yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
emqx/rel/overlays/etc/emqx.conf

3065 lines
91 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## NOTE: The configurations in this file will be overridden by
## `<path-to-emqx-installation>/data/emqx_overrides.conf`
##==================================================================
## Node
##==================================================================
node {
## Node name.
## See: http://erlang.org/doc/reference_manual/distributed.html
##
## @doc node.name
## ValueType: NodeName
## Default: emqx@127.0.0.1
name = "emqx@127.0.0.1"
## Cookie for distributed node communication.
##
## @doc node.cookie
## ValueType: String
## Default: emqxsecretcookie
cookie = emqxsecretcookie
## Data dir for the node
##
## @doc node.data_dir
## ValueType: Folder
## Default: "data/"
data_dir = "data/"
## Location of crash dump file.
##
## @doc node.crash_dump_file
## ValueType: File
## Default: "log/erl_crash.dump"
crash_dump_file = "log/erl_crash.dump"
## The number of seconds that the broker is allowed to spend writing
## a crash dump
##
## @doc node.crash_dump_seconds
## ValueType: seconds
## Default: 30s
crash_dump_seconds = 30s
## The maximum size of a crash dump file in bytes.
##
## @doc node.crash_dump_bytes
## ValueType: bytes
## Default: 100MB
crash_dump_bytes = 100MB
## Global GC Interval.
##
## @doc node.global_gc_interval
## ValueType: Duration
## Default: 15m
global_gc_interval = 15m
## Sets the etc directory
etc_dir = "etc"
## Sets the net_kernel tick time in seconds.
## Notice that all communicating nodes are to have the same
## TickTime value specified.
##
## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
##
## @doc node.dist_net_ticktime
## ValueType: Number
## Default: 2m
dist_net_ticktime = 2m
## Sets the port range for the listener socket of a distributed
## Erlang node.
## Note that if there are firewalls between clustered nodes, this
## port segment for nodes communication should be allowed.
##
## See: http://www.erlang.org/doc/man/kernel_app.html
##
## @doc node.dist_listen_min
## ValueType: Integer
## Range: [1024,65535]
## Default: 6369
dist_listen_min = 6369
## Sets the port range for the listener socket of a distributed
## Erlang node.
## Note that if there are firewalls between clustered nodes, this
## port segment for nodes communication should be allowed.
##
## See: http://www.erlang.org/doc/man/kernel_app.html
##
## @doc node.dist_listen_max
## ValueType: Integer
## Range: [1024,65535]
## Default: 6369
dist_listen_max = 6369
## Sets the maximum depth of call stack back-traces in the exit
## reason element of 'EXIT' tuples.
## The flag also limits the stacktrace depth returned by
## process_info item current_stacktrace.
##
## @doc node.backtrace_depth
## ValueType: Integer
## Range: [0,1024]
## Default: 23
backtrace_depth = 23
cluster_call {
retry_interval = 1s
max_history = 100
cleanup_interval = 5m
}
}
##==================================================================
## Cluster
##==================================================================
cluster {
## Cluster name.
##
## @doc cluster.name
## ValueType: String
## Default: emqxcl
name = emqxcl
## Enable cluster autoheal from network partition.
##
## @doc cluster.autoheal
## ValueType: Boolean
## Default: true
autoheal = true
## Autoclean down node. A down node will be removed from the cluster
## if this value > 0.
##
## @doc cluster.autoclean
## ValueType: Duration
## Default: 5m
autoclean = 5m
## Node discovery strategy to join the cluster.
##
## @doc cluster.discovery_strategy
## ValueType: manual | static | mcast | dns | etcd | k8s
## - manual: Manual join command
## - static: Static node list
## - mcast: IP Multicast
## - dns: DNS A Record
## - etcd: etcd
## - k8s: Kubernetes
##
## Default: manual
discovery_strategy = manual
##----------------------------------------------------------------
## Cluster using static node list
##----------------------------------------------------------------
static {
## Node list of the cluster
##
## @doc cluster.static.seeds
## ValueType: Array<NodeName>
## Default: []
seeds = ["emqx1@127.0.0.1", "emqx2@127.0.0.1"]
}
##----------------------------------------------------------------
## Cluster using IP Multicast
##----------------------------------------------------------------
mcast {
## IP Multicast Address.
##
## @doc cluster.mcast.addr
## ValueType: IPAddress
## Default: "239.192.0.1"
addr = "239.192.0.1"
## Multicast Ports.
##
## @doc cluster.mcast.ports
## ValueType: Array<Port>
## Default: [4369, 4370]
ports = [4369, 4370]
## Multicast Iface.
##
## @doc cluster.mcast.iface
## ValueType: IPAddress
## Default: "0.0.0.0"
iface = "0.0.0.0"
## Multicast Ttl.
##
## @doc cluster.mcast.ttl
## ValueType: Integer
## Range: [0,255]
## Default: 255
ttl = 255
## Multicast loop.
##
## @doc cluster.mcast.loop
## ValueType: Boolean
## Default: true
loop = true
}
##----------------------------------------------------------------
## Cluster using DNS A records
##----------------------------------------------------------------
dns {
## DNS name.
##
## @doc cluster.dns.name
## ValueType: String
## Default: localhost
name = localhost
## The App name is used to build 'node.name' with IP address.
##
## @doc cluster.dns.app
## ValueType: String
## Default: emqx
app = emqx
}
##----------------------------------------------------------------
## Cluster using etcd
##----------------------------------------------------------------
etcd {
## Etcd server list, seperated by ','.
##
## @doc cluster.etcd.server
## ValueType: URL
## Required: true
server = "http://127.0.0.1:2379"
## The prefix helps build nodes path in etcd. Each node in the cluster
## will create a path in etcd: v2/keys/<prefix>/<name>/<node.name>
##
## @doc cluster.etcd.prefix
## ValueType: String
## Default: emqxcl
prefix = emqxcl
## The TTL for node's path in etcd.
##
## @doc cluster.etcd.node_ttl
## ValueType: Duration
## Default: 1m
node_ttl = 1m
## Path to the file containing the user's private PEM-encoded key.
##
## @doc cluster.etcd.ssl.keyfile
## ValueType: File
## Default: "etc/certs/key.pem"
ssl.keyfile = "etc/certs/key.pem"
## Path to a file containing the user certificate.
##
## @doc cluster.etcd.ssl.certfile
## ValueType: File
## Default: "etc/certs/cert.pem"
ssl.certfile = "etc/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## @doc cluster.etcd.ssl.cacertfile
## ValueType: File
## Default: "etc/certs/cacert.pem"
ssl.cacertfile = "etc/certs/cacert.pem"
}
##----------------------------------------------------------------
## Cluster using Kubernetes
##----------------------------------------------------------------
k8s {
## Kubernetes API server list, seperated by ','.
##
## @doc cluster.k8s.apiserver
## ValueType: URL
## Required: true
apiserver = "http://10.110.111.204:8080"
## The service name helps lookup EMQ nodes in the cluster.
##
## @doc cluster.k8s.service_name
## ValueType: String
## Default: emqx
service_name = emqx
## The address type is used to extract host from k8s service.
##
## @doc cluster.k8s.address_type
## ValueType: ip | dns | hostname
## Default: ip
address_type = ip
## The app name helps build 'node.name'.
##
## @doc cluster.k8s.app_name
## ValueType: String
## Default: emqx
app_name = emqx
## The suffix added to dns and hostname get from k8s service
##
## @doc cluster.k8s.suffix
## ValueType: String
## Default: "pod.local"
suffix = "pod.local"
## Kubernetes Namespace
##
## @doc cluster.k8s.namespace
## ValueType: String
## Default: default
namespace = default
}
}
##==================================================================
## Internal database
##==================================================================
db {
## Database backend
##
## @doc db.backend
## ValueType: mnesia | rlog
## Default: mnesia
backend = mnesia
## RLOG role
##
## @doc db.role
## ValueType: core | replicant
## Default: core
role = core
## Replicant core nodes
##
## @doc db.core_nodes
## ValueType: comma-separated node list
## Default: ""
core_nodes = ""
}
##==================================================================
## Log
##==================================================================
log {
##----------------------------------------------------------------
## The console log handler send log messages to emqx console
##----------------------------------------------------------------
console_handler {
## Log to single line
## @doc log.console_handler.<name>.enable
## ValueType: Boolean
## Default: false
enable = true
## The log level of this handler
## All the log messages with levels lower than this level will
## be dropped.
##
## @doc log.console_handler.<name>.level
## ValueType: debug | info | notice | warning | error | critical | alert | emergency
## Default: warning
level = debug
## Timezone offset to display in logs
##
## @doc log.console_handler.<name>.time_offset
## ValueType: system | utc | String
## - "system" use system zone
## - "utc" for Universal Coordinated Time (UTC)
## - "+hh:mm" or "-hh:mm" for a specified offset
## Default: system
time_offset = system
## Limits the total number of characters printed for each log event.
##
## @doc log.console_handler.<name>.chars_limit
## ValueType: unlimited | Integer
## Range: [0, +Inf)
## Default: unlimited
chars_limit = unlimited
## Maximum depth for Erlang term log formatting
## and Erlang process message queue inspection.
##
## @doc log.console_handler.<name>.max_depth
## ValueType: unlimited | Integer
## Default: 100
max_depth = 100
## Log formatter
## @doc log.console_handler.<name>.formatter
## ValueType: text | json
## Default: text
formatter = text
## Log to single line
## @doc log.console_handler.<name>.single_line
## ValueType: Boolean
## Default: true
single_line = true
## The max allowed queue length before switching to sync mode.
##
## Log overload protection parameter. If the message queue grows
## larger than this value the handler switches from anync to sync mode.
##
## @doc log.console_handler.<name>.sync_mode_qlen
## ValueType: Integer
## Range: [0, ${log.console_handler.<name>.drop_mode_qlen}]
## Default: 100
sync_mode_qlen = 100
## The max allowed queue length before switching to drop mode.
##
## Log overload protection parameter. When the message queue grows
## larger than this threshold, the handler switches to a mode in which
## it drops all new events that senders want to log.
##
## @doc log.console_handler.<name>.drop_mode_qlen
## ValueType: Integer
## Range: [${log.console_handler.<name>.sync_mode_qlen}, ${log.console_handler.<name>.flush_qlen}]
## Default: 3000
drop_mode_qlen = 3000
## The max allowed queue length before switching to flush mode.
##
## Log overload protection parameter. If the length of the message queue
## grows larger than this threshold, a flush (delete) operation takes place.
## To flush events, the handler discards the messages in the message queue
## by receiving them in a loop without logging.
##
## @doc log.console_handler.<name>.flush_qlen
## ValueType: Integer
## Range: [${log.console_handler.<name>.drop_mode_qlen}, infinity)
## Default: 8000
flush_qlen = 8000
## Kill the log handler when it gets overloaded.
##
## Log overload protection parameter. It is possible that a handler,
## even if it can successfully manage peaks of high load without crashing,
## can build up a large message queue, or use a large amount of memory.
## We could kill the log handler in these cases and restart it after a
## few seconds.
##
## @doc log.console_handler.<name>.overload_kill.enable
## ValueType: Boolean
## Default: true
overload_kill.enable = true
## The max allowed queue length before killing the log hanlder.
##
## Log overload protection parameter. This is the maximum allowed queue
## length. If the message queue grows larger than this, the handler
## process is terminated.
##
## @doc log.console_handler.<name>.overload_kill.qlen
## ValueType: Integer
## Range: [0, 1048576]
## Default: 20000
overload_kill.qlen = 20000
## The max allowed memory size before killing the log hanlder.
##
## Log overload protection parameter. This is the maximum memory size
## that the handler process is allowed to use. If the handler grows
## larger than this, the process is terminated.
##
## @doc log.console_handler.<name>.overload_kill.mem_size
## ValueType: Size
## Default: 30MB
overload_kill.mem_size = 30MB
## Restart the log hanlder after some seconds.
##
## Log overload protection parameter. If the handler is terminated,
## it restarts automatically after a delay specified in seconds.
##
## @doc log.console_handler.<name>.overload_kill.restart_after
## ValueType: Duration
## Default: 5s
overload_kill.restart_after = 5s
## Controlling Bursts of Log Requests.
##
## Log overload protection parameter. Large bursts of log events - many
## events received by the handler under a short period of time - can
## potentially cause problems. By specifying the maximum number of events
## to be handled within a certain time frame, the handler can avoid
## choking the log with massive amounts of printouts.
##
## Note that there would be no warning if any messages were
## dropped because of burst control.
##
## @doc log.console_handler.<name>.burst_limit.enable
## ValueType: Boolean
## Default: false
burst_limit.enable = false
## This config controls the maximum number of events to handle within
## a time frame. After the limit is reached, successive events are
## dropped until the end of the time frame defined by `window_time`.
##
## @doc log.console_handler.<name>.burst_limit.max_count
## ValueType: Integer
## Default: 10000
burst_limit.max_count = 10000
## See the previous description of burst_limit_max_count.
##
## @doc log.console_handler.<name>.burst_limit.window_time
## ValueType: duration
## Default: 1s
burst_limit.window_time = 1s
}
##----------------------------------------------------------------
## The file log handlers send log messages to files
##----------------------------------------------------------------
## file_handlers.<name>
file_handlers.default {
## The log level filter of this handler
## All the log messages with levels lower than this level will
## be dropped.
##
## @doc log.file_handlers.<name>.level
## ValueType: debug | info | notice | warning | error | critical | alert | emergency
## Default: warning
level = warning
## The log file for specified level.
##
## If `rotation` is disabled, this is the file of the log files.
##
## If `rotation` is enabled, this is the base name of the files.
## Each file in a rotated log is named <base_name>.N, where N is an integer.
##
## Note: Log files for a specific log level will only contain all the logs
## that higher than or equal to that level
##
## @doc log.file_handlers.<name>.file
## ValueType: File
## Required: true
file = "log/emqx.log"
## Enables the log rotation.
## With this enabled, new log files will be created when the current
## log file is full, max to `rotation_count` files will be created.
##
## @doc log.file_handlers.<name>.rotation.enable
## ValueType: Boolean
## Default: true
rotation.enable = true
## Maximum rotation count of log files.
##
## @doc log.file_handlers.<name>.rotation.count
## ValueType: Integer
## Range: [1, 2048]
## Default: 10
rotation.count = 10
## Maximum size of each log file.
##
## If the max_size reached and `rotation` is disabled, the handler
## will stop sending log messages, if the `rotation` is enabled,
## the file rotates.
##
## @doc log.file_handlers.<name>.max_size
## ValueType: Size | infinity
## Default: 10MB
max_size = 10MB
## Timezone offset to display in logs
##
## @doc log.file_handlers.<name>.time_offset
## ValueType: system | utc | String
## - "system" use system zone
## - "utc" for Universal Coordinated Time (UTC)
## - "+hh:mm" or "-hh:mm" for a specified offset
## Default: system
time_offset = system
## Limits the total number of characters printed for each log event.
##
## @doc log.file_handlers.<name>.chars_limit
## ValueType: unlimited | Integer
## Range: [0, +Inf)
## Default: unlimited
chars_limit = unlimited
## Maximum depth for Erlang term log formatting
## and Erlang process message queue inspection.
##
## @doc log.file_handlers.<name>.max_depth
## ValueType: unlimited | Integer
## Default: 100
max_depth = 100
## Log formatter
## @doc log.file_handlers.<name>.formatter
## ValueType: text | json
## Default: text
formatter = text
## Log to single line
## @doc log.file_handlers.<name>.single_line
## ValueType: Boolean
## Default: true
single_line = true
## The max allowed queue length before switching to sync mode.
##
## Log overload protection parameter. If the message queue grows
## larger than this value the handler switches from anync to sync mode.
##
## @doc log.file_handlers.<name>.sync_mode_qlen
## ValueType: Integer
## Range: [0, ${log.file_handlers.<name>.drop_mode_qlen}]
## Default: 100
sync_mode_qlen = 100
## The max allowed queue length before switching to drop mode.
##
## Log overload protection parameter. When the message queue grows
## larger than this threshold, the handler switches to a mode in which
## it drops all new events that senders want to log.
##
## @doc log.file_handlers.<name>.drop_mode_qlen
## ValueType: Integer
## Range: [${log.file_handlers.<name>.sync_mode_qlen}, ${log.file_handlers.<name>.flush_qlen}]
## Default: 3000
drop_mode_qlen = 3000
## The max allowed queue length before switching to flush mode.
##
## Log overload protection parameter. If the length of the message queue
## grows larger than this threshold, a flush (delete) operation takes place.
## To flush events, the handler discards the messages in the message queue
## by receiving them in a loop without logging.
##
## @doc log.file_handlers.<name>.flush_qlen
## ValueType: Integer
## Range: [${log.file_handlers.<name>.drop_mode_qlen}, infinity)
## Default: 8000
flush_qlen = 8000
## Kill the log handler when it gets overloaded.
##
## Log overload protection parameter. It is possible that a handler,
## even if it can successfully manage peaks of high load without crashing,
## can build up a large message queue, or use a large amount of memory.
## We could kill the log handler in these cases and restart it after a
## few seconds.
##
## @doc log.file_handlers.<name>.overload_kill.enable
## ValueType: Boolean
## Default: true
overload_kill.enable = true
## The max allowed queue length before killing the log hanlder.
##
## Log overload protection parameter. This is the maximum allowed queue
## length. If the message queue grows larger than this, the handler
## process is terminated.
##
## @doc log.file_handlers.<name>.overload_kill.qlen
## ValueType: Integer
## Range: [0, 1048576]
## Default: 20000
overload_kill.qlen = 20000
## The max allowed memory size before killing the log hanlder.
##
## Log overload protection parameter. This is the maximum memory size
## that the handler process is allowed to use. If the handler grows
## larger than this, the process is terminated.
##
## @doc log.file_handlers.<name>.overload_kill.mem_size
## ValueType: Size
## Default: 30MB
overload_kill.mem_size = 30MB
## Restart the log hanlder after some seconds.
##
## Log overload protection parameter. If the handler is terminated,
## it restarts automatically after a delay specified in seconds.
##
## @doc log.file_handlers.<name>.overload_kill.restart_after
## ValueType: Duration
## Default: 5s
overload_kill.restart_after = 5s
## Controlling Bursts of Log Requests.
##
## Log overload protection parameter. Large bursts of log events - many
## events received by the handler under a short period of time - can
## potentially cause problems. By specifying the maximum number of events
## to be handled within a certain time frame, the handler can avoid
## choking the log with massive amounts of printouts.
##
## Note that there would be no warning if any messages were
## dropped because of burst control.
##
## @doc log.file_handlers.<name>.burst_limit.enable
## ValueType: Boolean
## Default: false
burst_limit.enable = false
## This config controls the maximum number of events to handle within
## a time frame. After the limit is reached, successive events are
## dropped until the end of the time frame defined by `window_time`.
##
## @doc log.file_handlers.<name>.burst_limit.max_count
## ValueType: Integer
## Default: 10000
burst_limit.max_count = 10000
## See the previous description of burst_limit_max_count.
##
## @doc log.file_handlers.<name>.burst_limit.window_time
## ValueType: duration
## Default: 1s
burst_limit.window_time = 1s
}
}
##==================================================================
## RPC
##==================================================================
rpc {
## RPC Mode.
##
## @doc rpc.mode
## ValueType: sync | async
## Default: async
mode = async
## Max batch size of async RPC requests.
##
## NOTE: RPC batch won't work when rpc.mode = sync
## Zero value disables rpc batching.
##
## @doc rpc.async_batch_size
## ValueType: Integer
## Range: [0, 1048576]
## Default: 0
async_batch_size = 256
## RPC port discovery
##
## The strategy for discovering the RPC listening port of
## other nodes.
##
## @doc cluster.discovery_strategy
## ValueType: manual | stateless
## - manual: discover ports by `tcp_server_port`.
## - stateless: discover ports in a stateless manner.
## If node name is `emqx<N>@127.0.0.1`, where the `<N>` is
## an integer, then the listening port will be `5370 + <N>`
##
## Default: `stateless`.
port_discovery = stateless
## TCP server port for RPC.
##
## Only takes effect when `rpc.port_discovery` = `manual`.
##
## @doc rpc.tcp_server_port
## ValueType: Integer
## Range: [1024-65535]
## Defaults: 5369
tcp_server_port = 5369
## Number of outgoing RPC connections.
##
## Set this to 1 to keep the message order sent from the same
## client.
##
## @doc rpc.tcp_client_num
## ValueType: Integer
## Range: [1, 256]
## Defaults: 1
tcp_client_num = 1
## RCP Client connect timeout.
##
## @doc rpc.connect_timeout
## ValueType: Duration
## Default: 5s
connect_timeout = 5s
## TCP send timeout of RPC client and server.
##
## @doc rpc.send_timeout
## ValueType: Duration
## Default: 5s
send_timeout = 5s
## Authentication timeout
##
## @doc rpc.authentication_timeout
## ValueType: Duration
## Default: 5s
authentication_timeout = 5s
## Default receive timeout for call() functions
##
## @doc rpc.call_receive_timeout
## ValueType: Duration
## Default: 15s
call_receive_timeout = 15s
## Socket idle keepalive.
##
## @doc rpc.socket_keepalive_idle
## ValueType: Duration
## Default: 900s
socket_keepalive_idle = 900s
## TCP Keepalive probes interval.
##
## @doc rpc.socket_keepalive_interval
## ValueType: Duration
## Default: 75s
socket_keepalive_interval = 75s
## Probes lost to close the connection
##
## @doc rpc.socket_keepalive_count
## ValueType: Integer
## Default: 9
socket_keepalive_count = 9
## Size of TCP send buffer.
##
## @doc rpc.socket_sndbuf
## ValueType: Size
## Default: 1MB
socket_sndbuf = 1MB
## Size of TCP receive buffer.
##
## @doc rpc.socket_recbuf
## ValueType: Size
## Default: 1MB
socket_recbuf = 1MB
## Size of user-level software socket buffer.
##
## @doc rpc.socket_buffer
## ValueType: Size
## Default: 1MB
socket_buffer = 1MB
}
##==================================================================
## Listeners
##==================================================================
## MQTT/TCP - TCP Listeners for MQTT Protocol
## syntax: listeners.tcp.<name>
## example: listeners.tcp.my_tcp_listener
listeners.tcp.default {
## The IP address and port that the listener will bind.
##
## @doc listeners.tcp.<name>.bind
## ValueType: IPAddress | Port | IPAddrPort
## Required: true
## Examples: 1883, 127.0.0.1:1883, ::1:1883
bind = "0.0.0.0:1883"
## The configuration zone this listener is using.
## If not set, the global configs are used for this listener.
##
## See `zones.<name>` for more details.
##
## @doc listeners.tcp.<name>.zone
## ValueType: String
## Required: false
#zone = default
## The size of the acceptor pool for this listener.
##
## @doc listeners.tcp.<name>.acceptors
## ValueType: Number
## Default: 16
acceptors = 16
## Maximum number of concurrent connections.
##
## @doc listeners.tcp.<name>.max_connections
## ValueType: Number | infinity
## Default: infinity
max_connections = 1024000
## The access control rules for this listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## @doc listeners.tcp.<name>.access_rules
## ValueType: Array<AccessRules>
## Default: []
## Examples:
## access_rules: [
## "deny 192.168.0.0/24",
## "all all"
## ]
access_rules = [
"allow all"
]
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## @doc listeners.tcp.<name>.proxy_protocol
## ValueType: Boolean
## Default: false
proxy_protocol = false
## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
## if no proxy protocol packet received within the timeout.
##
## @doc listeners.tcp.<name>.proxy_protocol_timeout
## ValueType: Duration
## Default: 3s
proxy_protocol_timeout = 3s
## When publishing or subscribing, prefix all topics with a mountpoint string.
## The prefixed string will be removed from the topic name when the message
## is delivered to the subscriber. The mountpoint is a way that users can use
## to implement isolation of message routing between different listeners.
##
## For example if a clientA subscribes to "t" with `listeners.tcp.<name>.mountpoint`
## set to "some_tenant", then the client accually subscribes to the topic
## "some_tenant/t". Similarly if another clientB (connected to the same listener
## with the clientA) send a message to topic "t", the message is accually route
## to all the clients subscribed "some_tenant/t", so clientA will receive the
## message, with topic name "t".
##
## Set to "" to disable the feature.
##
## Variables in mountpoint string:
## - ${clientid}: clientid
## - ${username}: username
##
## @doc listeners.tcp.<name>.mountpoint
## ValueType: String
## Default: ""
mountpoint = ""
## TCP options
## See ${example_common_tcp_options} for more information
tcp.backlog = 1024
tcp.buffer = 4KB
}
## MQTT/SSL - SSL Listeners for MQTT Protocol
## syntax: listeners.ssl.<name>
## example: listeners.ssl.my_ssl_listener
listeners.ssl.default {
## The IP address and port that the listener will bind.
##
## @doc listeners.ssl.<name>.bind
## ValueType: IPAddress | Port | IPAddrPort
## Required: true
## Examples: 8883, 127.0.0.1:8883, ::1:8883
bind = "0.0.0.0:8883"
## The configuration zone this listener is using.
## If not set, the global configs are used for this listener.
##
## See `zones.<name>` for more details.
##
## @doc listeners.ssl.<name>.zone
## ValueType: String
## Required: false
#zone = default
## The size of the acceptor pool for this listener.
##
## @doc listeners.ssl.<name>.acceptors
## ValueType: Number
## Default: 16
acceptors = 16
## Maximum number of concurrent connections.
##
## @doc listeners.ssl.<name>.max_connections
## ValueType: Number | infinity
## Default: infinity
max_connections = 512000
## The access control rules for this listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## @doc listeners.ssl.<name>.access_rules
## ValueType: Array<AccessRules>
## Default: []
## Examples:
## access_rules: [
## "deny 192.168.0.0/24",
## "all all"
## ]
access_rules = [
"allow all"
]
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## @doc listeners.ssl.<name>.proxy_protocol
## ValueType: Boolean
## Default: true
proxy_protocol = false
## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
## if no proxy protocol packet received within the timeout.
##
## @doc listeners.ssl.<name>.proxy_protocol_timeout
## ValueType: Duration
## Default: 3s
proxy_protocol_timeout = 3s
## When publishing or subscribing, prefix all topics with a mountpoint string.
## The prefixed string will be removed from the topic name when the message
## is delivered to the subscriber. The mountpoint is a way that users can use
## to implement isolation of message routing between different listeners.
##
## For example if a clientA subscribes to "t" with `listeners.ssl.<name>.mountpoint`
## set to "some_tenant", then the client accually subscribes to the topic
## "some_tenant/t". Similarly if another clientB (connected to the same listener
## with the clientA) send a message to topic "t", the message is accually route
## to all the clients subscribed "some_tenant/t", so clientA will receive the
## message, with topic name "t".
##
## Set to "" to disable the feature.
##
## Variables in mountpoint string:
## - ${clientid}: clientid
## - ${username}: username
##
## @doc listeners.ssl.<name>.mountpoint
## ValueType: String
## Default: ""
mountpoint = ""
## SSL options
ssl.keyfile = "etc/certs/key.pem"
ssl.certfile = "etc/certs/cert.pem"
ssl.cacertfile = "etc/certs/cacert.pem"
# ssl.versions = ["tlsv1.3", "tlsv1.2", "tlsv1.1", "tlsv1"]
# TLS 1.3: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256"
# TLS 1-1.2 "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
# PSK: "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
# NOTE: If PSK cipher-suites are intended, tlsv1.3 should not be enabled in 'versions' config
# ssl.ciphers = ""
## TCP options
## See ${example_common_tcp_options} for more information
tcp.backlog = 1024
tcp.buffer = 4KB
}
## MQTT/QUIC - QUIC Listeners for MQTT Protocol
## syntax: listeners.quic.<name>
## example: listeners.quic.my_quic_listener
listeners.quic.default {
## The IP address and port that the listener will bind.
##
## @doc listeners.quic.<name>.bind
## ValueType: IPAddress | Port | IPAddrPort
## Required: true
## Examples: 14567, 127.0.0.1:14567, ::1:14567
bind = "0.0.0.0:14567"
## The configuration zone this listener is using.
## If not set, the global configs are used for this listener.
##
## See `zones.<name>` for more details.
## NOTE: This is a cluster-wide configuration.
## It requires all nodes to be stopped before changing it.
##
## @doc listeners.quic.<name>.zone
## ValueType: String
## Required: false
#zone = default
## The size of the acceptor pool for this listener.
##
## @doc listeners.quic.<name>.acceptors
## ValueType: Number
## Default: 16
acceptors = 16
## Maximum number of concurrent connections.
##
## @doc listeners.quic.<name>.max_connections
## ValueType: Number | infinity
## Default: infinity
max_connections = 1024000
## Path to the file containing the user's private PEM-encoded key.
##
## @doc listeners.quic.<name>.keyfile
## ValueType: String
## Default: "etc/certs/key.pem"
keyfile = "etc/certs/key.pem"
## Path to a file containing the user certificate.
##
## @doc listeners.quic.<name>.certfile
## ValueType: String
## Default: "etc/certs/cert.pem"
certfile = "etc/certs/cert.pem"
## When publishing or subscribing, prefix all topics with a mountpoint string.
## The prefixed string will be removed from the topic name when the message
## is delivered to the subscriber. The mountpoint is a way that users can use
## to implement isolation of message routing between different listeners.
##
## For example if a clientA subscribes to "t" with `listeners.quic.<name>.mountpoint`
## set to "some_tenant", then the client accually subscribes to the topic
## "some_tenant/t". Similarly if another clientB (connected to the same listener
## with the clientA) send a message to topic "t", the message is accually route
## to all the clients subscribed "some_tenant/t", so clientA will receive the
## message, with topic name "t".
##
## Set to "" to disable the feature.
##
## Variables in mountpoint string:
## - ${clientid}: clientid
## - ${username}: username
##
## @doc listeners.quic.<name>.mountpoint
## ValueType: String
## Default: ""
mountpoint = ""
}
## MQTT/WS - Websocket Listeners for MQTT Protocol
## syntax: listeners.ws.<name>
## example: listeners.ws.my_ws_listener
listeners.ws.default {
## The IP address and port that the listener will bind.
##
## @doc listeners.ws.<name>.bind
## ValueType: IPAddress | Port | IPAddrPort
## Required: true
## Examples: 8083, 127.0.0.1:8083, ::1:8083
bind = "0.0.0.0:8083"
## The configuration zone this listener is using.
## If not set, the global configs are used for this listener.
##
## See `zones.<name>` for more details.
##
## @doc listeners.ws.<name>.zone
## ValueType: String
## Required: false
#zone = default
## The size of the acceptor pool for this listener.
##
## @doc listeners.ws.<name>.acceptors
## ValueType: Number
## Default: 16
acceptors = 16
## Maximum number of concurrent connections.
##
## @doc listeners.ws.<name>.max_connections
## ValueType: Number | infinity
## Default: infinity
max_connections = 1024000
## The access control rules for this listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## @doc listeners.ws.<name>.access_rules
## ValueType: Array<AccessRules>
## Default: []
## Examples:
## access_rules: [
## "deny 192.168.0.0/24",
## "all all"
## ]
access_rules = [
"allow all"
]
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## @doc listeners.ws.<name>.proxy_protocol
## ValueType: Boolean
## Default: true
proxy_protocol = false
## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
## if no proxy protocol packet received within the timeout.
##
## @doc listeners.ws.<name>.proxy_protocol_timeout
## ValueType: Duration
## Default: 3s
proxy_protocol_timeout = 3s
## When publishing or subscribing, prefix all topics with a mountpoint string.
## The prefixed string will be removed from the topic name when the message
## is delivered to the subscriber. The mountpoint is a way that users can use
## to implement isolation of message routing between different listeners.
##
## For example if a clientA subscribes to "t" with `listeners.ws.<name>.mountpoint`
## set to "some_tenant", then the client accually subscribes to the topic
## "some_tenant/t". Similarly if another clientB (connected to the same listener
## with the clientA) send a message to topic "t", the message is accually route
## to all the clients subscribed "some_tenant/t", so clientA will receive the
## message, with topic name "t".
##
## Set to "" to disable the feature.
##
## Variables in mountpoint string:
## - ${clientid}: clientid
## - ${username}: username
##
## @doc listeners.ws.<name>.mountpoint
## ValueType: String
## Default: ""
mountpoint = ""
## TCP options
## See ${example_common_tcp_options} for more information
tcp.backlog = 1024
tcp.buffer = 4KB
## Websocket options
## See ${example_common_websocket_options} for more information
websocket.idle_timeout = 86400s
}
## MQTT/WSS - WebSocket Secure Listeners for MQTT Protocol
## syntax: listeners.wss.<name>
## example: listeners.wss.my_wss_listener
listeners.wss.default {
## The IP address and port that the listener will bind.
##
## @doc listeners.wss.<name>.bind
## ValueType: IPAddress | Port | IPAddrPort
## Required: true
## Examples: 8084, 127.0.0.1:8084, ::1:8084
bind = "0.0.0.0:8084"
## The configuration zone this listener is using.
## If not set, the global configs are used for this listener.
##
## See `zones.<name>` for more details.
##
## @doc listeners.wss.<name>.zone
## ValueType: String
## Required: false
#zone = default
## The size of the acceptor pool for this listener.
##
## @doc listeners.wss.<name>.acceptors
## ValueType: Number
## Default: 16
acceptors = 16
## Maximum number of concurrent connections.
##
## @doc listeners.wss.<name>.max_connections
## ValueType: Number | infinity
## Default: infinity
max_connections = 512000
## The access control rules for this listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## @doc listeners.wss.<name>.access_rules
## ValueType: Array<AccessRules>
## Default: []
## Examples:
## access_rules: [
## "deny 192.168.0.0/24",
## "all all"
## ]
access_rules = [
"allow all"
]
## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## @doc listeners.wss.<name>.proxy_protocol
## ValueType: Boolean
## Default: true
proxy_protocol = false
## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
## if no proxy protocol packet received within the timeout.
##
## @doc listeners.wss.<name>.proxy_protocol_timeout
## ValueType: Duration
## Default: 3s
proxy_protocol_timeout = 3s
## When publishing or subscribing, prefix all topics with a mountpoint string.
## The prefixed string will be removed from the topic name when the message
## is delivered to the subscriber. The mountpoint is a way that users can use
## to implement isolation of message routing between different listeners.
##
## For example if a clientA subscribes to "t" with `listeners.wss.<name>.mountpoint`
## set to "some_tenant", then the client accually subscribes to the topic
## "some_tenant/t". Similarly if another clientB (connected to the same listener
## with the clientA) send a message to topic "t", the message is accually route
## to all the clients subscribed "some_tenant/t", so clientA will receive the
## message, with topic name "t".
##
## Set to "" to disable the feature.
##
## Variables in mountpoint string:
## - ${clientid}: clientid
## - ${username}: username
##
## @doc listeners.wss.<name>.mountpoint
## ValueType: String
## Default: ""
mountpoint = ""
## SSL options
## See ${example_common_ssl_options} for more information
ssl.keyfile = "etc/certs/key.pem"
ssl.certfile = "etc/certs/cert.pem"
ssl.cacertfile = "etc/certs/cacert.pem"
## TCP options
## See ${example_common_tcp_options} for more information
tcp.backlog = 1024
tcp.buffer = 4KB
## Websocket options
## See ${example_common_websocket_options} for more information
websocket.idle_timeout = 86400s
}
## Enable per connection statistics.
##
## @doc stats.enable
## ValueType: Boolean
## Default: true
stats.enable = true
authorization {
## Behaviour after not matching a rule.
##
## @doc authorization.no_match
## ValueType: allow | deny
## Default: allow
no_match: allow
## The action when authorization check reject current operation
##
## @doc authorization.deny_action
## ValueType: ignore | disconnect
## Default: ignore
deny_action: ignore
## Whether to enable Authorization cache.
##
## If enabled, Authorization roles for each client will be cached in the memory
##
## @doc authorization.cache.enable
## ValueType: Boolean
## Default: true
cache.enable: true
## The maximum count of Authorization entries can be cached for a client.
##
## @doc authorization.cache.max_size
## ValueType: Integer
## Range: [0, 1048576]
## Default: 32
cache.max_size: 32
## The time after which an Authorization cache entry will be deleted
##
## @doc authorization.cache.ttl
## ValueType: Duration
## Default: 1m
cache.ttl: 1m
}
mqtt {
## How long time the MQTT connection will be disconnected if the
## TCP connection is established but MQTT CONNECT has not been
## received.
##
## @doc mqtt.idle_timeout
## ValueType: Duration
## Default: 15s
idle_timeout = 15s
## Maximum MQTT packet size allowed.
##
## @doc mqtt.max_packet_size
## ValueType: Bytes
## Default: 1MB
max_packet_size = 1MB
## Maximum length of MQTT clientId allowed.
##
## @doc mqtt.max_clientid_len
## ValueType: Integer
## Range: [23, 65535]
## Default: 65535
max_clientid_len = 65535
## Maximum topic levels allowed.
##
## @doc mqtt.max_topic_levels
## ValueType: Integer
## Range: [1, 65535]
## Default: 128
## Depth so big may lead to subscribing performance issues
max_topic_levels = 128
## Maximum QoS allowed.
##
## @doc mqtt.max_qos_allowed
## ValueType: 0 | 1 | 2
## Default: 2
max_qos_allowed = 2
## Maximum Topic Alias, 0 means no topic alias supported.
##
## @doc mqtt.max_topic_alias
## ValueType: Integer
## Range: [0, 65535]
## Default: 65535
max_topic_alias = 65535
## Whether the Server supports MQTT retained messages.
##
## @doc mqtt.retain_available
## ValueType: Boolean
## Default: true
retain_available = true
## Whether the Server supports MQTT Wildcard Subscriptions
##
## @doc mqtt.wildcard_subscription
## ValueType: Boolean
## Default: true
wildcard_subscription = true
## Whether the Server supports MQTT Shared Subscriptions.
##
## @doc mqtt.shared_subscription
## ValueType: Boolean
## Default: true
shared_subscription = true
## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
##
## @doc mqtt.ignore_loop_deliver
## ValueType: Boolean
## Default: false
ignore_loop_deliver = false
## Whether to parse the MQTT frame in strict mode
##
## @doc mqtt.strict_mode
## ValueType: Boolean
## Default: false
strict_mode = false
## Specify the response information returned to the client
##
## This feature is disabled if is set to ""
##
## @doc mqtt.response_information
## ValueType: String
## Default: ""
response_information = ""
## Server Keep Alive of MQTT 5.0
##
## @doc mqtt.server_keepalive
## ValueType: Number | disabled
## Default: disabled
server_keepalive = disabled
## The backoff for MQTT keepalive timeout. The broker will kick a connection out
## until 'Keepalive * backoff * 2' timeout.
##
## @doc mqtt.keepalive_backoff
## ValueType: Float
## Range: (0.5, 1]
## Default: 0.75
keepalive_backoff = 0.75
## Maximum number of subscriptions allowed.
##
## @doc mqtt.max_subscriptions
## ValueType: Integer | infinity
## Range: [1, infinity)
## Default: infinity
max_subscriptions = infinity
## Force to upgrade QoS according to subscription.
##
## @doc mqtt.upgrade_qos
## ValueType: Boolean
## Default: false
upgrade_qos = false
## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
##
## @doc mqtt.max_inflight
## ValueType: Integer
## Range: [1, 65535]
## Default: 32
max_inflight = 32
## Retry interval for QoS1/2 message delivering.
##
## @doc mqtt.retry_interval
## ValueType: Duration
## Default: 30s
retry_interval = 30s
## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL.
##
## @doc mqtt.max_awaiting_rel
## ValueType: Integer | infinity
## Range: [1, infinity)
## Default: 100
max_awaiting_rel = 100
## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.
##
## @doc mqtt.await_rel_timeout
## ValueType: Duration
## Default: 300s
await_rel_timeout = 300s
## Default session expiry interval for MQTT V3.1.1 connections.
##
## @doc mqtt.session_expiry_interval
## ValueType: Duration
## Default: 2h
session_expiry_interval = 2h
## Maximum queue length. Enqueued messages when persistent client disconnected,
## or inflight window is full.
##
## @doc mqtt.max_mqueue_len
## ValueType: Integer | infinity
## Range: [0, infinity)
## Default: 1000
max_mqueue_len = 1000
## Topic priorities.
##
## There's no priority table by default, hence all messages
## are treated equal.
##
## Priority number [1-255]
##
## NOTE: comma and equal signs are not allowed for priority topic names
## NOTE: Messages for topics not in the priority table are treated as
## either highest or lowest priority depending on the configured
## value for mqtt.mqueue_default_priority
##
## @doc mqtt.mqueue_priorities
## ValueType: Map | disabled
## Examples:
## To configure "topic/1" > "topic/2":
## mqueue_priorities: {"topic/1": 10, "topic/2": 8}
## Default: disabled
mqueue_priorities = disabled
## Default to highest priority for topics not matching priority table
##
## @doc mqtt.mqueue_default_priority
## ValueType: highest | lowest
## Default: lowest
mqueue_default_priority = lowest
## Whether to enqueue QoS0 messages.
##
## @doc mqtt.mqueue_store_qos0
## ValueType: Boolean
## Default: true
mqueue_store_qos0 = true
## Whether use username replace client id
##
## @doc mqtt.use_username_as_clientid
## ValueType: Boolean
## Default: false
use_username_as_clientid = false
## Use the CN, DN or CRT field from the client certificate as a username.
## Only works for SSL connection.
##
## @doc mqtt.peer_cert_as_username
## ValueType: cn | dn | crt | disabled
## Default: disabled
peer_cert_as_username = disabled
## Use the CN, DN or CRT field from the client certificate as a clientid.
## Only works for SSL connection.
##
## @doc mqtt.peer_cert_as_clientid
## ValueType: cn | dn | crt | disabled
## Default: disabled
peer_cert_as_clientid = disabled
}
flapping_detect {
## Enable Flapping Detection.
##
## This config controls the allowed maximum number of CONNECT received
## from the same clientid in a time frame defined by `window_time`.
## After the limit is reached, successive CONNECT requests are forbidden
## (banned) until the end of the time period defined by `ban_time`.
##
## @doc flapping_detect.enable
## ValueType: Boolean
## Default: true
enable = false
## The max disconnect allowed of a MQTT Client in `window_time`
##
## @doc flapping_detect.max_count
## ValueType: Integer
## Default: 15
max_count = 15
## The time window for flapping detect
##
## @doc flapping_detect.window_time
## ValueType: Duration
## Default: 1m
window_time = 1m
## How long the clientid will be banned
##
## @doc flapping_detect.ban_time
## ValueType: Duration
## Default: 5m
ban_time = 5m
}
force_shutdown {
## Enable force_shutdown
##
## @doc force_shutdown.enable
## ValueType: Boolean
## Default: true
enable = true
## Max message queue length
## @doc force_shutdown.max_message_queue_len
## ValueType: Integer
## Range: (0, infinity)
## Default: 1000
max_message_queue_len = 1000
## Total heap size
##
## @doc force_shutdown.max_heap_size
## ValueType: Size
## Default: 32MB
max_heap_size = 32MB
}
overload_protection {
## React on system overload or not
## @doc overload_protection.enable
## ValueType: Boolean
## Default: false
enable = false
## Backoff delay in ms
## @doc overload_protection.backoff_delay
## ValueType: Integer
## Range: (0, infinity)
## Default: 1
backoff_delay = 1
## Backoff GC enabled
## @doc overload_protection.backoff_gc
## ValueType: Boolean
## Default: false
backoff_gc = false
## Backoff hibernation enabled
## @doc overload_protection.backoff_hibernation
## ValueType: Boolean
## Default: true
backoff_hibernation = true
## Backoff hibernation enabled
## @doc overload_protection.backoff_hibernation
## ValueType: Boolean
## Default: true
backoff_new_conn = true
}
force_gc {
## Force the MQTT connection process GC after this number of
## messages or bytes passed through.
##
## @doc force_gc.enable
## ValueType: Boolean
## Default: true
enable = true
## GC the process after how many messages received
## @doc force_gc.max_message_queue_len
## ValueType: Integer
## Range: (0, infinity)
## Default: 16000
count = 16000
## GC the process after how much bytes passed through
##
## @doc force_gc.bytes
## ValueType: Size
## Default: 16MB
bytes = 16MB
}
conn_congestion {
## Whether to alarm the congested connections.
##
## Sometimes the mqtt connection (usually an MQTT subscriber) may
## get "congested" because there're too many packets to sent.
## The socket trys to buffer the packets until the buffer is
## full. If more packets comes after that, the packets will be
## "pending" in a queue and we consider the connection is
## "congested".
##
## Enable this to send an alarm when there's any bytes pending in
## the queue. You could set the `sndbuf` to a larger value if the
## alarm is triggered too often.
##
## The name of the alarm is of format "conn_congestion/<ClientID>/<Username>".
## Where the <ClientID> is the client-id of the congested MQTT connection.
## And the <Username> is the username or "unknown_user" of not provided by the client.
##
## @doc conn_congestion.enable_alarm
## ValueType: Boolean
## Default: true
enable_alarm = true
## Won't clear the congested alarm in how long time.
## The alarm is cleared only when there're no pending bytes in
## the queue, and also it has been `min_alarm_sustain_duration`
## time since the last time we considered the connection is "congested".
##
## This is to avoid clearing and sending the alarm again too often.
##
## @doc conn_congestion.min_alarm_sustain_duration
## ValueType: Duration
## Default: 1m
min_alarm_sustain_duration = 1m
}
rate_limit {
## Maximum connections per second.
##
## @doc zones.<name>.max_conn_rate
## ValueType: Number | infinity
## Default: 1000
## Examples:
## max_conn_rate: 1000
max_conn_rate = 1000
## Message limit for the a external MQTT connection.
##
## @doc rate_limit.conn_messages_in
## ValueType: String | infinity
## Default: infinity
## Examples: 100 messages per 10 seconds.
## conn_messages_in: "100,10s"
conn_messages_in = "100,10s"
## Limit the rate of receiving packets for a MQTT connection.
## The rate is counted by bytes of packets per second.
##
## The connection won't accept more messages if the messages come
## faster than the limit.
##
## @doc rate_limit.conn_bytes_in
## ValueType: String | infinity
## Default: infinity
## Examples: 100KB incoming per 10 seconds.
## conn_bytes_in: "100KB,10s"
##
conn_bytes_in = "100KB,10s"
}
quota {
## Messages quota for the each of external MQTT connection.
## This value consumed by the number of recipient on a message.
##
## @doc quota.conn_messages_routing
## ValueType: String | infinity
## Default: infinity
## Examples: 100 messaegs per 1s:
## quota.conn_messages_routing: "100,1s"
conn_messages_routing = "100,1s"
## Messages quota for the all of external MQTT connections.
## This value consumed by the number of recipient on a message.
##
## @doc quota.overall_messages_routing
## ValueType: String | infinity
## Default: infinity
## Examples: 200000 messages per 1s:
## quota.overall_messages_routing: "200000,1s"
##
overall_messages_routing = "200000,1s"
}
##==================================================================
## Zones
##==================================================================
## A zone contains a set of configurations for listeners.
##
## A zone can be used by a listener via `listener.<type>.<name>.zone`.
##
## The configs defined in zones will override the global configs with the same key.
##
## For example given the following config:
##
## ```
## a {
## b: 1, c: 1
## }
##
## zone.my_zone {
## a {
## b:2
## }
## }
## ```
##
## The global config "a" is overridden by the configs "a" inside the zone "my_zone".
## If there is a listener uses the zone "my_zone", the value of config "a" will be:
## `{b:2, c: 1}`.
## Note that although the default value of `a.c` is `0`, the global value is used.
## i.e. configs in the zone have no default values. To overridde `a.c` we must configure
## it explicitly in the zone.
##
## All the global configs that can be overridden in zones are:
## - `stats.*`
## - `mqtt.*`
## - `authorization.*`
## - `flapping_detect.*`
## - `force_shutdown.*`
## - `conn_congestion.*`
## - `rate_limit.*`
## - `quota.*`
## - `force_gc.*`
##
## syntax: zones.<zone-name>
## example: zones.my_zone
zones.default {
}
##==================================================================
## Broker
##==================================================================
broker {
## System interval of publishing $SYS messages.
##
## @doc broker.sys_msg_interval
## ValueType: Duration | disabled
## Default: 1m
sys_msg_interval = 1m
## System heartbeat interval of publishing following heart beat message:
## - "$SYS/brokers/<node>/uptime"
## - "$SYS/brokers/<node>/datetime"
##
## @doc broker.sys_heartbeat_interval
## ValueType: Duration
## Default: 30s | disabled
sys_heartbeat_interval = 30s
## Session locking strategy in a cluster.
##
## @doc broker.session_locking_strategy
## ValueType: local | one | quorum | all
## - local: only lock the session locally on the current node
## - one: select only one remove node to lock the session
## - quorum: select some nodes to lock the session
## - all: lock the session on all of the nodes in the cluster
## Default: quorum
session_locking_strategy = quorum
## Dispatch strategy for shared subscription
##
## @doc broker.shared_subscription_strategy
## ValueType: random | round_robin | sticky | hash
## - random: dispatch the message to a random selected subscriber
## - round_robin: select the subscribers in a round-robin manner
## - sticky: always use the last selected subscriber to dispatch,
## until the susbcriber disconnected.
## - hash: select the subscribers by the hash of clientIds
## Default: round_robin
shared_subscription_strategy = round_robin
## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages
## This should allow messages to be dispatched to a different subscriber in
## the group in case the picked (based on shared_subscription_strategy) one # is offline
##
## @doc broker.shared_dispatch_ack_enabled
## ValueType: Boolean
## Default: false
shared_dispatch_ack_enabled = false
## Enable batch clean for deleted routes.
##
## @doc broker.route_batch_clean
## ValueType: Boolean
## Default: true
route_batch_clean = true
## Performance toggle for subscribe/unsubscribe wildcard topic.
## Change this toggle only when there are many wildcard topics.
##
## NOTE: when changing from/to 'global' lock, it requires all
## nodes in the cluster to be stopped before the change.
##
## @doc broker.perf.route_lock_type
## ValueType: key | tab | global
## - key: mnesia translational updates with per-key locks. recommended for single node setup.
## - tab: mnesia translational updates with table lock. recommended for multi-nodes setup.
## - global: global lock protected updates. recommended for larger cluster.
## Default: key
perf.route_lock_type = key
## Enable trie path compaction.
## Enabling it significantly improves wildcard topic subscribe
## rate, if wildcard topics have unique prefixes like:
## 'sensor//+/', where ID is unique per subscriber.
##
## Topic match performance (when publishing) may degrade if messages
## are mostly published to topics with large number of levels.
##
## NOTE: This is a cluster-wide configuration.
## It requires all nodes to be stopped before changing it.
##
## @doc broker.perf.trie_compaction
## ValueType: Boolean
## Default: true
perf.trie_compaction = true
}
##==================================================================
## System Monitor
##==================================================================
sysmon {
## The time interval for the periodic process limit check
##
## @doc sysmon.vm.process_check_interval
## ValueType: Duration
## Default: 30s
vm.process_check_interval = 30s
## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set.
##
## @doc sysmon.vm.process_high_watermark
## ValueType: Percentage
## Default: 80%
vm.process_high_watermark = 80%
## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear.
##
## @doc sysmon.vm.process_low_watermark
## ValueType: Percentage
## Default: 60%
vm.process_low_watermark = 60%
## Enable Long GC monitoring.
## Notice: don't enable the monitor in production for:
## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
##
## @doc sysmon.vm.long_gc
## ValueType: Duration | disabled
## Default: disabled
vm.long_gc = disabled
## Enable Long Schedule(ms) monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## @doc sysmon.vm.long_schedule
## ValueType: Duration | disabled
## Default: disabled
vm.long_schedule = 240ms
## Enable Large Heap monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## @doc sysmon.vm.large_heap
## ValueType: Size | disabled
## Default: 32MB
vm.large_heap = 32MB
## Enable Busy Port monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## @doc sysmon.vm.busy_port
## ValueType: Boolean
## Default: true
vm.busy_port = true
## Enable Busy Dist Port monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## @doc sysmon.vm.busy_dist_port
## ValueType: Boolean
## Default: true
vm.busy_dist_port = true
## The time interval for the periodic cpu check
##
## @doc sysmon.os.cpu_check_interval
## ValueType: Duration
## Default: 60s
os.cpu_check_interval = 60s
## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set.
##
## @doc sysmon.os.cpu_high_watermark
## ValueType: Percentage
## Default: 80%
os.cpu_high_watermark = 80%
## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear.
##
## @doc sysmon.os.cpu_low_watermark
## ValueType: Percentage
## Default: 60%
os.cpu_low_watermark = 60%
## The time interval for the periodic memory check
##
## @doc sysmon.os.mem_check_interval
## ValueType: Duration | disabled
## Default: 60s
os.mem_check_interval = 60s
## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set.
##
## @doc sysmon.os.sysmem_high_watermark
## ValueType: Percentage
## Default: 70%
os.sysmem_high_watermark = 70%
## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set.
##
## @doc sysmon.os.procmem_high_watermark
## ValueType: Percentage
## Default: 5%
os.procmem_high_watermark = 5%
}
##==================================================================
## Alarm
##==================================================================
alarm {
## Specifies the actions to take when an alarm is activated
##
## @doc alarm.actions
## ValueType: Array<AlarmAction>
## Default: [log, publish]
actions = [log, publish]
## The maximum number of deactivated alarms
##
## @doc alarm.size_limit
## ValueType: Integer
## Default: 1000
size_limit = 1000
## Validity Period of deactivated alarms
##
## @doc alarm.validity_period
## ValueType: Duration
## Default: 24h
validity_period = 24h
}
## Config references for listeners
## Socket options for TCP connections
## See: http://erlang.org/doc/man/inet.html
example_common_tcp_options {
## Specify the {active, N} option for this Socket.
##
## See: https://erlang.org/doc/man/inet.html#setopts-2
##
## @doc listeners.<name>.tcp.active_n
## ValueType: Number
## Default: 100
tcp.active_n = 100
## TCP backlog defines the maximum length that the queue of
## pending connections can grow to.
##
## @doc listeners.<name>.tcp.backlog
## ValueType: Number
## Range: [0, 1048576]
## Default: 1024
tcp.backlog = 1024
## The TCP send timeout for the connections.
##
## @doc listeners.<name>.tcp.send_timeout
## ValueType: Duration
## Default: 15s
tcp.send_timeout = 15s
## Close the connection if send timeout.
##
## @doc listeners.<name>.tcp.send_timeout_close
## ValueType: Boolean
## Default: true
tcp.send_timeout_close = true
## The TCP receive buffer(os kernel) for the connections.
##
## @doc listeners.<name>.tcp.recbuf
## ValueType: Size
## Default: notset
#tcp.recbuf: 2KB
## The TCP send buffer(os kernel) for the connections.
##
## @doc listeners.<name>.tcp.sndbuf
## ValueType: Size
## Default: notset
#tcp.sndbuf: 4KB
## The size of the user-level software buffer used by the driver.
##
## @doc listeners.<name>.tcp.buffer
## ValueType: Size
## Default: notset
#tcp.buffer: 4KB
## The socket is set to a busy state when the amount of data queued internally
## by the ERTS socket implementation reaches this limit.
##
## @doc listeners.<name>.tcp.high_watermark
## ValueType: Size
## Default: 1MB
tcp.high_watermark = 1MB
## The TCP_NODELAY flag for the connections.
##
## @doc listeners.<name>.tcp.nodelay
## ValueType: Boolean
## Default: false
tcp.nodelay = false
## The SO_REUSEADDR flag for the connections.
##
## @doc listeners.<name>.tcp.reuseaddr
## ValueType: Boolean
## Default: true
tcp.reuseaddr = true
}
## Socket options for SSL connections
## See: http://erlang.org/doc/man/ssl.html
example_common_ssl_options {
## A performance optimization setting, it allows clients to reuse
## pre-existing sessions, instead of initializing new ones.
## Read more about it here.
##
## @doc listeners.<name>.ssl.reuse_sessions
## ValueType: Boolean
## Default: true
ssl.reuse_sessions = true
## SSL parameter renegotiation is a feature that allows a client and a server
## to renegotiate the parameters of the SSL connection on the fly.
## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
## you drop support for the insecure renegotiation, prone to MitM attacks.
##
## @doc listeners.<name>.ssl.secure_renegotiate
## ValueType: Boolean
## Default: true
ssl.secure_renegotiate = true
## In protocols that support client-initiated renegotiation,
## the cost of resources of such an operation is higher for the server than the client.
## This can act as a vector for denial of service attacks.
## The SSL application already takes measures to counter-act such attempts,
## but client-initiated renegotiation can be strictly disabled by setting this option to false.
## The default value is true. Note that disabling renegotiation can result in
## long-lived connections becoming unusable due to limits on
## the number of messages the underlying cipher suite can encipher.
ssl.client_renegotiation = true
## An important security setting, it forces the cipher to be set based
## on the server-specified order instead of the client-specified order,
## hence enforcing the (usually more properly configured) security
## ordering of the server administrator.
##
## @doc listeners.<name>.ssl.honor_cipher_order
## ValueType: Boolean
## Default: true
ssl.honor_cipher_order = true
# ssl.versions = ["tlsv1.3", "tlsv1.2", "tlsv1.1", "tlsv1"]
# TLS 1.3: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256"
# TLS 1-1.2 "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
# PSK: "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
# NOTE: If PSK cipher-suites are intended, tlsv1.3 should not be enabled in 'versions' config
# NOTE: by default, ALL ciphers are enabled
# ssl.ciphers = ""
## TLS Handshake timeout.
##
## @doc listeners.<name>.ssl.handshake_timeout
## ValueType: Duration
## Default: 15s
ssl.handshake_timeout = 15s
## Maximum number of non-self-issued intermediate certificates that
## can follow the peer certificate in a valid certification path.
##
## @doc listeners.<name>.ssl.depth
## ValueType: Integer
## Default: 10
ssl.depth = 10
## Path to the file containing the user's private PEM-encoded key.
##
## @doc listeners.<name>.ssl.keyfile
## ValueType: File
## Default: "etc/certs/key.pem"
ssl.keyfile = "etc/certs/key.pem"
## Path to a file containing the user certificate.
##
## @doc listeners.<name>.ssl.certfile
## ValueType: File
## Default: "etc/certs/cert.pem"
ssl.certfile = "etc/certs/cert.pem"
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## @doc listeners.<name>.ssl.cacertfile
## ValueType: File
## Default: "etc/certs/cacert.pem"
ssl.cacertfile = "etc/certs/cacert.pem"
## Maximum number of non-self-issued intermediate certificates that
## can follow the peer certificate in a valid certification path.
##
## @doc listeners.<name>.ssl.depth
## ValueType: Number
## Default: 10
ssl.depth = 10
## String containing the user's password. Only used if the private keyfile
## is password-protected.
##
## See: listener.ssl.$name.key_password
##
## @doc listeners.<name>.ssl.depth
## ValueType: String
## Default: ""
#ssl.key_password: ""
## The Ephemeral Diffie-Helman key exchange is a very effective way of
## ensuring Forward Secrecy by exchanging a set of keys that never hit
## the wire. Since the DH key is effectively signed by the private key,
## it needs to be at least as strong as the private key. In addition,
## the default DH groups that most of the OpenSSL installations have
## are only a handful (since they are distributed with the OpenSSL
## package that has been built for the operating system its running on)
## and hence predictable (not to mention, 1024 bits only).
## In order to escape this situation, first we need to generate a fresh,
## strong DH group, store it in a file and then use the option above,
## to force our SSL application to use the new DH group. Fortunately,
## OpenSSL provides us with a tool to do that. Simply run:
## openssl dhparam -out dh-params.pem 2048
##
## @doc listeners.<name>.ssl.dhfile
## ValueType: File
## Default: "etc/certs/dh-params.pem"
#ssl.dhfile: "etc/certs/dh-params.pem"
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
## message is not sent if the verify option is verify_none).
## You can then also want to specify option fail_if_no_peer_cert.
## More information at: http://erlang.org/doc/man/ssl.html
##
## @doc listeners.<name>.ssl.verify
## ValueType: verify_peer | verify_none
## Default: verify_none
ssl.verify = verify_none
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
## sends an empty certificate.
##
## @doc listeners.<name>.ssl.fail_if_no_peer_cert
## ValueType: Boolean
## Default: true
ssl.fail_if_no_peer_cert = false
}
## Socket options for websocket connections
example_common_websocket_options {
## The path of WebSocket MQTT endpoint
##
## @doc listeners.<name>.websocket.mqtt_path
## ValueType: Path
## Default: "/mqtt"
websocket.mqtt_path = "/mqtt"
## Whether a WebSocket message is allowed to contain multiple MQTT packets
##
## @doc listeners.<name>.websocket.mqtt_piggyback
## ValueType: single | multiple
## Default: multiple
websocket.mqtt_piggyback = multiple
## The compress flag for external WebSocket connections.
##
## If this Value is set true,the websocket message would be compressed
##
## @doc listeners.<name>.websocket.compress
## ValueType: Boolean
## Default: false
websocket.compress = false
## The idle timeout for external WebSocket connections.
##
## @doc listeners.<name>.websocket.idle_timeout
## ValueType: Duration | infinity
## Default: infinity
websocket.idle_timeout = infinity
## The max frame size for external WebSocket connections.
##
## @doc listeners.<name>.websocket.max_frame_size
## ValueType: Size
## Default: infinity
websocket.max_frame_size = infinity
## If set to true, the server fails if the client does not
## have a Sec-WebSocket-Protocol to send.
## Set to false for WeChat MiniApp.
##
## @doc listeners.<name>.websocket.fail_if_no_subprotocol
## ValueType: Boolean
## Default: true
websocket.fail_if_no_subprotocol = true
## Supported subprotocols
##
## @doc listeners.<name>.websocket.supported_subprotocols
## ValueType: String
## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
websocket.supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
## Enable origin check in header for websocket connection
##
## @doc listeners.<name>.websocket.check_origin_enable
## ValueType: Boolean
## Default: false
websocket.check_origin_enable = false
## Allow origin to be absent in header in websocket connection
## when check_origin_enable is true
##
## @doc listeners.<name>.websocket.allow_origin_absence
## ValueType: Boolean
## Default: true
websocket.allow_origin_absence = true
## Comma separated list of allowed origin in header for websocket connection
##
## @doc listeners.<name>.websocket.check_origins
## ValueType: String
## Examples:
## local http dashboard url
## check_origins: "http://localhost:18083, http://127.0.0.1:18083"
## Default: ""
websocket.check_origins = "http://localhost:18083, http://127.0.0.1:18083"
## Specify which HTTP header for real source IP if the EMQ X cluster is
## deployed behind NGINX or HAProxy.
##
## @doc listeners.<name>.websocket.proxy_address_header
## ValueType: String
## Default: X-Forwarded-For
websocket.proxy_address_header = X-Forwarded-For
## Specify which HTTP header for real source port if the EMQ X cluster is
## deployed behind NGINX or HAProxy.
##
## @doc listeners.<name>.websocket.proxy_port_header
## ValueType: String
## Default: X-Forwarded-Port
websocket.proxy_port_header = X-Forwarded-Port
websocket.deflate_opts {
## The level of deflate options for external WebSocket connections.
##
## @doc listeners.<name>.websocket.deflate_opts.level
## ValueType: none | default | best_compression | best_speed
## Default: default
level = default
## The mem_level of deflate options for external WebSocket connections.
##
## @doc listeners.<name>.websocket.deflate_opts.mem_level
## ValueType: Integer
## Range: [1,9]
## Default: 8
mem_level = 8
## The strategy of deflate options for external WebSocket connections.
##
## @doc listeners.<name>.websocket.deflate_opts.strategy
## ValueType: default | filtered | huffman_only | rle
## Default: default
strategy = default
## The deflate option for external WebSocket connections.
##
## @doc listeners.<name>.websocket.deflate_opts.server_context_takeover
## ValueType: takeover | no_takeover
## Default: takeover
server_context_takeover = takeover
## The deflate option for external WebSocket connections.
##
## @doc listeners.<name>.websocket.deflate_opts.client_context_takeover
## ValueType: takeover | no_takeover
## Default: takeover
client_context_takeover = takeover
## The deflate options for external WebSocket connections.
##
##
## @doc listeners.<name>.websocket.deflate_opts.server_max_window_bits
## ValueType: Integer
## Range: [8,15]
## Default: 15
server_max_window_bits = 15
## The deflate options for external WebSocket connections.
##
## @doc listeners.<name>.websocket.deflate_opts.client_max_window_bits
## ValueType: Integer
## Range: [8,15]
## Default: 15
client_max_window_bits = 15
}
}
persistent_session_store {
## Enable/disable internal persistent session store.
##
## @doc persistent_session_store.enabled
## ValueType: Boolean
## Default: false
enabled = false
## How long are undelivered messages retained in the store
##
## @doc persistent_session_store.max_retain_undelivered
## ValueType: Duration
## Default: 1h
max_retain_undelivered = 1h
## The time interval in which to try to run garbage collection of persistent session messages
##
## @doc persistent_session_store.message_gc_interval
## ValueType: Duration
## Default: 1h
message_gc_interval = 1h
## The time interval in which to try to run garbage collection of persistent session transient data
##
## @doc persistent_session_store.session_message_gc_interval
## ValueType: Duration
## Default: 1m
session_message_gc_interval = 1m
}
authentication: []
authorization {
# sources = [
# # {
# # type: http
# # url: "https://emqx.com"
# # headers: {
# # Accept: "application/json"
# # Content-Type: "application/json"
# # }
# # },
# # {
# # type: mysql
# # server: "127.0.0.1:3306"
# # database: mqtt
# # pool_size: 1
# # username: root
# # password: public
# # auto_reconnect: true
# # ssl: {
# # enable: true
# # cacertfile: "etc/certs/cacert.pem"
# # certfile: "etc/certs/client-cert.pem"
# # keyfile: "etc/certs/client-key.pem"
# # }
# # query: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = ${peerhost} or username = ${username} or clientid = ${clientid}"
# # },
# # {
# # type: postgresql
# # server: "127.0.0.1:5432"
# # database: mqtt
# # pool_size: 1
# # username: root
# # password: public
# # auto_reconnect: true
# # ssl: {enable: false}
# # query: "select ipaddress, username, clientid, action, permission, topic from mqtt_authz where ipaddr = ${peerhost} or username = ${username} or username = '$all' or clientid = ${clientid}"
# # },
# # {
# # type: redis
# # server: "127.0.0.1:6379"
# # database: 0
# # pool_size: 1
# # password: public
# # auto_reconnect: true
# # ssl: {enable: false}
# # cmd: "HGETALL mqtt_authz:${username}"
# # },
# # {
# # type: mongodb
# # mongo_type: single
# # server: "127.0.0.1:27017"
# # pool_size: 1
# # database: mqtt
# # ssl: {enable: false}
# # collection: mqtt_authz
# # selector: { "$or": [ { "username": "${username}" }, { "clientid": "${clientid}" } ] }
# # },
# {
# type: built-in-database
# },
# {
# type: file
# # file is loaded into cache
# path: "etc/acl.conf"
# }
# ]
}
auto_subscribe {
topics = [
## {
## topic = "/c/${clientid}"
## qos = 0
## rh = 0
## rap = 0
## nl = 0
## },
## {
## topic = "/u/${username}"
## },
## {
## topic = "/h/${host}"
## qos = 2
## },
## {
## topic = "/p/${port}"
## },
## {
## topic = "/topic/abc"
## },
## {
## topic = "/client/${clientid}/username/${username}/host/${host}/port/${port}"
## }
]
}
##--------------------------------------------------------------------
## EMQ X Bridge
##--------------------------------------------------------------------
## MQTT bridges to/from another MQTT broker
#bridges.mqtt.my_ingress_mqtt_bridge {
# connector = "mqtt:my_mqtt_connector"
# direction = ingress
# ## topic mappings for this bridge
# from_remote_topic = "aws/#"
# subscribe_qos = 1
# to_local_topic = "from_aws/${topic}"
# payload = "${payload}"
# qos = "${qos}"
# retain = "${retain}"
#}
#
#bridges.mqtt.my_egress_mqtt_bridge {
# connector = "mqtt:my_mqtt_connector"
# direction = egress
# ## topic mappings for this bridge
# from_local_topic = "emqx/#"
# to_remote_topic = "from_emqx/${topic}"
# payload = "${payload}"
# qos = 1
# retain = false
#}
#
## HTTP bridges to an HTTP server
#bridges.http.my_http_bridge {
# ## NOTE: we cannot use placehodler variables in the `scheme://host:port` part of the url
# url = "http://localhost:9901/messages/${topic}"
# request_timeout = "30s"
# connect_timeout = "30s"
# max_retries = 3
# retry_interval = "10s"
# pool_type = "random"
# pool_size = 4
# enable_pipelining = true
# ssl {
# enable = false
# keyfile = "etc/certs/client-key.pem"
# certfile = "etc/certs/client-cert.pem"
# cacertfile = "etc/certs/cacert.pem"
# }
#
# from_local_topic = "emqx_http/#"
# ## the following config entries can use placehodler variables:
# ## url, method, body, headers
# method = post
# body = "${payload}"
# headers {
# "content-type": "application/json"
# }
#}
#connectors.mqtt.my_mqtt_connector {
# mode = cluster_shareload
# server = "127.0.0.1:1883"
# proto_ver = "v4"
# username = "username1"
# password = ""
# clean_start = true
# keepalive = 300
# retry_interval = "30s"
# max_inflight = 32
# reconnect_interval = "30s"
# replayq {
# dir = "data/replayq/bridge_mqtt/"
# seg_bytes = "100MB"
# offload = false
# }
# ssl {
# enable = false
# keyfile = "etc/certs/client-key.pem"
# certfile = "etc/certs/client-cert.pem"
# cacertfile = "etc/certs/cacert.pem"
# }
#}
##--------------------------------------------------------------------
## EMQ X Dashboard
##--------------------------------------------------------------------
emqx_dashboard {
default_username = "admin"
default_password = "public"
## notice: sample_interval should be divisible by 60.
sample_interval = 10s
## api jwt timeout. default is 30 minute
token_expired_time = 60m
listeners = [
{
protocol = http
num_acceptors = 4
max_connections = 512
port = 18083
backlog = 512
send_timeout = 5s
inet6 = false
ipv6_v6only = false
}
# ,
# {
# protocol = https
# port = 18084
# num_acceptors = 2
# backlog = 512
# send_timeout = 5s
# inet6 = false
# ipv6_v6only = false
# certfile = "etc/certs/cert.pem"
# keyfile = "etc/certs/key.pem"
# cacertfile = "etc/certs/cacert.pem"
# verify = verify_peer
# versions = ["tlsv1.3","tlsv1.2","tlsv1.1","tlsv1"]
# ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256","TLS_CHACHA20_POLY1305_SHA256","TLS_AES_128_CCM_SHA256","TLS_AES_128_CCM_8_SHA256","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384","ECDHE-ECDSA-DES-CBC3-SHA","ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384","ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384","DHE-DSS-AES256-GCM-SHA384","DHE-DSS-AES256-SHA256","AES256-GCM-SHA384","AES256-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES128-SHA256","ECDHE-RSA-AES128-SHA256","ECDH-ECDSA-AES128-GCM-SHA256","ECDH-RSA-AES128-GCM-SHA256","ECDH-ECDSA-AES128-SHA256","ECDH-RSA-AES128-SHA256","DHE-DSS-AES128-GCM-SHA256","DHE-DSS-AES128-SHA256","AES128-GCM-SHA256","AES128-SHA256","ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA","ECDH-ECDSA-AES256-SHA","ECDH-RSA-AES256-SHA","AES256-SHA","ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA","ECDH-ECDSA-AES128-SHA","ECDH-RSA-AES128-SHA","AES128-SHA"]
# }
]
## CORS Support. don't set cors true if you don't know what it means.
# cors = false
}
##====================================================================
## EMQ X Hooks
##====================================================================
exhook {
## The default value or action will be returned, while the request to
## the gRPC server failed or no available grpc server running.
##
## Default: deny
## Value: ignore | deny
request_failed_action = deny
## The timeout to request grpc server
##
## Default: 5s
## Value: Duration
request_timeout = 5s
## Whether to automatically reconnect (initialize) the gRPC server
##
## When gRPC is not available, exhook tries to request the gRPC service at
## that interval and reinitialize the list of mounted hooks.
##
## Default: false
## Value: false | Duration
auto_reconnect = 60s
servers = [
# { name: "default"
# url: "http://127.0.0.1:9000"
# #ssl: {
# # cacertfile: "etc/certs/cacert.pem"
# # certfile: "etc/certs/cert.pem"
# # keyfile: "etc/certs/key.pem"
# #}
# }
]
}
##--------------------------------------------------------------------
## EMQ X Gateway configurations
##--------------------------------------------------------------------
## No gateway by default.
##
## If you want to get how to config it, please see emqx_gateway.conf.example.
##--------------------------------------------------------------------
## Emq X Rate Limiter
##--------------------------------------------------------------------
emqx_limiter {
bytes_in {
global = "100KB/10s" # token generation rate
zone.default = "100kB/10s"
zone.external = "20kB/10s"
bucket.tcp {
zone = default
aggregated = "100kB/10s,1Mb"
per_client = "100KB/10s,10Kb"
}
bucket.ssl {
zone = external
aggregated = "100kB/10s,1Mb"
per_client = "100KB/10s,10Kb"
}
}
message_in {
global = "100/10s"
zone.default = "100/10s"
bucket.bucket1 {
zone = default
aggregated = "100/10s,1000"
per_client = "100/10s,100"
}
}
connection {
global = "100/10s"
zone.default = "100/10s"
bucket.bucket1 {
zone = default
aggregated = "100/10s,1000"
per_client = "100/10s,100"
}
}
message_routing {
global = "100/10s"
zone.default = "100/10s"
bucket.bucket1 {
zone = default
aggregated = "100/10s,100"
per_client = "100/10s,10"
}
}
}
delayed {
enable = true
## 0 is no limit
max_delayed_messages = 0
}
observer_cli {
enable = true
}
telemetry {
enable = true
}
event_message {
"$event/client_connected" = true
"$event/client_disconnected" = true
# "$event/client_subscribed": false
# "$event/client_unsubscribed": false
# "$event/message_delivered": false
# "$event/message_acked": false
# "$event/message_dropped": false
}
topic_metrics: [
#{topic: "test/1"}
]
rewrite: [
# {
# action = publish
# source_topic = "x/#"
# re = "^x/y/(.+)$"
# dest_topic = "z/y/$1"
# },
# {
# action = subscribe
# source_topic = "x1/#"
# re = "^x1/y/(.+)$"
# dest_topic = "z1/y/$1"
# },
# {
# action = all
# source_topic = "x2/#"
# re = "^x2/y/(.+)$"
# dest_topic = "z2/y/$1"
# }
]
##--------------------------------------------------------------------
## emqx_prometheus for EMQ X
##--------------------------------------------------------------------
prometheus {
push_gateway_server = "http://127.0.0.1:9091"
interval = "15s"
enable = true
}
##--------------------------------------------------------------------
## EMQ X PSK
##--------------------------------------------------------------------
psk_authentication {
## Whether to enable the PSK feature.
enable = false
## If init file is specified, emqx will import PSKs from the file
## into the built-in database at startup for use by the runtime.
##
## The file has to be structured line-by-line, each line must be in
## the format: <PSKIdentity>:<SharedSecret>
## init_file = "data/init.psk"
## Specifies the separator for PSKIdentity and SharedSecret in the init file.
## The default is colon (:)
## separator = ":"
## The size of each chunk used to import to the built-in database from psk file
## chunk_size = 50
}
##--------------------------------------------------------------------
## EMQ X Retainer
##--------------------------------------------------------------------
## Where to store the retained messages.
##
## Notice that all nodes in the same cluster have to be configured to
emqx_retainer {
## enable/disable emqx_retainer
enable = true
## Periodic interval for cleaning up expired messages. Never clear if the value is 0.
##
## Value: Duration
## - h: hour
## - m: minute
## - s: second
##
## Examples:
## - 2h: 2 hours
## - 30m: 30 minutes
## - 20s: 20 seconds
##
## Default: 0s
msg_clear_interval = 0s
## Message retention time. 0 means message will never be expired.
##
## Default: 0s
msg_expiry_interval = 0s
## When the retained flag of the PUBLISH message is set and Payload is empty,
## whether to continue to publish the message.
## see: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038
##
## Default: false
#stop_publish_clear_msg = false
## The message read and deliver flow rate control
## When a client subscribe to a wildcard topic, may many retained messages will be loaded.
## If you don't want these data loaded to the memory all at once, you can use this to control.
## The processing flow:
## load max_read_number retained message from storage ->
## deliver ->
## repeat this, until all retianed messages are delivered
##
flow_control {
## The max messages number per read from storage. 0 means no limit
##
## Default: 0
max_read_number = 0
## The max number of retained message can be delivered in emqx per quota_release_interval.0 means no limit
##
## Default: 0
msg_deliver_quota = 0
## deliver quota reset interval
##
## Default: 0s
quota_release_interval = 0s
}
## Maximum retained message size.
##
## Value: Bytes
max_payload_size = 1MB
## Storage connect parameters
##
## Value: built_in_database
##
config {
type = built_in_database
## storage_type: ram | disc | disc_only
storage_type = ram
## Maximum number of retained messages. 0 means no limit.
##
## Value: Number >= 0
max_retained_messages = 0
}
}
##====================================================================
## Rule Engine for EMQ X R5.0
##====================================================================
rule_engine {
ignore_sys_message = true
#rules.my_republish_rule {
# description = "A simple rule that republishs MQTT messages from topic 't/1' to 't/2'"
# enable = true
# sql = "SELECT * FROM \"t/1\""
# outputs = [
# {
# function = republish
# args = {
# topic = "t/2"
# qos = "${qos}"
# payload = "${payload}"
# }
# }
# ]
#}
}
##--------------------------------------------------------------------
## Statsd for EMQ X
##--------------------------------------------------------------------
statsd {
enable = true
server = "127.0.0.1:8125"
sample_time_interval = "10s"
flush_time_interval = "10s"
}
include "cluster-override.conf"
include "local-override.conf"
Reference in New Issue View Git Blame Copy Permalink