## Dashboard on HTTPS
##
## Configure HTTPS for EMQX dashboard

dashboard {
    ## JWT token expiration time
    token_expired_time = 60m

    ## Support Cross-Origin Resource Sharing (CORS)
    cors = false

    listeners.https {
        ## Port or Address to listen on, 0 means disable
        bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084

        ssl_options {
            ## PEM format certificates chain.
            ## Server certificate as the first one,
            ## followed by its immediate issuer certificate
            ## then the issuer's issuer certificate, and so on.
            ## Root CA certificate is optional.
            ## The path prefix (only prefix) can be an environment variable.
            certfile = "${EMQX_ETC_DIR}/certs/cert.pem"

            ## PEM format private key
            keyfile = "${EMQX_ETC_DIR}/certs/key.pem"

            ## Optional. When need to verify client certificates, list trusted client's root CA certificates in this file
            # cacertfile = "${EMQX_ETC_DIR}/certs/cacert.pem"

            ## Optional. Force client to send their certificate chain during TLS handshake.
            # fail_if_no_peer_cert = true
        }

        ## Socket acceptor pool size for TCP protocols
        num_acceptors = 8

        ## Maximum number of concurrent connections
        max_connections = 512

        ## Defines the maximum length that the queue of pending connections can grow to
        backlog = 1024

        ## Send timeout for the socket
        send_timeout = 10s

        ## Enable IPv6 support, default is false, which means IPv4 only
        inet6 = false

        ## Disable IPv4-to-IPv6 mapping for the listener
        ipv6_v6only = false

        ## Enable support for ProxyProtocol v2 header
        proxy_header = false
    }
}