## Dashboard on HTTPS
##
## Configure HTTPS for EMQX dashboard

dashboard {
    ## JWT token expiration time
    token_expired_time = 60m

    ## Support Cross-Origin Resource Sharing (CORS)
    cors = false

    listeners.https {

        ## Port or Address to listen on, 0 means disable
        bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084

        ## Socket acceptor pool size for TCP protocols
        num_acceptors = 8

        ## Maximum number of simultaneous connections
        max_connections = 512

        ## Defines the maximum length that the queue of pending connections can grow to
        backlog = 1024

        ## Send timeout for the socket
        send_timeout = 10s

        ## Enable IPv6 support, default is false, which means IPv4 only
        inet6 = false

        ## Disable IPv4-to-IPv6 mapping for the listener
        ipv6_v6only = false

        ## Enable support for `HAProxy` header
        proxy_header = false

        ## Trusted PEM format CA certificates bundle file
        cacertfile = "data/certs/cacert.pem"

        ## PEM format certificates chain file
        certfile = "data/certs/cert.pem"

        ## PEM format private key file
        keyfile = "data/certs/key.pem"

        ## Enable or disable peer verification
        verify = verify_none  ## use verify_peer to enable

        ## Enable TLS session reuse
        reuse_sessions = true

        ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
        depth = 10

        ## Which versions are to be supported
        versions = [tlsv1.3, tlsv1.2]

        ## TLS cipher suite names
        ## Note: By default, all available suites are supported, you do not need to set this
        ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]

        ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
        secure_renegotiate = true

        ## Log level for SSL communication
        ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
        log_level = notice

        ## Hibernate the SSL process after idling for amount of time reducing its memory footprint
        hibernate_after = 5s

        ## Forces the cipher to be set based on the server-specified order instead of the client-specified order
        honor_cipher_order = true

        ##  Setting this to false to disable client-initiated renegotiation
        client_renegotiation = true

        ## Maximum time duration allowed for the handshake to complete
        handshake_timeout = 15s
    }
}