##-------------------------------------------------------------------- ## LwM2M Gateway ##-------------------------------------------------------------------- ##-------------------------------------------------------------------- ## Protocols # To Limit the range of lifetime, in seconds lwm2m.lifetime_min = 1s lwm2m.lifetime_max = 86400s # The time window for Q Mode, indicating that after how long time # the downlink commands sent to the client will be cached. #lwm2m.qmode_time_window = 22 # Auto send observer command to device. It can be configured as an OjbectList # so that emqx will automatically observe the objects in this list. # # For examples: "/3/0,/3/0/1,/32976" # # Value: off | on | String #lwm2m.auto_observe = off # The topic subscribed by the lwm2m client after it is connected # Placeholders supported: # '%e': Endpoint Name # '%a': IP Address lwm2m.mountpoint = "lwm2m/%e/" # The topic subscribed by the lwm2m client after it is connected # Placeholders supported: # '%e': Endpoint Name # '%a': IP Address lwm2m.topics.command = "dn/#" # The topic to which the lwm2m client's response is published lwm2m.topics.response = "up/resp" # The topic to which the lwm2m client's notify message is published lwm2m.topics.notify = "up/notify" # The topic to which the lwm2m client's register message is published lwm2m.topics.register = "up/resp" # The topic to which the lwm2m client's update message is published lwm2m.topics.update = "up/resp" # When publish the update message. # # Can be one of: # - contains_object_list: only if the update message contains object list # - always: always publish the update message # # Defaults to contains_object_list #lwm2m.update_msg_publish_condition = contains_object_list # Dir where the object definition files can be found lwm2m.xml_dir = "{{ platform_etc_dir }}/lwm2m_xml" ##-------------------------------------------------------------------- ## UDP Listener options ## The IP and port of the LwM2M Gateway ## ## Default: "0.0.0.0:5683" ## Examples: ## lwm2m.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683" lwm2m.bind.udp.1 = "0.0.0.0:5683" #lwm2m.bind.udp.2 = "0.0.0.0:6683" ## Socket options, used for performance tuning ## ## Examples: ## lwm2m.opts.$name = $value ## See: https://erlang.org/doc/man/gen_udp.html#type-option lwm2m.opts.buffer = 1024KB lwm2m.opts.recbuf = 1024KB lwm2m.opts.sndbuf = 1024KB lwm2m.opts.read_packets = 20 ##-------------------------------------------------------------------- ## DTLS Listener Options ## The DTLS port that LwM2M is listening on. ## ## Default: "0.0.0.0:5684" ## ## Examples: ## lwm2m.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684" ## lwm2m.bind.dtls.1 = "0.0.0.0:5684" #lwm2m.bind.dtls.2 = "0.0.0.0:6684" ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this ## message is not sent if the verify option is verify_none). ## You can then also want to specify option fail_if_no_peer_cert. ## More information at: http://erlang.org/doc/man/ssl.html ## ## Value: verify_peer | verify_none #lwm2m.dtls.verify = verify_peer ## Private key file for DTLS ## ## Value: File lwm2m.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem" ## Server certificate for DTLS. ## ## Value: File lwm2m.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem" ## PEM-encoded CA certificates for DTLS ## ## Value: File #lwm2m.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" ## Used together with {verify, verify_peer} by an SSL server. If set to true, ## the server fails if the client does not have a certificate to send, that is, ## sends an empty certificate. ## ## Value: true | false #lwm2m.dtls.fail_if_no_peer_cert = false ## This is the single most important configuration option of an Erlang SSL ## application. Ciphers (and their ordering) define the way the client and ## server encrypt information over the wire, from the initial Diffie-Helman ## key exchange, the session key encryption ## algorithm and the message ## digest algorithm. Selecting a good cipher suite is critical for the ## application’s data security, confidentiality and performance. ## ## The cipher list above offers: ## ## A good balance between compatibility with older browsers. ## It can get stricter for Machine-To-Machine scenarios. ## Perfect Forward Secrecy. ## No old/insecure encryption and HMAC algorithms ## ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers lwm2m.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" ## Ciphers for TLS PSK. ## ## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. #lwm2m.dtls.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"