##--------------------------------------------------------------------
## Cluster in service discovery using 'etcd' service mode
##
## Configs to instruct how individual nodes can discover each other
##--------------------------------------------------------------------
## Note: This is an example of how to configure this feature
##       you should copy and paste the below data into the emqx.conf for working

cluster {
    ## Human-friendly name of the EMQX cluster.
    name = emqxcl

    ## Service discovery method for the cluster nodes
    discovery_strategy = etcd

    ## List of core nodes that the replicant will connect to
    core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"]

    ## If true, the node will try to heal network partitions automatically
    autoheal = true

    etcd {
      ## List of endpoint URLs of the etcd cluster
      server = "http://ur1,http://ur2"

      ## Key prefix used for EMQX service discovery
      prefix = emqxcl

      ## Expiration time of the etcd key associated with the node.
      node_ttl = 1m

      ssl_options {
          ## Trusted PEM format CA certificates bundle file
          cacertfile = "data/certs/cacert.pem"

          ## PEM format certificates chain file
          certfile = "data/certs/cert.pem"

          ## PEM format private key file
          keyfile = "data/certs/key.pem"

          ## Enable or disable peer verification
          verify = verify_none ## use verify_peer to enable

          ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send
          fail_if_no_peer_cert = false

          ## Enable TLS session reuse
          reuse_sessions = true

          ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
          depth = 10

          ## Which versions are to be supported
          versions = [tlsv1.3, tlsv1.2]

          ## TLS cipher suite names
          ## Note: By default, all available suites are supported, you do not need to set this
          ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]

          ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
          secure_renegotiate = true

          ## Log level for SSL communication
          ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
          log_level = notice

          ## Hibernate the SSL process after idling for amount of time reducing its memory footprint
          hibernate_after = 5s

          ## Forces the cipher to be set based on the server-specified order instead of the client-specified order
           honor_cipher_order = true

          ##  Setting this to false to disable client-initiated renegotiation
           client_renegotiation = true

          ## Maximum time duration allowed for the handshake to complete
           handshake_timeout = 15s
      }
    }
}