118 lines
2.5 KiB
Plaintext
118 lines
2.5 KiB
Plaintext
##--------------------------------------------------------------------
|
|
## PostgreSQL Auth/ACL Plugin
|
|
##--------------------------------------------------------------------
|
|
|
|
## PostgreSQL server address.
|
|
##
|
|
## Value: Port | IP:Port
|
|
##
|
|
## Examples: 5432, 127.0.0.1:5432, localhost:5432
|
|
auth.pgsql.server = 127.0.0.1:5432
|
|
|
|
## PostgreSQL pool size.
|
|
##
|
|
## Value: Number
|
|
auth.pgsql.pool = 8
|
|
|
|
## PostgreSQL username.
|
|
##
|
|
## Value: String
|
|
auth.pgsql.username = root
|
|
|
|
## PostgreSQL password.
|
|
##
|
|
## Value: String
|
|
#auth.pgsql.password =
|
|
|
|
## PostgreSQL database.
|
|
##
|
|
## Value: String
|
|
auth.pgsql.database = mqtt
|
|
|
|
## PostgreSQL database encoding.
|
|
##
|
|
## Value: String
|
|
auth.pgsql.encoding = utf8
|
|
|
|
## Whether to enable SSL connection.
|
|
##
|
|
## Value: on | off
|
|
auth.pgsql.ssl = off
|
|
|
|
## TLS version.
|
|
##
|
|
## Available enum values:
|
|
## tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
|
|
##
|
|
## Value: String, seperated by ','
|
|
#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
|
|
|
|
## SSL keyfile.
|
|
##
|
|
## Value: File
|
|
#auth.pgsql.ssl.keyfile =
|
|
|
|
## SSL certfile.
|
|
##
|
|
## Value: File
|
|
#auth.pgsql.ssl.certfile =
|
|
|
|
## SSL cacertfile.
|
|
##
|
|
## Value: File
|
|
#auth.pgsql.ssl.cacertfile =
|
|
|
|
## Authentication query.
|
|
##
|
|
## Value: SQL
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
##
|
|
auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
|
|
|
|
## Password hash.
|
|
##
|
|
## Value: plain | md5 | sha | sha256 | bcrypt
|
|
auth.pgsql.password_hash = sha256
|
|
|
|
## sha256 with salt prefix
|
|
## auth.pgsql.password_hash = salt,sha256
|
|
|
|
## sha256 with salt suffix
|
|
## auth.pgsql.password_hash = sha256,salt
|
|
|
|
## bcrypt with salt prefix
|
|
## auth.pgsql.password_hash = salt,bcrypt
|
|
|
|
## pbkdf2 with macfun iterations dklen
|
|
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
|
|
## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
|
|
|
|
## Superuser query.
|
|
##
|
|
## Value: SQL
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
##
|
|
auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
|
|
|
|
## ACL query. Comment this query, the ACL will be disabled.
|
|
##
|
|
## Value: SQL
|
|
##
|
|
## Variables:
|
|
## - %a: ipaddress
|
|
## - %u: username
|
|
## - %c: clientid
|
|
##
|
|
## Note: You can add the 'ORDER BY' statement to control the rules match order
|
|
auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
|