131 lines
3.0 KiB
Plaintext
131 lines
3.0 KiB
Plaintext
##--------------------------------------------------------------------
|
|
## Redis Auth/ACL Plugin
|
|
##--------------------------------------------------------------------
|
|
## Redis Server cluster type
|
|
## single Single redis server
|
|
## sentinel Redis cluster through sentinel
|
|
## cluster Redis through cluster
|
|
auth.redis.type = single
|
|
|
|
## Redis server address.
|
|
##
|
|
## Value: Port | IP:Port
|
|
##
|
|
## Single Redis Server: 127.0.0.1:6379, localhost:6379
|
|
## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
|
|
## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379
|
|
auth.redis.server = 127.0.0.1:6379
|
|
|
|
## Redis sentinel cluster name.
|
|
##
|
|
## Value: String
|
|
## auth.redis.sentinel = mymaster
|
|
|
|
## Redis pool size.
|
|
##
|
|
## Value: Number
|
|
auth.redis.pool = 8
|
|
|
|
## Redis database no.
|
|
##
|
|
## Value: Number
|
|
auth.redis.database = 0
|
|
|
|
## Redis password.
|
|
##
|
|
## Value: String
|
|
## auth.redis.password =
|
|
|
|
## Redis query timeout
|
|
##
|
|
## Value: Duration
|
|
## auth.redis.query_timeout = 5s
|
|
|
|
## Authentication query command.
|
|
##
|
|
## Value: Redis cmd
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
##
|
|
## Examples:
|
|
## - HGET mqtt_user:%u password
|
|
## - HMGET mqtt_user:%u password
|
|
## - HMGET mqtt_user:%u password salt
|
|
auth.redis.auth_cmd = HMGET mqtt_user:%u password
|
|
|
|
## Password hash.
|
|
##
|
|
## Value: plain | md5 | sha | sha256 | bcrypt
|
|
auth.redis.password_hash = plain
|
|
|
|
## sha256 with salt prefix
|
|
## auth.redis.password_hash = salt,sha256
|
|
|
|
## sha256 with salt suffix
|
|
## auth.redis.password_hash = sha256,salt
|
|
|
|
## bcrypt with salt prefix
|
|
## auth.redis.password_hash = salt,bcrypt
|
|
|
|
## pbkdf2 with macfun iterations dklen
|
|
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
|
|
## auth.redis.password_hash = pbkdf2,sha256,1000,20
|
|
|
|
## Superuser query command.
|
|
##
|
|
## Value: Redis cmd
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
|
|
|
|
## ACL query command.
|
|
##
|
|
## Value: Redis cmd
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
auth.redis.acl_cmd = HGETALL mqtt_acl:%u
|
|
|
|
## Redis ssl configuration.
|
|
##
|
|
## Value: on | off
|
|
#auth.redis.ssl = off
|
|
|
|
## CA certificate.
|
|
##
|
|
## Value: File
|
|
#auth.redis.ssl.cacertfile = path/to/your/cafile.pem
|
|
|
|
## Client ssl certificate.
|
|
##
|
|
## Value: File
|
|
#auth.redis.ssl.certfile = path/to/your/certfile
|
|
|
|
## Client ssl keyfile.
|
|
##
|
|
## Value: File
|
|
#auth.redis.ssl.keyfile = path/to/your/keyfile
|
|
|
|
## In mode verify_none the default behavior is to allow all x509-path
|
|
## validation errors.
|
|
##
|
|
## Value: true | false
|
|
#auth.redis.ssl.verify = false
|
|
|
|
## If not specified, the server's names returned in server's certificate is validated against
|
|
## what's provided `auth.redis.server` config's host part.
|
|
## Setting to 'disable' will make EMQ X ignore unmatched server names.
|
|
## If set with a host name, the server's names returned in server's certificate is validated
|
|
## against this value.
|
|
##
|
|
## Value: String | disable
|
|
## auth.redis.ssl.server_name_indication = disable |