##-------------------------------------------------------------------- ## MySQL Auth/ACL Plugin ##-------------------------------------------------------------------- ## MySQL server address. ## ## Value: Port | IP:Port ## ## Examples: 3306, 127.0.0.1:3306, localhost:3306 auth.mysql.server = 127.0.0.1:3306 ## MySQL pool size. ## ## Value: Number auth.mysql.pool = 8 ## MySQL username. ## ## Value: String #auth.mysql.username = ## MySQL password. ## ## Value: String #auth.mysql.password = ## MySQL database. ## ## Value: String auth.mysql.database = mqtt ## MySQL query timeout ## ## Value: Duration ## auth.mysql.query_timeout = 5s ## Variables: %u = username, %c = clientid ## Authentication query. ## ## Note that column names should be 'password' and 'salt' (if used). ## In case column names differ in your DB - please use aliases, ## e.g. "my_column_name as password". ## ## Value: SQL ## ## Variables: ## - %u: username ## - %c: clientid ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1 ## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1 ## Password hash. ## ## Value: plain | md5 | sha | sha256 | bcrypt auth.mysql.password_hash = sha256 ## sha256 with salt prefix ## auth.mysql.password_hash = salt,sha256 ## bcrypt with salt only prefix ## auth.mysql.password_hash = salt,bcrypt ## sha256 with salt suffix ## auth.mysql.password_hash = sha256,salt ## pbkdf2 with macfun iterations dklen ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512 ## auth.mysql.password_hash = pbkdf2,sha256,1000,20 ## Superuser query. ## ## Value: SQL ## ## Variables: ## - %u: username ## - %c: clientid ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert ## auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1 ## ACL query. ## ## Value: SQL ## ## Variables: ## - %a: ipaddr ## - %u: username ## - %c: clientid ## ## Note: You can add the 'ORDER BY' statement to control the rules match order auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c' ## Mysql ssl configuration. ## ## Value: on | off #auth.mysql.ssl = off ## CA certificate. ## ## Value: File #auth.mysql.ssl.cacertfile = /path/to/ca.pem ## Client ssl certificate. ## ## Value: File #auth.mysql.ssl.certfile = /path/to/your/clientcert.pem ## Client ssl keyfile. ## ## Value: File #auth.mysql.ssl.keyfile = /path/to/your/clientkey.pem ## In mode verify_none the default behavior is to allow all x509-path ## validation errors. ## ## Value: true | false #auth.mysql.ssl.verify = false ## If not specified, the server's names returned in server's certificate is validated against ## what's provided `auth.mysql.server` config's host part. ## Setting to 'disable' will make EMQ X ignore unmatched server names. ## If set with a host name, the server's names returned in server's certificate is validated ## against this value. ## ## Value: String | disable ## auth.mysql.ssl.server_name_indication = disable