##-------------------------------------------------------------------- ## Listeners ##-------------------------------------------------------------------- ##-------------------------------------------------------------------- ## MQTT/TCP - External TCP Listener for MQTT Protocol ## listener.tcp.$name is the IP address and port that the MQTT/TCP ## listener will bind. ## ## Value: IP:Port | Port ## ## Examples: 1883, 127.0.0.1:1883, ::1:1883 listener.tcp.external = 0.0.0.0:1883 ## The acceptor pool for external MQTT/TCP listener. ## ## Value: Number listener.tcp.external.acceptors = 8 ## Maximum number of concurrent MQTT/TCP connections. ## ## Value: Number listener.tcp.external.max_connections = 1024000 ## Maximum external connections per second. ## ## Value: Number listener.tcp.external.max_conn_rate = 1000 ## Specify the {active, N} option for the external MQTT/TCP Socket. ## ## Value: Number listener.tcp.external.active_n = 100 ## Zone of the external MQTT/TCP listener belonged to. ## ## See: zone.$name.* ## ## Value: String listener.tcp.external.zone = external ## The access control rules for the MQTT/TCP listener. ## ## See: https://github.com/emqtt/esockd#allowdeny ## ## Value: ACL Rule ## ## Example: allow 192.168.0.0/24 listener.tcp.external.access.1 = allow all ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed ## behind HAProxy or Nginx. ## ## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/ ## ## Value: on | off ## listener.tcp.external.proxy_protocol = on ## Sets the timeout for proxy protocol. EMQ X will close the TCP connection ## if no proxy protocol packet recevied within the timeout. ## ## Value: Duration ## listener.tcp.external.proxy_protocol_timeout = 3s ## Enable the option for X.509 certificate based authentication. ## EMQX will use the common name of certificate as MQTT username. ## ## Value: cn | dn | crt ## listener.tcp.external.peer_cert_as_username = cn ## The TCP backlog defines the maximum length that the queue of pending ## connections can grow to. ## ## Value: Number >= 0 listener.tcp.external.backlog = 1024 ## The TCP send timeout for external MQTT connections. ## ## Value: Duration listener.tcp.external.send_timeout = 15s ## Close the TCP connection if send timeout. ## ## Value: on | off listener.tcp.external.send_timeout_close = on ## The TCP receive buffer(os kernel) for MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes ## listener.tcp.external.recbuf = 2KB ## The TCP send buffer(os kernel) for MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes ## listener.tcp.external.sndbuf = 2KB ## The size of the user-level software buffer used by the driver. ## Not to be confused with options sndbuf and recbuf, which correspond ## to the Kernel socket buffers. It is recommended to have val(buffer) ## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because ## of unnecessary copying. val(buffer) is automatically set to the above ## maximum when values sndbuf or recbuf are set. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes ## listener.tcp.external.buffer = 2KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## Value: on | off ## listener.tcp.external.tune_buffer = off ## The socket is set to a busy state when the amount of data queued internally ## by the ERTS socket implementation reaches this limit. ## ## Value: on | off ## Defaults to 1MB ## listener.tcp.external.high_watermark = 1MB ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are ## sent immediately if the option is enabled. ## ## Value: true | false listener.tcp.external.nodelay = true ## The SO_REUSEADDR flag for TCP listener. ## ## Value: true | false listener.tcp.external.reuseaddr = true ##-------------------------------------------------------------------- ## Internal TCP Listener for MQTT Protocol ## The IP address and port that the internal MQTT/TCP protocol listener ## will bind. ## ## Value: IP:Port, Port ## ## Examples: 11883, 127.0.0.1:11883, ::1:11883 listener.tcp.internal = 127.0.0.1:11883 ## The acceptor pool for internal MQTT/TCP listener. ## ## Value: Number listener.tcp.internal.acceptors = 4 ## Maximum number of concurrent MQTT/TCP connections. ## ## Value: Number listener.tcp.internal.max_connections = 1024000 ## Maximum internal connections per second. ## ## Value: Number listener.tcp.internal.max_conn_rate = 1000 ## Specify the {active, N} option for the internal MQTT/TCP Socket. ## ## Value: Number listener.tcp.internal.active_n = 1000 ## Zone of the internal MQTT/TCP listener belonged to. ## ## Value: String listener.tcp.internal.zone = internal ## The TCP backlog of internal MQTT/TCP Listener. ## ## See: listener.tcp.$name.backlog ## ## Value: Number >= 0 listener.tcp.internal.backlog = 512 ## The TCP send timeout for internal MQTT connections. ## ## See: listener.tcp.$name.send_timeout ## ## Value: Duration listener.tcp.internal.send_timeout = 5s ## Close the MQTT/TCP connection if send timeout. ## ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off listener.tcp.internal.send_timeout_close = on ## The TCP receive buffer(os kernel) for internal MQTT connections. ## ## See: listener.tcp.$name.recbuf ## ## Value: Bytes listener.tcp.internal.recbuf = 64KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: http://erlang.org/doc/man/inet.html ## ## Value: Bytes listener.tcp.internal.sndbuf = 64KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp.$name.buffer ## ## Value: Bytes ## listener.tcp.internal.buffer = 16KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.tcp.$name.tune_buffer ## ## Value: on | off ## listener.tcp.internal.tune_buffer = off ## The TCP_NODELAY flag for internal MQTT connections. ## ## See: listener.tcp.$name.nodelay ## ## Value: true | false listener.tcp.internal.nodelay = false ## The SO_REUSEADDR flag for MQTT/TCP Listener. ## ## Value: true | false listener.tcp.internal.reuseaddr = true ##-------------------------------------------------------------------- ## MQTT/SSL - External SSL Listener for MQTT Protocol ## listener.ssl.$name is the IP address and port that the MQTT/SSL ## listener will bind. ## ## Value: IP:Port | Port ## ## Examples: 8883, 127.0.0.1:8883, ::1:8883 listener.ssl.external = 8883 ## The acceptor pool for external MQTT/SSL listener. ## ## Value: Number listener.ssl.external.acceptors = 16 ## Maximum number of concurrent MQTT/SSL connections. ## ## Value: Number listener.ssl.external.max_connections = 102400 ## Maximum MQTT/SSL connections per second. ## ## Value: Number listener.ssl.external.max_conn_rate = 500 ## Specify the {active, N} option for the internal MQTT/SSL Socket. ## ## Value: Number listener.ssl.external.active_n = 100 ## Zone of the external MQTT/SSL listener belonged to. ## ## Value: String listener.ssl.external.zone = external ## The access control rules for the MQTT/SSL listener. ## ## See: listener.tcp.$name.access ## ## Value: ACL Rule listener.ssl.external.access.1 = allow all ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind ## HAProxy or Nginx. ## ## See: listener.tcp.$name.proxy_protocol ## ## Value: on | off ## listener.ssl.external.proxy_protocol = on ## Sets the timeout for proxy protocol. ## ## See: listener.tcp.$name.proxy_protocol_timeout ## ## Value: Duration ## listener.ssl.external.proxy_protocol_timeout = 3s ## TLS versions only to protect from POODLE attack. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: String, seperated by ',' ## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 ## TLS Handshake timeout. ## ## Value: Duration listener.ssl.external.handshake_timeout = 15s ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path. ## ## Value: Number ## listener.ssl.external.depth = 10 ## Path to the file containing the user's private PEM-encoded key. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem ## Path to a file containing the user certificate. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: File listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Path to the file containing PEM-encoded CA certificates. The CA certificates ## are used during server authentication and when building the client certificate chain. ## ## Value: File ## listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem ## The Ephemeral Diffie-Helman key exchange is a very effective way of ## ensuring Forward Secrecy by exchanging a set of keys that never hit ## the wire. Since the DH key is effectively signed by the private key, ## it needs to be at least as strong as the private key. In addition, ## the default DH groups that most of the OpenSSL installations have ## are only a handful (since they are distributed with the OpenSSL ## package that has been built for the operating system it’s running on) ## and hence predictable (not to mention, 1024 bits only). ## In order to escape this situation, first we need to generate a fresh, ## strong DH group, store it in a file and then use the option above, ## to force our SSL application to use the new DH group. Fortunately, ## OpenSSL provides us with a tool to do that. Simply run: ## openssl dhparam -out dh-params.pem 2048 ## ## Value: File ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this ## message is not sent if the verify option is verify_none). ## You can then also want to specify option fail_if_no_peer_cert. ## More information at: http://erlang.org/doc/man/ssl.html ## ## Value: verify_peer | verify_none ## listener.ssl.external.verify = verify_peer ## Used together with {verify, verify_peer} by an SSL server. If set to true, ## the server fails if the client does not have a certificate to send, that is, ## sends an empty certificate. ## ## Value: true | false ## listener.ssl.external.fail_if_no_peer_cert = true ## This is the single most important configuration option of an Erlang SSL ## application. Ciphers (and their ordering) define the way the client and ## server encrypt information over the wire, from the initial Diffie-Helman ## key exchange, the session key encryption ## algorithm and the message ## digest algorithm. Selecting a good cipher suite is critical for the ## application’s data security, confidentiality and performance. ## ## The cipher list above offers: ## ## A good balance between compatibility with older browsers. ## It can get stricter for Machine-To-Machine scenarios. ## Perfect Forward Secrecy. ## No old/insecure encryption and HMAC algorithms ## ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA ## Ciphers for TLS PSK. ## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. #listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA ## SSL parameter renegotiation is a feature that allows a client and a server ## to renegotiate the parameters of the SSL connection on the fly. ## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, ## you drop support for the insecure renegotiation, prone to MitM attacks. ## ## Value: on | off ## listener.ssl.external.secure_renegotiate = off ## A performance optimization setting, it allows clients to reuse ## pre-existing sessions, instead of initializing new ones. ## Read more about it here. ## ## See: http://erlang.org/doc/man/ssl.html ## ## Value: on | off ## listener.ssl.external.reuse_sessions = on ## An important security setting, it forces the cipher to be set based ## on the server-specified order instead of the client-specified order, ## hence enforcing the (usually more properly configured) security ## ordering of the server administrator. ## ## Value: on | off ## listener.ssl.external.honor_cipher_order = on ## Use the CN, DN or CRT field from the client certificate as a username. ## Notice that 'verify' should be set as 'verify_peer'. ## ## Value: cn | dn | crt ## listener.ssl.external.peer_cert_as_username = cn ## TCP backlog for the SSL connection. ## ## See listener.tcp.$name.backlog ## ## Value: Number >= 0 ## listener.ssl.external.backlog = 1024 ## The TCP send timeout for the SSL connection. ## ## See listener.tcp.$name.send_timeout ## ## Value: Duration ## listener.ssl.external.send_timeout = 15s ## Close the SSL connection if send timeout. ## ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off ## listener.ssl.external.send_timeout_close = on ## The TCP receive buffer(os kernel) for the SSL connections. ## ## See: listener.tcp.$name.recbuf ## ## Value: Bytes ## listener.ssl.external.recbuf = 4KB ## The TCP send buffer(os kernel) for internal MQTT connections. ## ## See: listener.tcp.$name.sndbuf ## ## Value: Bytes ## listener.ssl.external.sndbuf = 4KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp.$name.buffer ## ## Value: Bytes ## listener.ssl.external.buffer = 4KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.tcp.$name.tune_buffer ## ## Value: on | off ## listener.ssl.external.tune_buffer = off ## The TCP_NODELAY flag for SSL connections. ## ## See: listener.tcp.$name.nodelay ## ## Value: true | false ## listener.ssl.external.nodelay = true ## The SO_REUSEADDR flag for MQTT/SSL Listener. ## ## Value: true | false listener.ssl.external.reuseaddr = true ##-------------------------------------------------------------------- ## External WebSocket listener for MQTT protocol ## listener.ws.$name is the IP address and port that the MQTT/WebSocket ## listener will bind. ## ## Value: IP:Port | Port ## ## Examples: 8083, 127.0.0.1:8083, ::1:8083 listener.ws.external = 8083 ## The path of WebSocket MQTT endpoint ## ## Value: URL Path listener.ws.external.mqtt_path = /mqtt ## The acceptor pool for external MQTT/WebSocket listener. ## ## Value: Number listener.ws.external.acceptors = 4 ## Maximum number of concurrent MQTT/WebSocket connections. ## ## Value: Number listener.ws.external.max_connections = 102400 ## Maximum MQTT/WebSocket connections per second. ## ## Value: Number listener.ws.external.max_conn_rate = 1000 ## Simulate the {active, N} option for the MQTT/WebSocket connections. ## ## Value: Number listener.ws.external.active_n = 100 ## Zone of the external MQTT/WebSocket listener belonged to. ## ## Value: String listener.ws.external.zone = external ## The access control for the MQTT/WebSocket listener. ## ## See: listener.ws.$name.access ## ## Value: ACL Rule listener.ws.external.access.1 = allow all ## Verify if the protocol header is valid. Turn off for WeChat MiniApp. ## ## Value: on | off listener.ws.external.verify_protocol_header = on ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind ## HAProxy or Nginx. ## ## See: listener.ws.$name.proxy_protocol ## ## Value: on | off ## listener.ws.external.proxy_protocol = on ## Sets the timeout for proxy protocol. ## ## See: listener.ws.$name.proxy_protocol_timeout ## ## Value: Duration ## listener.ws.external.proxy_protocol_timeout = 3s ## See: listener.ssl.$name.peer_cert_as_username ## ## Value: cn ## listener.ws.external.peer_cert_as_username = cn ## See: listener.ssl.$name.peer_cert_as_clientid ## ## Value: cn ## listener.ws.external.peer_cert_as_clientid = cn ## The TCP backlog of external MQTT/WebSocket Listener. ## ## See: listener.ws.$name.backlog ## ## Value: Number >= 0 listener.ws.external.backlog = 1024 ## The TCP send timeout for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.send_timeout ## ## Value: Duration listener.ws.external.send_timeout = 15s ## Close the MQTT/WebSocket connection if send timeout. ## ## See: listener.ws.$name.send_timeout_close ## ## Value: on | off listener.ws.external.send_timeout_close = on ## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.recbuf ## ## Value: Bytes ## listener.ws.external.recbuf = 2KB ## The TCP send buffer(os kernel) for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.sndbuf ## ## Value: Bytes ## listener.ws.external.sndbuf = 2KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.ws.$name.buffer ## ## Value: Bytes ## listener.ws.external.buffer = 2KB ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. ## ## See: listener.ws.$name.tune_buffer ## ## Value: on | off ## listener.ws.external.tune_buffer = off ## The TCP_NODELAY flag for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.nodelay ## ## Value: true | false listener.ws.external.nodelay = true ## The compress flag for external MQTT/WebSocket connections. ## ## If this Value is set true,the websocket message would be compressed ## ## Value: true | false ## listener.ws.external.compress = true ## The level of deflate options for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.level ## ## Value: none | default | best_compression | best_speed ## listener.ws.external.deflate_opts.level = default ## The mem_level of deflate options for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.mem_level ## ## Valid range is 1-9 ## listener.ws.external.deflate_opts.mem_level = 8 ## The strategy of deflate options for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.strategy ## ## Value: default | filtered | huffman_only | rle ## listener.ws.external.deflate_opts.strategy = default ## The deflate option for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.server_context_takeover ## ## Value: takeover | no_takeover ## listener.ws.external.deflate_opts.server_context_takeover = takeover ## The deflate option for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.client_context_takeover ## ## Value: takeover | no_takeover ## listener.ws.external.deflate_opts.client_context_takeover = takeover ## The deflate options for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.server_max_window_bits ## ## Valid range is 8-15 ## listener.ws.external.deflate_opts.server_max_window_bits = 15 ## The deflate options for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.deflate_opts.client_max_window_bits ## ## Valid range is 8-15 ## listener.ws.external.deflate_opts.client_max_window_bits = 15 ## The idle timeout for external MQTT/WebSocket connections. ## ## See: listener.ws.$name.idle_timeout ## ## Value: Duration ## listener.ws.external.idle_timeout = 60s ## The max frame size for external MQTT/WebSocket connections. ## ## ## Value: Number ## listener.ws.external.max_frame_size = 0 ## Whether a WebSocket message is allowed to contain multiple MQTT packets ## ## Value: single | multiple listener.ws.external.mqtt_piggyback = multiple ##-------------------------------------------------------------------- ## External WebSocket/SSL listener for MQTT Protocol ## listener.wss.$name is the IP address and port that the MQTT/WebSocket/SSL ## listener will bind. ## ## Value: IP:Port | Port ## ## Examples: 8084, 127.0.0.1:8084, ::1:8084 listener.wss.external = 8084 ## The path of WebSocket MQTT endpoint ## ## Value: URL Path listener.wss.external.mqtt_path = /mqtt ## The acceptor pool for external MQTT/WebSocket/SSL listener. ## ## Value: Number listener.wss.external.acceptors = 4 ## Maximum number of concurrent MQTT/Webwocket/SSL connections. ## ## Value: Number listener.wss.external.max_connections = 16 ## Maximum MQTT/WebSocket/SSL connections per second. ## ## See: listener.tcp.$name.max_conn_rate ## ## Value: Number listener.wss.external.max_conn_rate = 1000 ## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections. ## ## Value: Number listener.wss.external.active_n = 100 ## Zone of the external MQTT/WebSocket/SSL listener belonged to. ## ## Value: String listener.wss.external.zone = external ## The access control rules for the MQTT/WebSocket/SSL listener. ## ## See: listener.tcp.$name.access. ## ## Value: ACL Rule listener.wss.external.access.1 = allow all ## See: listener.ws.external.verify_protocol_header ## ## Value: on | off listener.wss.external.verify_protocol_header = on ## Enable the Proxy Protocol V1/2 support. ## ## See: listener.tcp.$name.proxy_protocol ## ## Value: on | off ## listener.wss.external.proxy_protocol = on ## Sets the timeout for proxy protocol. ## ## See: listener.tcp.$name.proxy_protocol_timeout ## ## Value: Duration ## listener.wss.external.proxy_protocol_timeout = 3s ## TLS versions only to protect from POODLE attack. ## ## See: listener.ssl.$name.tls_versions ## ## Value: String, seperated by ',' ## listener.wss.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 ## Path to the file containing the user's private PEM-encoded key. ## ## See: listener.ssl.$name.keyfile ## ## Value: File listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem ## Path to a file containing the user certificate. ## ## See: listener.ssl.$name.certfile ## ## Value: File listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Path to the file containing PEM-encoded CA certificates. ## ## See: listener.ssl.$name.cacert ## ## Value: File ## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem ## See: listener.ssl.$name.dhfile ## ## Value: File ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem ## See: listener.ssl.$name.vefify ## ## Value: vefify_peer | verify_none ## listener.wss.external.verify = verify_peer ## See: listener.ssl.$name.fail_if_no_peer_cert ## ## Value: false | true ## listener.wss.external.fail_if_no_peer_cert = true ## See: listener.ssl.$name.ciphers ## ## Value: Ciphers listener.wss.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA ## Ciphers for TLS PSK. ## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. ## listener.wss.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA ## See: listener.ssl.$name.secure_renegotiate ## ## Value: on | off ## listener.wss.external.secure_renegotiate = off ## See: listener.ssl.$name.reuse_sessions ## ## Value: on | off ## listener.wss.external.reuse_sessions = on ## See: listener.ssl.$name.honor_cipher_order ## ## Value: on | off ## listener.wss.external.honor_cipher_order = on ## See: listener.ssl.$name.peer_cert_as_username ## ## Value: cn | dn | crt ## listener.wss.external.peer_cert_as_username = cn ## TCP backlog for the WebSocket/SSL connection. ## ## See: listener.tcp.$name.backlog ## ## Value: Number >= 0 listener.wss.external.backlog = 1024 ## The TCP send timeout for the WebSocket/SSL connection. ## ## See: listener.tcp.$name.send_timeout ## ## Value: Duration listener.wss.external.send_timeout = 15s ## Close the WebSocket/SSL connection if send timeout. ## ## See: listener.tcp.$name.send_timeout_close ## ## Value: on | off listener.wss.external.send_timeout_close = on ## The TCP receive buffer(os kernel) for the WebSocket/SSL connections. ## ## See: listener.tcp.$name.recbuf ## ## Value: Bytes ## listener.wss.external.recbuf = 4KB ## The TCP send buffer(os kernel) for the WebSocket/SSL connections. ## ## See: listener.tcp.$name.sndbuf ## ## Value: Bytes ## listener.wss.external.sndbuf = 4KB ## The size of the user-level software buffer used by the driver. ## ## See: listener.tcp.$name.buffer ## ## Value: Bytes ## listener.wss.external.buffer = 4KB ## The TCP_NODELAY flag for WebSocket/SSL connections. ## ## See: listener.tcp.$name.nodelay ## ## Value: true | false ## listener.wss.external.nodelay = true ## The compress flag for external WebSocket/SSL connections. ## ## If this Value is set true,the websocket message would be compressed ## ## Value: true | false ## listener.wss.external.compress = true ## The level of deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.level ## ## Value: none | default | best_compression | best_speed ## listener.wss.external.deflate_opts.level = default ## The mem_level of deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.mem_level ## ## Valid range is 1-9 ## listener.wss.external.deflate_opts.mem_level = 8 ## The strategy of deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.strategy ## ## Value: default | filtered | huffman_only | rle ## listener.wss.external.deflate_opts.strategy = default ## The deflate option for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.server_context_takeover ## ## Value: takeover | no_takeover ## listener.wss.external.deflate_opts.server_context_takeover = takeover ## The deflate option for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.client_context_takeover ## ## Value: takeover | no_takeover ## listener.wss.external.deflate_opts.client_context_takeover = takeover ## The deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.server_max_window_bits ## ## Valid range is 8-15 ## listener.wss.external.deflate_opts.server_max_window_bits = 15 ## The deflate options for external WebSocket/SSL connections. ## ## See: listener.wss.$name.deflate_opts.client_max_window_bits ## ## Valid range is 8-15 ## listener.wss.external.deflate_opts.client_max_window_bits = 15 ## The idle timeout for external WebSocket/SSL connections. ## ## See: listener.wss.$name.idle_timeout ## ## Value: Duration ## listener.wss.external.idle_timeout = 60s ## The max frame size for external WebSocket/SSL connections. ## ## Value: Number ## listener.wss.external.max_frame_size = 0 ## Whether a WebSocket message is allowed to contain multiple MQTT packets ## ## Value: single | multiple listener.wss.external.mqtt_piggyback = multiple