##-------------------------------------------------------------------- ## LwM2M Gateway ##-------------------------------------------------------------------- ##-------------------------------------------------------------------- ## Protocols # To Limit the range of lifetime, in seconds lwm2m.lifetime_min = 1s lwm2m.lifetime_max = 86400s # The time window for Q Mode, indicating that after how long time # the downlink commands sent to the client will be cached. #lwm2m.qmode_time_window = 22 # Auto send observer command to device. It can be configured as an OjbectList # so that emqx will automatically observe the objects in this list. # # For examples: "/3/0,/3/0/1,/32976" # # Value: off | on | String #lwm2m.auto_observe = off # The topic subscribed by the lwm2m client after it is connected # Placeholders supported: # '%e': Endpoint Name # '%a': IP Address lwm2m.mountpoint = lwm2m/%e/ # The topic subscribed by the lwm2m client after it is connected # Placeholders supported: # '%e': Endpoint Name # '%a': IP Address lwm2m.topics.command = dn/# # The topic to which the lwm2m client's response is published lwm2m.topics.response = up/resp # The topic to which the lwm2m client's notify message is published lwm2m.topics.notify = up/notify # The topic to which the lwm2m client's register message is published lwm2m.topics.register = up/resp # The topic to which the lwm2m client's update message is published lwm2m.topics.update = up/resp # When publish the update message. # # Can be one of: # - contains_object_list: only if the update message contains object list # - always: always publish the update message # # Defaults to contains_object_list #lwm2m.update_msg_publish_condition = contains_object_list # Dir where the object definition files can be found lwm2m.xml_dir = {{ platform_etc_dir }}/lwm2m_xml ##-------------------------------------------------------------------- ## UDP Listener options ## The IP and port of the LwM2M Gateway ## ## Default: 0.0.0.0:5683 ## Examples: ## lwm2m.bind.udp.x = 0.0.0.0:5683 | :::5683 | 127.0.0.1:5683 | ::1:5683 lwm2m.bind.udp.1 = 0.0.0.0:5683 #lwm2m.bind.udp.2 = 0.0.0.0:6683 ## Socket options, used for performance tuning ## ## Examples: ## lwm2m.opts.$name = $value ## See: https://erlang.org/doc/man/gen_udp.html#type-option lwm2m.opts.buffer = 1024KB lwm2m.opts.recbuf = 1024KB lwm2m.opts.sndbuf = 1024KB lwm2m.opts.read_packets = 20 ##-------------------------------------------------------------------- ## DTLS Listener Options ## The DTLS port that LwM2M is listening on. ## ## Default: 0.0.0.0:5684 ## ## Examples: ## lwm2m.bind.dtls.x = 0.0.0.0:5684 | :::5684 | 127.0.0.1:5684 | ::1:5684 ## lwm2m.bind.dtls.1 = 0.0.0.0:5684 #lwm2m.bind.dtls.2 = 0.0.0.0:6684 ## A server only does x509-path validation in mode verify_peer, ## as it then sends a certificate request to the client (this ## message is not sent if the verify option is verify_none). ## You can then also want to specify option fail_if_no_peer_cert. ## More information at: http://erlang.org/doc/man/ssl.html ## ## Value: verify_peer | verify_none #lwm2m.dtls.verify = verify_peer ## Private key file for DTLS ## ## Value: File lwm2m.dtls.keyfile = {{ platform_etc_dir }}/certs/key.pem ## Server certificate for DTLS. ## ## Value: File lwm2m.dtls.certfile = {{ platform_etc_dir }}/certs/cert.pem ## PEM-encoded CA certificates for DTLS ## ## Value: File #lwm2m.dtls.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem ## Used together with {verify, verify_peer} by an SSL server. If set to true, ## the server fails if the client does not have a certificate to send, that is, ## sends an empty certificate. ## ## Value: true | false #lwm2m.dtls.fail_if_no_peer_cert = false ## This is the single most important configuration option of an Erlang SSL ## application. Ciphers (and their ordering) define the way the client and ## server encrypt information over the wire, from the initial Diffie-Helman ## key exchange, the session key encryption ## algorithm and the message ## digest algorithm. Selecting a good cipher suite is critical for the ## application’s data security, confidentiality and performance. ## ## The cipher list above offers: ## ## A good balance between compatibility with older browsers. ## It can get stricter for Machine-To-Machine scenarios. ## Perfect Forward Secrecy. ## No old/insecure encryption and HMAC algorithms ## ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers lwm2m.dtls.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA ## Ciphers for TLS PSK. ## ## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot ## be configured at the same time. ## See 'https://tools.ietf.org/html/rfc4279#section-2'. #lwm2m.dtls.psk_ciphers = RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA