalive = 60s
## TLS versions used by the bridge.
##
## Value: String
bridge.mqtt.aws.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## Bridge reconnect time.
##
## Value: Duration
## Default: 30 seconds
bridge.mqtt.aws.reconnect_interval = 30s
## Retry interval for bridge QoS1 message delivering.
##
## Value: Duration
bridge.mqtt.aws.retry_interval = 20s
## Publish messages in batches, only RPC Bridge supports
##
## Value: Integer
## default: 32
bridge.mqtt.aws.batch_size = 32
## Inflight size.
##
## Value: Integer
bridge.mqtt.aws.max_inflight_size = 32
## Base directory for replayq to store messages on disk
## If this config entry is missing or set to undefined,
## replayq works in a mem-only manner.
##
## Value: String
bridge.mqtt.aws.queue.replayq_dir = {{ platform_data_dir }}/replayq/emqx_aws_bridge/
## Replayq segment size
##
## Value: Bytesize
bridge.mqtt.aws.queue.replayq_seg_bytes = 10MB
## Replayq max total size
##
## Value: Bytesize
bridge.mqtt.aws.queue.max_total_size = 5GB

82
etc/emqx.d/emqx_coap.conf
View File

@ -1,82 +0,0 @@
##--------------------------------------------------------------------
## CoAP Gateway
##--------------------------------------------------------------------
## The IP and UDP port that CoAP bind with.
##
## Default: 0.0.0.0:5683
##
## Examples:
## coap.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683
##
coap.bind.udp.1 = 0.0.0.0:5683
##coap.bind.udp.2 = 0.0.0.0:6683
## Whether to enable statistics for CoAP clients.
##
## Value: on | off
coap.enable_stats = off
##------------------------------------------------------------------------------
## DTLS options
## The DTLS port that CoAP is listening on.
##
## Default: 0.0.0.0:5684
##
## Examples:
## coap.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684
##
coap.bind.dtls.1 = 0.0.0.0:5684
##coap.bind.dtls.2 = 0.0.0.0:6684
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
## message is not sent if the verify option is verify_none).
## You can then also want to specify option fail_if_no_peer_cert.
## More information at: http://erlang.org/doc/man/ssl.html
##
## Value: verify_peer | verify_none
## coap.dtls.verify = verify_peer
## Private key file for DTLS
##
## Value: File
coap.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem
## Server certificate for DTLS.
##
## Value: File
coap.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
## PEM-encoded CA certificates for DTLS
##
## Value: File
## coap.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
## sends an empty certificate.
##
## Value: true | false
## coap.dtls.fail_if_no_peer_cert = false
## This is the single most important configuration option of an Erlang SSL
## application. Ciphers (and their ordering) define the way the client and
## server encrypt information over the wire, from the initial Diffie-Helman
## key exchange, the session key encryption ## algorithm and the message
## digest algorithm. Selecting a good cipher suite is critical for the
## applications data security, confidentiality and performance.
##
## The cipher list above offers:
##
## A good balance between compatibility with older browsers.
## It can get stricter for Machine-To-Machine scenarios.
## Perfect Forward Secrecy.
## No old/insecure encryption and HMAC algorithms
##
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
coap.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA

129
etc/emqx.d/emqx_dashboard.conf
View File

@ -1,129 +0,0 @@
##--------------------------------------------------------------------
## EMQ X Dashboard
##--------------------------------------------------------------------
## Default user's login name.
##
## Value: String
dashboard.default_user.login = admin
## Default user's password.
##
## Value: String
dashboard.default_user.password = public
##--------------------------------------------------------------------
## HTTP Listener
## The port that the Dashboard HTTP listener will bind.
##
## Value: Port
##
## Examples: 18083
dashboard.listener.http = 18083
## The acceptor pool for external Dashboard HTTP listener.
##
## Value: Number
dashboard.listener.http.acceptors = 4
## Maximum number of concurrent Dashboard HTTP connections.
##
## Value: Number
dashboard.listener.http.max_clients = 512
## Set up the socket for IPv6.
##
## Value: false | true
dashboard.listener.http.inet6 = false
## Listen on IPv4 and IPv6 (false) or only on IPv6 (true). Use with inet6.
##
## Value: false | true
dashboard.listener.http.ipv6_v6only = false
##--------------------------------------------------------------------
## HTTPS Listener
## The port that the Dashboard HTTPS listener will bind.
##
## Value: Port
##
## Examples: 18084
## dashboard.listener.https = 18084
## The acceptor pool for external Dashboard HTTPS listener.
##
## Value: Number
## dashboard.listener.https.acceptors = 2
## Maximum number of concurrent Dashboard HTTPS connections.
##
## Value: Number
## dashboard.listener.https.max_clients = 512
## Set up the socket for IPv6.
##
## Value: false | true
## dashboard.listener.https.inet6 = false
## Listen on IPv4 and IPv6 (false) or only on IPv6 (true). Use with inet6.
##
## Value: false | true
## dashboard.listener.https.ipv6_v6only = false
## Path to the file containing the user's private PEM-encoded key.
##
## Value: File
## dashboard.listener.https.keyfile = etc/certs/key.pem
## Path to a file containing the user certificate.
##
## Value: File
## dashboard.listener.https.certfile = etc/certs/cert.pem
## Path to the file containing PEM-encoded CA certificates.
##
## Value: File
## dashboard.listener.https.cacertfile = etc/certs/cacert.pem
## See: 'listener.ssl.<name>.dhfile' in emq.conf
##
## Value: File
## dashboard.listener.https.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## See: 'listener.ssl.<name>.vefify' in emq.conf
##
## Value: vefify_peer | verify_none
## dashboard.listener.https.verify = verify_peer
## See: 'listener.ssl.<name>.fail_if_no_peer_cert' in emq.conf
##
## Value: false | true
## dashboard.listener.https.fail_if_no_peer_cert = true
## TLS versions only to protect from POODLE attack.
##
## Value: String, seperated by ','
## dashboard.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## See: 'listener.ssl.<name>.ciphers' in emq.conf
##
## Value: Ciphers
## dashboard.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
##
## Value: on | off
## dashboard.listener.https.secure_renegotiate = off
## See: 'listener.ssl.<name>.reuse_sessions' in emq.conf
##
## Value: on | off
## dashboard.listener.https.reuse_sessions = on
## See: 'listener.ssl.<name>.honor_cipher_order' in emq.conf
##
## Value: on | off
## dashboard.listener.https.honor_cipher_order = on

52
etc/emqx.d/emqx_management.conf
View File

@ -1,52 +0,0 @@
##--------------------------------------------------------------------
## EMQ X Management Plugin
##--------------------------------------------------------------------
## Max Row Limit
management.max_row_limit = 10000
## Application default secret
##
## Value: String
## management.application.default_secret = public
## Default Application ID
##
## Value: String
management.default_application.id = admin
## Default Application Secret
##
## Value: String
management.default_application.secret = public
##--------------------------------------------------------------------
## HTTP Listener
management.listener.http = 8081
management.listener.http.acceptors = 2
management.listener.http.max_clients = 512
management.listener.http.backlog = 512
management.listener.http.send_timeout = 15s
management.listener.http.send_timeout_close = on
management.listener.http.inet6 = false
management.listener.http.ipv6_v6only = false
##--------------------------------------------------------------------
## HTTPS Listener
## management.listener.https = 8081
## management.listener.https.acceptors = 2
## management.listener.https.max_clients = 512
## management.listener.https.backlog = 512
## management.listener.https.send_timeout = 15s
## management.listener.https.send_timeout_close = on
## management.listener.https.certfile = etc/certs/cert.pem
## management.listener.https.keyfile = etc/certs/key.pem
## management.listener.https.cacertfile = etc/certs/cacert.pem
## management.listener.https.verify = verify_peer
## management.listener.https.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## management.listener.https.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## management.listener.https.fail_if_no_peer_cert = true
## management.listener.https.inet6 = false
## management.listener.https.ipv6_v6only = false

4
etc/emqx.d/emqx_recon.conf
View File

@ -1,4 +0,0 @@
##--------------------------------------------------------------------
## Recon Plugin
##--------------------------------------------------------------------

41
etc/emqx.d/emqx_retainer.conf
View File

@ -1,41 +0,0 @@
##--------------------------------------------------------------------
## EMQ X Retainer
##--------------------------------------------------------------------
## Where to store the retained messages.
##
## Notice that all nodes in the same cluster have to be configured to
## use the same storage_type.
##
## Value: ram | disc | disc_only
## - ram: memory only
## - disc: both memory and disc
## - disc_only: disc only
##
## Default: ram
retainer.storage_type = ram
## Maximum number of retained messages. 0 means no limit.
##
## Value: Number >= 0
retainer.max_retained_messages = 0
## Maximum retained message size.
##
## Value: Bytes
retainer.max_payload_size = 1MB
## Expiry interval of the retained messages. Never expire if the value is 0.
##
## Value: Duration
## - h: hour
## - m: minute
## - s: second
##
## Examples:
## - 2h: 2 hours
## - 30m: 30 minutes
## - 20s: 20 seconds
##
## Defaut: 0
retainer.expiry_interval = 0

42
etc/emqx.d/emqx_rule_engine.conf
View File

@ -1,42 +0,0 @@
##====================================================================
## Rule Engine for EMQ X R4.0
##====================================================================
rule_engine.ignore_sys_message = on
## Event Messages
##
## If enabled (on), rule engine publishes the event as an MQTT message
## with topic='$events/<event-name>' on the occurrence of an emqx event.
##
## If disabled, rule engine stops publishing the event messages, but
## the event message can still be processed by the rule SQL. e.g. rule SQL:
##
## SELECT * FROM "$events/client_connected"
##
## will still work even if 'rule_engine.events.client_connected' is set to 'off'
##
## EMQ Event to event message mapping:
##
## - client.connected -> $events/client_connected
## - client.disconnected -> $events/client_disconnected
## - session.subscribed -> $events/session_subscribed
## - session.unsubscribed -> $events/session_unsubscribed
## - message.delivered -> $events/message_delivered
## - message.acked -> $events/message_acked
## - message.dropped -> $events/message_dropped
##
## Config Value Format: Toggle, QoS-Level
##
## Toggle: on/off
##
## QoS-Level: qos0/qos1/qos2
#rule_engine.events.client_connected = on, qos1
rule_engine.events.client_connected = off
rule_engine.events.client_disconnected = off
rule_engine.events.session_subscribed = off
rule_engine.events.session_unsubscribed = off
rule_engine.events.message_delivered = off
rule_engine.events.message_acked = off
rule_engine.events.message_dropped = off

0
etc/emqx.d/emqx_sasl.conf
View File

53
etc/emqx.d/emqx_sn.conf
View File

@ -1,53 +0,0 @@
##--------------------------------------------------------------------
## MQTT-SN
##--------------------------------------------------------------------
## The UDP port which emq-sn is listening on.
##
## Value: IP:Port | Port
##
## Examples: 1884, 127.0.0.1:1884, ::1:1884
mqtt.sn.port = 1884
## The duration that emqx-sn broadcast ADVERTISE message through.
##
## Value: Duration
mqtt.sn.advertise_duration = 15m
## The MQTT-SN Gateway id in ADVERTISE message.
##
## Value: Number
mqtt.sn.gateway_id = 1
## To control whether write statistics data into ETS table for dashbord to read.
##
## Value: on | off
mqtt.sn.enable_stats = off
## To control whether accept and process the received publish message with qos=-1.
##
## Value: on | off
mqtt.sn.enable_qos3 = off
## MQTT SN idle timeout, specified in seconds.
##
## Value: Duration
mqtt.sn.idle_timeout = 30s
## The pre-defined topic name corresponding to the pre-defined topic id of N.
## Note that the pre-defined topic id of 0 is reserved.
mqtt.sn.predefined.topic.0 = reserved
mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello
mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice
## Default username for MQTT-SN. This parameter is optional. If specified,
## emq-sn will connect EMQ core with this username. It is useful if any auth
## plug-in is enabled.
##
## Value: String
mqtt.sn.username = mqtt_sn_user
## This parameter is optional. Pair with username above.
##
## Value: String
mqtt.sn.password = abc

123
etc/emqx.d/emqx_stomp.conf
View File

@ -1,123 +0,0 @@
##--------------------------------------------------------------------
## Stomp Plugin
##--------------------------------------------------------------------
##--------------------------------------------------------------------
## Stomp listener
## The Port that stomp listener will bind.
##
## Value: Port
stomp.listener = 61613
## The acceptor pool for stomp listener.
##
## Value: Number
stomp.listener.acceptors = 4
## Maximum number of concurrent stomp connections.
##
## Value: Number
stomp.listener.max_connections = 512
## Whether to enable SSL.
##
## Value: on | off
## stomp.listener.ssl = off
## Path to the file containing the user's private PEM-encoded key.
##
## Value: File
## stomp.listener.keyfile = etc/certs/key.pem
## Path to a file containing the user certificate.
##
## Value: File
## stomp.listener.certfile = etc/certs/cert.pem
## Path to the file containing PEM-encoded CA certificates.
##
## Value: File
## stomp.listener.cacertfile = etc/certs/cacert.pem
## See: 'listener.ssl.<name>.dhfile' in emq.conf
##
## Value: File
## stomp.listener.dhfile = etc/certs/dh-params.pem
## See: 'listener.ssl.<name>.vefify' in emq.conf
##
## Value: vefify_peer | verify_none
## stomp.listener.verify = verify_peer
## See: 'listener.ssl.<name>.fail_if_no_peer_cert' in emq.conf
##
## Value: false | true
## stomp.listener.fail_if_no_peer_cert = true
## TLS versions only to protect from POODLE attack.
##
## Value: String, seperated by ','
## stomp.listener.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## SSL Handshake timeout.
##
## Value: Duration
## stomp.listener.handshake_timeout = 15s
## See: 'listener.ssl.<name>.ciphers' in emq.conf
##
## Value: Ciphers
## stomp.listener.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
##
## Value: on | off
## stomp.listener.secure_renegotiate = off
## See: 'listener.ssl.<name>.reuse_sessions' in emq.conf
##
## Value: on | off
## stomp.listener.reuse_sessions = on
## See: 'listener.ssl.<name>.honor_cipher_order' in emq.conf
##
## Value: on | off
## stomp.listener.honor_cipher_order = on
##--------------------------------------------------------------------
## Stomp login user and password
## Default login user
##
## Value: String
stomp.default_user.login = guest
## Default login password
##
## Value: String
stomp.default_user.passcode = guest
## Allow anonymous authentication.
##
## Value: true | false
stomp.allow_anonymous = true
##--------------------------------------------------------------------
## Stomp frame
## Maximum numbers of frame headers.
##
## Value: Number
stomp.frame.max_headers = 10
## Maximum length of frame header.
##
## Value: Number
stomp.frame.max_header_length = 1024
## Maximum body length of frame.
##
## Value: Number
stomp.frame.max_body_length = 8192

28
etc/emqx.d/emqx_telemetry.conf
View File

@ -1,28 +0,0 @@
##--------------------------------------------------------------------
## Telemetry
##--------------------------------------------------------------------
## Enable telemetry
##
## Value: true | false
##
## Default: true
telemetry.enabled = true
## The destination URL for the telemetry data report
##
## Value: String
##
## Default: https://telemetry.emqx.io/api/telemetry
telemetry.url = https://telemetry.emqx.io/api/telemetry
## Interval for reporting telemetry data
##
## Value: Duration
## -d: day
## -h: hour
## -m: minute
## -s: second
##
## Default: 7d
telemetry.report_interval = 7d

66
etc/emqx.d/emqx_web_hook.conf
View File

@ -1,66 +0,0 @@
##====================================================================
## WebHook
##====================================================================
## The web services URL for Hook request
##
## Value: String
web.hook.api.url = http://127.0.0.1:8080
##--------------------------------------------------------------------
## HTTP Request Headers
##
## The header params what you extra need
## Format:
## web.hook.headers.<param> = your-param
## Example:
## 1. web.hook.headers.token = your-token
## 2. web.hook.headers.other = others-param
##
## Value: String
## web.hook.headers.token = your-token
##--------------------------------------------------------------------
## Encode message payload field
##
## Value: base64 | base62
## web.hook.encode_payload = base64
## Mysql ssl configuration.
##
## Value: on | off
## web.hook.ssl = off
##--------------------------------------------------------------------
## CA certificate.
##
## Value: File
## web.hook.ssl.cafile = path to your ca file
## Client ssl certificate.
##
## Value: File
## web.hook.ssl.certfile = path to your clientcert file
##--------------------------------------------------------------------
## Client ssl keyfile.
##
## Value: File
## web.hook.ssl.keyfile = path to your clientkey file
##--------------------------------------------------------------------
## Hook Rules
## These configuration items represent a list of events should be forwarded
##
## Format:
## web.hook.rule.<HookName>.<No> = <Spec>
#web.hook.rule.client.connect.1 = {"action": "on_client_connect"}
#web.hook.rule.client.connack.1 = {"action": "on_client_connack"}
#web.hook.rule.client.connected.1 = {"action": "on_client_connected"}
#web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"}
#web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"}
#web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"}
#web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"}
#web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
#web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"}
#web.hook.rule.message.publish.1 = {"action": "on_message_publish"}
#web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"}
#web.hook.rule.message.acked.1 = {"action": "on_message_acked"}

78
etc/emqx_cloud.d/emqx_auth_ldap.conf
View File

@ -1,78 +0,0 @@
##--------------------------------------------------------------------
## LDAP Auth Plugin
##--------------------------------------------------------------------
## LDAP server list, seperated by ','.
##
## Value: String
auth.ldap.servers = 127.0.0.1
## LDAP server port.
##
## Value: Port
auth.ldap.port = 389
## LDAP pool size
##
## Value: String
auth.ldap.pool = 8
## LDAP Bind DN.
##
## Value: DN
auth.ldap.bind_dn = cn=root,dc=emqx,dc=io
## LDAP Bind Password.
##
## Value: String
auth.ldap.bind_password = public
## LDAP query timeout.
##
## Value: Number
auth.ldap.timeout = 30s
## Device DN.
##
## Variables:
##
## Value: DN
auth.ldap.device_dn = ou=device,dc=emqx,dc=io
## Specified ObjectClass
##
## Variables:
##
## Value: string
auth.ldap.match_objectclass = mqttUser
## attributetype for username
##
## Variables:
##
## Value: string
auth.ldap.username.attributetype = uid
## attributetype for password
##
## Variables:
##
## Value: string
auth.ldap.password.attributetype = userPassword
## Whether to enable SSL.
##
## Value: true | false
auth.ldap.ssl = false
#auth.ldap.ssl.certfile = etc/certs/cert.pem
#auth.ldap.ssl.keyfile = etc/certs/key.pem
#auth.ldap.ssl.cacertfile = etc/certs/cacert.pem
#auth.ldap.ssl.verify = verify_peer
#auth.ldap.ssl.fail_if_no_peer_cert = true
#auth.ldap.ssl.server_name_indication = your_server_name

172
etc/emqx_cloud.d/emqx_auth_mongo.conf
View File

@ -1,172 +0,0 @@
##--------------------------------------------------------------------
## MongoDB Auth/ACL Plugin
##--------------------------------------------------------------------
## MongoDB Topology Type.
##
## Value: single | unknown | sharded | rs
auth.mongo.type = single
## The set name if type is rs.
##
## Value: String
## auth.mongo.rs_set_name =
## MongoDB server list.
##
## Value: String
##
## Examples: 127.0.0.1:27017,127.0.0.2:27017...
auth.mongo.server = 127.0.0.1:27017
## MongoDB pool size
##
## Value: Number
auth.mongo.pool = 8
## MongoDB login user.
##
## Value: String
## auth.mongo.login =
## MongoDB password.
##
## Value: String
## auth.mongo.password =
## MongoDB AuthSource
##
## Value: String
## Default: mqtt
## auth.mongo.auth_source = admin
## MongoDB database
##
## Value: String
auth.mongo.database = mqtt
## MongoDB query timeout
##
## Value: Duration
## auth.mongo.query_timeout = 5s
## Whether to enable SSL connection.
##
## Value: true | false
## auth.mongo.ssl = false
## SSL keyfile.
##
## Value: File
## auth.mongo.ssl_opts.keyfile =
## SSL certfile.
##
## Value: File
## auth.mongo.ssl_opts.certfile =
## SSL cacertfile.
##
## Value: File
## auth.mongo.ssl_opts.cacertfile =
## MongoDB write mode.
##
## Value: unsafe | safe
## auth.mongo.w_mode =
## Mongo read mode.
##
## Value: master | slave_ok
## auth.mongo.r_mode =
## MongoDB topology options.
auth.mongo.topology.pool_size = 1
auth.mongo.topology.max_overflow = 0
## auth.mongo.topology.overflow_ttl = 1000
## auth.mongo.topology.overflow_check_period = 1000
## auth.mongo.topology.local_threshold_ms = 1000
## auth.mongo.topology.connect_timeout_ms = 20000
## auth.mongo.topology.socket_timeout_ms = 100
## auth.mongo.topology.server_selection_timeout_ms = 30000
## auth.mongo.topology.wait_queue_timeout_ms = 1000
## auth.mongo.topology.heartbeat_frequency_ms = 10000
## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
## -------------------------------------------------
## Auth Query
## -------------------------------------------------
## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.mongo.auth_query.password_hash = sha256
## sha256 with salt suffix
## auth.mongo.auth_query.password_hash = sha256,salt
## sha256 with salt prefix
## auth.mongo.auth_query.password_hash = salt,sha256
## bcrypt with salt prefix
## auth.mongo.auth_query.password_hash = salt,bcrypt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
## Authentication query.
auth.mongo.auth_query.collection = mqtt_user
## Password mainly fields
##
## Value: password | password,salt
auth.mongo.auth_query.password_field = password
## Authentication Selector.
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
## auth.mongo.auth_query.selector = {Field}={Placeholder}
auth.mongo.auth_query.selector = username=%u
## -------------------------------------------------
## Super User Query
## -------------------------------------------------
auth.mongo.super_query.collection = mqtt_user
auth.mongo.super_query.super_field = is_superuser
#auth.mongo.super_query.selector = username=%u, clientid=%c
auth.mongo.super_query.selector = username=%u
## ACL Selector.
##
## Multiple selectors could be combined with '$or'
## when query acl from mongo.
##
## e.g.
##
## With following 2 selectors configured:
##
## auth.mongo.acl_query.selector.1 = username=%u
## auth.mongo.acl_query.selector.2 = username=$all
##
## And if a client connected using username 'ilyas',
## then the following mongo command will be used to
## retrieve acl entries:
##
## db.mqtt_acl.find({$or: [{username: "ilyas"}, {username: "$all"}]});
##
## Variables:
## - %u: username
## - %c: clientid
##
## Examples:
##
## auth.mongo.acl_query.selector.1 = username=%u,clientid=%c
## auth.mongo.acl_query.selector.2 = username=$all
## auth.mongo.acl_query.selector.3 = clientid=$all
auth.mongo.acl_query.collection = mqtt_acl
auth.mongo.acl_query.selector = username=%u

110
etc/emqx_cloud.d/emqx_auth_pgsql.conf
View File

@ -1,110 +0,0 @@
##--------------------------------------------------------------------
## PostgreSQL Auth/ACL Plugin
##--------------------------------------------------------------------
## PostgreSQL server address.
##
## Value: Port | IP:Port
##
## Examples: 5432, 127.0.0.1:5432, localhost:5432
auth.pgsql.server = 127.0.0.1:5432
## PostgreSQL pool size.
##
## Value: Number
auth.pgsql.pool = 8
## PostgreSQL username.
##
## Value: String
auth.pgsql.username = root
## PostgreSQL password.
##
## Value: String
## auth.pgsql.password =
## PostgreSQL database.
##
## Value: String
auth.pgsql.database = mqtt
## PostgreSQL database encoding.
##
## Value: String
auth.pgsql.encoding = utf8
## Whether to enable SSL connection.
##
## Value: true | false
auth.pgsql.ssl = false
## SSL keyfile.
##
## Value: File
## auth.pgsql.ssl_opts.keyfile =
## SSL certfile.
##
## Value: File
## auth.pgsql.ssl_opts.certfile =
## SSL cacertfile.
##
## Value: File
## auth.pgsql.ssl_opts.cacertfile =
## Authentication query.
##
## Value: SQL
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.pgsql.password_hash = sha256
## sha256 with salt prefix
## auth.pgsql.password_hash = salt,sha256
## sha256 with salt suffix
## auth.pgsql.password_hash = sha256,salt
## bcrypt with salt prefix
## auth.pgsql.password_hash = salt,bcrypt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
## Superuser query.
##
## Value: SQL
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
## ACL query. Comment this query, the ACL will be disabled.
##
## Value: SQL
##
## Variables:
## - %a: ipaddress
## - %u: username
## - %c: clientid
##
## Note: You can add the 'ORDER BY' statement to control the rules match order
auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'

97
etc/emqx_cloud.d/emqx_auth_redis.conf
View File

@ -1,97 +0,0 @@
##--------------------------------------------------------------------
## Redis Auth/ACL Plugin
##--------------------------------------------------------------------
## Redis Server cluster type
## single Single redis server
## sentinel Redis cluster through sentinel
## cluster Redis through cluster
auth.redis.type = single
## Redis server address.
##
## Value: Port | IP:Port
##
## Single Redis Server: 127.0.0.1:6379, localhost:6379
## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379
auth.redis.server = 127.0.0.1:6379
## Redis sentinel cluster name.
##
## Value: String
## auth.redis.sentinel = mymaster
## Redis pool size.
##
## Value: Number
auth.redis.pool = 8
## Redis database no.
##
## Value: Number
auth.redis.database = 0
## Redis password.
##
## Value: String
## auth.redis.password =
## Redis query timeout
##
## Value: Duration
## auth.redis.query_timeout = 5s
## Authentication query command.
##
## Value: Redis cmd
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
## Examples:
## - HGET mqtt_user:%u password
## - HMGET mqtt_user:%u password
## - HMGET mqtt_user:%u password salt
auth.redis.auth_cmd = HMGET mqtt_user:%u password
## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.redis.password_hash = plain
## sha256 with salt prefix
## auth.redis.password_hash = salt,sha256
## sha256 with salt suffix
## auth.redis.password_hash = sha256,salt
## bcrypt with salt prefix
## auth.redis.password_hash = salt,bcrypt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.redis.password_hash = pbkdf2,sha256,1000,20
## Superuser query command.
##
## Value: Redis cmd
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
## ACL query command.
##
## Value: Redis cmd
##
## Variables:
## - %u: username
## - %c: clientid
auth.redis.acl_cmd = HGETALL mqtt_acl:%u

15
etc/emqx_cloud.d/emqx_exhook.conf
View File

@ -1,15 +0,0 @@
##====================================================================
## EMQ X Hooks
##====================================================================
##--------------------------------------------------------------------
## Server Address
## The gRPC server url
##
## exhook.server.$name.url = url()
exhook.server.default.url = http://127.0.0.1:9000
#exhook.server.default.ssl.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
#exhook.server.default.ssl.certfile = {{ platform_etc_dir }}/certs/cert.pem
#exhook.server.default.ssl.keyfile = {{ platform_etc_dir }}/certs/key.pem

252
etc/emqx_cloud.d/emqx_exproto.conf
View File

@ -1,252 +0,0 @@
##====================================================================
## EMQ X ExProto
##====================================================================
exproto.server.http.port = 9100
exproto.server.https.port = 9101
exproto.server.https.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
exproto.server.https.certfile = {{ platform_etc_dir }}/certs/cert.pem
exproto.server.https.keyfile = {{ platform_etc_dir }}/certs/key.pem
##--------------------------------------------------------------------
## Listeners
##--------------------------------------------------------------------
##--------------------------------------------------------------------
## MQTT/TCP - External TCP Listener for MQTT Protocol
## The IP address and port that the listener will bind.
##
## Value: <tcp|ssl|udp|dtls>://<ip>:<port>
##
## Examples: tcp://0.0.0.0:7993 | ssl://127.0.0.1:7994
exproto.listener.protoname = tcp://0.0.0.0:7993
## The ConnectionHandler server address
##
exproto.listener.protoname.connection_handler_url = http://127.0.0.1:9001
#exproto.listener.protoname.connection_handler_certfile =
#exproto.listener.protoname.connection_handler_cacertfile =
#exproto.listener.protoname.connection_handler_keyfile =
## The acceptor pool for external MQTT/TCP listener.
##
## Value: Number
exproto.listener.protoname.acceptors = 8
## Maximum number of concurrent MQTT/TCP connections.
##
## Value: Number
exproto.listener.protoname.max_connections = 1024000
## Maximum external connections per second.
##
## Value: Number
exproto.listener.protoname.max_conn_rate = 1000
## Specify the {active, N} option for the external MQTT/TCP Socket.
##
## Value: Number
exproto.listener.protoname.active_n = 100
## Idle timeout
##
## Value: Duration
exproto.listener.protoname.idle_timeout = 30s
## The access control rules for the MQTT/TCP listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## Value: ACL Rule
##
## Example: allow 192.168.0.0/24
exproto.listener.protoname.access.1 = allow all
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## Value: on | off
## exproto.listener.protoname.proxy_protocol = on
## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
## if no proxy protocol packet recevied within the timeout.
##
## Value: Duration
#exproto.listener.protoname.proxy_protocol_timeout = 3s
## The TCP backlog defines the maximum length that the queue of pending
## connections can grow to.
##
## Value: Number >= 0
exproto.listener.protoname.backlog = 1024
## The TCP send timeout for external MQTT connections.
##
## Value: Duration
exproto.listener.protoname.send_timeout = 15s
## Close the TCP connection if send timeout.
##
## Value: on | off
exproto.listener.protoname.send_timeout_close = on
## The TCP receive buffer(os kernel) for MQTT connections.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
#exproto.listener.protoname.recbuf = 2KB
## The TCP send buffer(os kernel) for MQTT connections.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
#exproto.listener.protoname.sndbuf = 2KB
## The size of the user-level software buffer used by the driver.
## Not to be confused with options sndbuf and recbuf, which correspond
## to the Kernel socket buffers. It is recommended to have val(buffer)
## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because
## of unnecessary copying. val(buffer) is automatically set to the above
## maximum when values sndbuf or recbuf are set.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
#exproto.listener.protoname.buffer = 2KB
## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
##
## Value: on | off
#exproto.listener.protoname.tune_buffer = off
## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
## sent immediately if the option is enabled.
##
## Value: true | false
exproto.listener.protoname.nodelay = true
## The SO_REUSEADDR flag for TCP listener.
##
## Value: true | false
exproto.listener.protoname.reuseaddr = true
##--------------------------------------------------------------------
## TLS/DTLS options
## TLS versions only to protect from POODLE attack.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: String, seperated by ','
#exproto.listener.protoname.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## Path to the file containing the user's private PEM-encoded key.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
#exproto.listener.protoname.keyfile = {{ platform_etc_dir }}/certs/key.pem
## Path to a file containing the user certificate.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
#exproto.listener.protoname.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
#exproto.listener.protoname.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## The Ephemeral Diffie-Helman key exchange is a very effective way of
## ensuring Forward Secrecy by exchanging a set of keys that never hit
## the wire. Since the DH key is effectively signed by the private key,
## it needs to be at least as strong as the private key. In addition,
## the default DH groups that most of the OpenSSL installations have
## are only a handful (since they are distributed with the OpenSSL
## package that has been built for the operating system its running on)
## and hence predictable (not to mention, 1024 bits only).
## In order to escape this situation, first we need to generate a fresh,
## strong DH group, store it in a file and then use the option above,
## to force our SSL application to use the new DH group. Fortunately,
## OpenSSL provides us with a tool to do that. Simply run:
## openssl dhparam -out dh-params.pem 2048
##
## Value: File
#exproto.listener.protoname.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
## message is not sent if the verify option is verify_none).
## You can then also want to specify option fail_if_no_peer_cert.
## More information at: http://erlang.org/doc/man/ssl.html
##
## Value: verify_peer | verify_none
#exproto.listener.protoname.verify = verify_peer
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
## sends an empty certificate.
##
## Value: true | false
#exproto.listener.protoname.fail_if_no_peer_cert = true
## This is the single most important configuration option of an Erlang SSL
## application. Ciphers (and their ordering) define the way the client and
## server encrypt information over the wire, from the initial Diffie-Helman
## key exchange, the session key encryption ## algorithm and the message
## digest algorithm. Selecting a good cipher suite is critical for the
## applications data security, confidentiality and performance.
##
## The cipher list above offers:
##
## A good balance between compatibility with older browsers.
## It can get stricter for Machine-To-Machine scenarios.
## Perfect Forward Secrecy.
## No old/insecure encryption and HMAC algorithms
##
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
#exproto.listener.protoname.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## Ciphers for TLS PSK.
## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#exproto.listener.protoname.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
## SSL parameter renegotiation is a feature that allows a client and a server
## to renegotiate the parameters of the SSL connection on the fly.
## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
## you drop support for the insecure renegotiation, prone to MitM attacks.
##
## Value: on | off
#exproto.listener.protoname.secure_renegotiate = off
## A performance optimization setting, it allows clients to reuse
## pre-existing sessions, instead of initializing new ones.
## Read more about it here.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: on | off
#exproto.listener.protoname.reuse_sessions = on
## An important security setting, it forces the cipher to be set based
## on the server-specified order instead of the client-specified order,
## hence enforcing the (usually more properly configured) security
## ordering of the server administrator.
##
## Value: on | off
#exproto.listener.protoname.honor_cipher_order = on

4
etc/emqx_cloud.d/emqx_lua_hook.conf
View File

@ -1,4 +0,0 @@
##--------------------------------------------------------------------
## EMQ X Lua Hook
##--------------------------------------------------------------------

136
etc/emqx_cloud.d/emqx_lwm2m.conf
View File

@ -1,136 +0,0 @@
##--------------------------------------------------------------------
## LwM2M Gateway
##--------------------------------------------------------------------
##--------------------------------------------------------------------
## Protocols
# To Limit the range of lifetime, in seconds
lwm2m.lifetime_min = 1s
lwm2m.lifetime_max = 86400s
# The time window for Q Mode, indicating that after how long time
# the downlink commands sent to the client will be cached.
#lwm2m.qmode_time_window = 22
# Auto send observer command to device
# on | off
#lwm2m.auto_observe = off
# The topic subscribed by the lwm2m client after it is connected
# Placeholders supported:
# '%e': Endpoint Name
# '%a': IP Address
lwm2m.mountpoint = lwm2m/%e/
# The topic subscribed by the lwm2m client after it is connected
# Placeholders supported:
# '%e': Endpoint Name
# '%a': IP Address
lwm2m.topics.command = dn/#
# The topic to which the lwm2m client's response is published
lwm2m.topics.response = up/resp
# The topic to which the lwm2m client's notify message is published
lwm2m.topics.notify = up/notify
# The topic to which the lwm2m client's register message is published
lwm2m.topics.register = up/resp
# The topic to which the lwm2m client's update message is published
lwm2m.topics.update = up/resp
# Dir where the object definition files can be found
lwm2m.xml_dir = {{ platform_etc_dir }}/lwm2m_xml
##--------------------------------------------------------------------
## UDP Listener options
## The IP and port of the LwM2M Gateway
##
## Default: 0.0.0.0:5683
## Examples:
## lwm2m.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683
lwm2m.bind.udp.1 = 0.0.0.0:5683
#lwm2m.bind.udp.2 = 0.0.0.0:6683
## Socket options, used for performance tuning
##
## Examples:
## lwm2m.opts.$name = $value
## See: https://erlang.org/doc/man/gen_udp.html#type-option
lwm2m.opts.buffer = 1024KB
lwm2m.opts.recbuf = 1024KB
lwm2m.opts.sndbuf = 1024KB
lwm2m.opts.read_packets = 20
##--------------------------------------------------------------------
## DTLS Listener Options
## The DTLS port that LwM2M is listening on.
##
## Default: 0.0.0.0:5684
##
## Examples:
## lwm2m.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684
##
lwm2m.bind.dtls.1 = 0.0.0.0:5684
#lwm2m.bind.dtls.2 = 0.0.0.0:6684
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
## message is not sent if the verify option is verify_none).
## You can then also want to specify option fail_if_no_peer_cert.
## More information at: http://erlang.org/doc/man/ssl.html
##
## Value: verify_peer | verify_none
#lwm2m.dtls.verify = verify_peer
## Private key file for DTLS
##
## Value: File
lwm2m.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem
## Server certificate for DTLS.
##
## Value: File
lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem
## PEM-encoded CA certificates for DTLS
##
## Value: File
#lwm2m.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
## sends an empty certificate.
##
## Value: true | false
#lwm2m.dtls.fail_if_no_peer_cert = false
## This is the single most important configuration option of an Erlang SSL
## application. Ciphers (and their ordering) define the way the client and
## server encrypt information over the wire, from the initial Diffie-Helman
## key exchange, the session key encryption ## algorithm and the message
## digest algorithm. Selecting a good cipher suite is critical for the
## applications data security, confidentiality and performance.
##
## The cipher list above offers:
##
## A good balance between compatibility with older browsers.
## It can get stricter for Machine-To-Machine scenarios.
## Perfect Forward Secrecy.
## No old/insecure encryption and HMAC algorithms
##
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## Ciphers for TLS PSK.
##
## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot
## be configured at the same time.
## See 'https://tools.ietf.org/html/rfc4279#section-2'.
#lwm2m.dtls.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA

13
etc/emqx_cloud.d/emqx_prometheus.conf
View File

@ -1,13 +0,0 @@
##--------------------------------------------------------------------
## emqx_prometheus for EMQ X
##--------------------------------------------------------------------
## The Prometheus Push Gateway URL address
##
## Note: You can comment out this line to disable it
prometheus.push.gateway.server = http://127.0.0.1:9091
## The metrics data push interval (millisecond)
##
## Default: 15000
prometheus.interval = 15000

2
etc/emqx_cloud.d/emqx_psk_file.conf
View File

@ -1,2 +0,0 @@
psk.file.path = {{ platform_etc_dir }}/psk.txt
psk.file.delimiter = :

0
etc/emqx_edge.d/vm.args.edge → etc/emqx_edge.d/vm.args
View File

115
etc/vm.args
View File

@ -1,115 +0,0 @@
######################################################################
## Erlang VM Args for EMQ X Broker
######################################################################
## NOTE:
##
## Arguments configured in this file might be overridden by configs from `emqx.conf`.
##
## Some basic VM arguments are to be configured in `emqx.conf`,
## such as `node.name` for `-name` and `node.cooke` for `-setcookie`.
## Sets the maximum number of simultaneously existing processes for this system.
+P 2097152
## Sets the maximum number of simultaneously existing ports for this system.
+Q 1048576
## Sets the maximum number of ETS tables
+e 262144
## Sets the maximum number of atoms the virtual machine can handle.
#+t 1048576
## Set the location of crash dumps
#-env ERL_CRASH_DUMP {{ platform_log_dir }}/crash.dump
## Set how many times generational garbages collections can be done without
## forcing a fullsweep collection.
-env ERL_FULLSWEEP_AFTER 1000
## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
## (Disabled by default..use with caution!)
#-heart
## Specify the erlang distributed protocol.
## Can be one of: inet_tcp, inet6_tcp, inet_tls
#-proto_dist inet_tcp
## Specify SSL Options in the file if using SSL for Erlang Distribution.
## Used only when -proto_dist set to inet_tls
#-ssl_dist_optfile {{ platform_etc_dir }}/ssl_dist.conf
## Specifies the net_kernel tick time in seconds.
## This is the approximate time a connected node may be unresponsive until
## it is considered down and thereby disconnected.
-kernel net_ticktime 120
## Sets the distribution buffer busy limit (dist_buf_busy_limit).
#+zdbbl 8192
## Sets default scheduler hint for port parallelism.
+spp true
## Sets the number of threads in async thread pool. Valid range is 0-1024.
## Increase the parameter if there are many simultaneous file I/O operations.
+A 4
## Sets the default heap size of processes to the size Size.
#+hms 233
## Sets the default binary virtual heap size of processes to the size Size.
#+hmbs 46422
## Sets the default maximum heap size of processes to the size Size.
## Defaults to 0, which means that no maximum heap size is used.
##For more information, see process_flag(max_heap_size, MaxHeapSize).
#+hmax 0
## Sets the default value for process flag message_queue_data. Defaults to on_heap.
#+hmqd on_heap | off_heap
## Sets the number of IO pollsets to use when polling for I/O.
#+IOp 1
## Sets the number of IO poll threads to use when polling for I/O.
## Increase this for the busy systems with many concurrent connection.
+IOt 4
## Sets the number of scheduler threads to create and scheduler threads to set online.
#+S 8:8
## Sets the number of dirty CPU scheduler threads to create and dirty CPU scheduler threads to set online.
#+SDcpu 8:8
## Sets the number of dirty I/O scheduler threads to create.
+SDio 8
## Suggested stack size, in kilowords, for scheduler threads.
#+sss 32
## Suggested stack size, in kilowords, for dirty CPU scheduler threads.
#+sssdcpu 40
## Suggested stack size, in kilowords, for dirty IO scheduler threads.
#+sssdio 40
## Sets scheduler bind type.
## Can be one of: u, ns, ts, ps, s, nnts, nnps, tnnps, db
#+sbt db
## Sets a user-defined CPU topology.
#+sct L0-3c0-3p0N0:L4-7c0-3p1N1
## Sets the mapping of warning messages for error_logger
#+W w
## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp
#+C no_time_warp
## Prevents loading information about source filenames and line numbers.
#+L
## Specifies how long time (in milliseconds) to spend shutting down the system.
## See: http://erlang.org/doc/man/erl.html
-shutdown_time 30000

114
etc/vm.args.edge
View File

@ -1,114 +0,0 @@
######################################################################
## Erlang VM Args for EMQ X Edge
######################################################################
## NOTE:
##
## Arguments configured in this file might be overridden by configs from `emqx.conf`.
##
## Some basic VM arguments are to be configured in `emqx.conf`,
## such as `node.name` for `-name` and `node.cooke` for `-setcookie`.
## Sets the maximum number of simultaneously existing processes for this system.
+P 16384
## Sets the maximum number of simultaneously existing ports for this system.
+Q 4096
## Sets the maximum number of ETS tables
+e 512
## Sets the maximum number of atoms the virtual machine can handle.
+t 262144
## Set the location of crash dumps
-env ERL_CRASH_DUMP {{ platform_log_dir }}/crash.dump
## Set how many times generational garbages collections can be done without
## forcing a fullsweep collection.
-env ERL_FULLSWEEP_AFTER 0
## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
## (Disabled by default..use with caution!)
-heart
## Specify the erlang distributed protocol.
## Can be one of: inet_tcp, inet6_tcp, inet_tls
#-proto_dist inet_tcp
## Specify SSL Options in the file if using SSL for Erlang Distribution.
## Used only when -proto_dist set to inet_tls
#-ssl_dist_optfile {{ platform_etc_dir }}/ssl_dist.conf
## Specifies the net_kernel tick time in seconds.
## This is the approximate time a connected node may be unresponsive until
## it is considered down and thereby disconnected.
#-kernel net_ticktime 60
## Sets the distribution buffer busy limit (dist_buf_busy_limit).
+zdbbl 1024
## Sets default scheduler hint for port parallelism.
+spp false
## Sets the number of threads in async thread pool. Valid range is 0-1024.
## Increase the parameter if there are many simultaneous file I/O operations.
+A 1
## Sets the default heap size of processes to the size Size.
#+hms 233
## Sets the default binary virtual heap size of processes to the size Size.
#+hmbs 46422
## Sets the default maximum heap size of processes to the size Size.
## Defaults to 0, which means that no maximum heap size is used.
##For more information, see process_flag(max_heap_size, MaxHeapSize).
#+hmax 0
## Sets the default value for process flag message_queue_data. Defaults to on_heap.
#+hmqd on_heap | off_heap
## Sets the number of IO pollsets to use when polling for I/O.
+IOp 1
## Sets the number of IO poll threads to use when polling for I/O.
+IOt 1
## Sets the number of scheduler threads to create and scheduler threads to set online.
+S 1:1
## Sets the number of dirty CPU scheduler threads to create and dirty CPU scheduler threads to set online.
+SDcpu 1:1
## Sets the number of dirty I/O scheduler threads to create.
+SDio 1
## Suggested stack size, in kilowords, for scheduler threads.
#+sss 32
## Suggested stack size, in kilowords, for dirty CPU scheduler threads.
#+sssdcpu 40
## Suggested stack size, in kilowords, for dirty IO scheduler threads.
#+sssdio 40
## Sets scheduler bind type.
## Can be one of: u, ns, ts, ps, s, nnts, nnps, tnnps, db
#+sbt db
## Sets a user-defined CPU topology.
#+sct L0-3c0-3p0N0:L4-7c0-3p1N1
## Sets the mapping of warning messages for error_logger
#+W w
## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp
#+C no_time_warp
## Prevents loading information about source filenames and line numbers.
+L
## Specifies how long time (in milliseconds) to spend shutting down the system.
## See: http://erlang.org/doc/man/erl.html
-shutdown_time 10000