132 lines
3.2 KiB
Plaintext
132 lines
3.2 KiB
Plaintext
##--------------------------------------------------------------------
|
|
## MySQL Auth/ACL Plugin
|
|
##--------------------------------------------------------------------
|
|
|
|
## MySQL server address.
|
|
##
|
|
## Value: Port | IP:Port
|
|
##
|
|
## Examples: 3306, 127.0.0.1:3306, localhost:3306
|
|
auth.mysql.server = 127.0.0.1:3306
|
|
|
|
## MySQL pool size.
|
|
##
|
|
## Value: Number
|
|
auth.mysql.pool = 8
|
|
|
|
## MySQL username.
|
|
##
|
|
## Value: String
|
|
#auth.mysql.username =
|
|
|
|
## MySQL password.
|
|
##
|
|
## Value: String
|
|
#auth.mysql.password =
|
|
|
|
## MySQL database.
|
|
##
|
|
## Value: String
|
|
auth.mysql.database = mqtt
|
|
|
|
## MySQL query timeout
|
|
##
|
|
## Value: Duration
|
|
## auth.mysql.query_timeout = 5s
|
|
|
|
## Variables: %u = username, %c = clientid
|
|
|
|
## Authentication query.
|
|
##
|
|
## Note that column names should be 'password' and 'salt' (if used).
|
|
## In case column names differ in your DB - please use aliases,
|
|
## e.g. "my_column_name as password".
|
|
##
|
|
## Value: SQL
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
##
|
|
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
|
|
## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
|
|
|
|
## Password hash.
|
|
##
|
|
## Value: plain | md5 | sha | sha256 | bcrypt
|
|
auth.mysql.password_hash = sha256
|
|
|
|
## sha256 with salt prefix
|
|
## auth.mysql.password_hash = salt,sha256
|
|
|
|
## bcrypt with salt only prefix
|
|
## auth.mysql.password_hash = salt,bcrypt
|
|
|
|
## sha256 with salt suffix
|
|
## auth.mysql.password_hash = sha256,salt
|
|
|
|
## pbkdf2 with macfun iterations dklen
|
|
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
|
|
## auth.mysql.password_hash = pbkdf2,sha256,1000,20
|
|
|
|
## Superuser query.
|
|
##
|
|
## Value: SQL
|
|
##
|
|
## Variables:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
## - %C: common name of client TLS cert
|
|
## - %d: subject of client TLS cert
|
|
##
|
|
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
|
|
|
|
## ACL query.
|
|
##
|
|
## Value: SQL
|
|
##
|
|
## Variables:
|
|
## - %a: ipaddr
|
|
## - %u: username
|
|
## - %c: clientid
|
|
##
|
|
## Note: You can add the 'ORDER BY' statement to control the rules match order
|
|
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
|
|
|
|
## Mysql ssl configuration.
|
|
##
|
|
## Value: on | off
|
|
#auth.mysql.ssl = off
|
|
|
|
## CA certificate.
|
|
##
|
|
## Value: File
|
|
#auth.mysql.ssl.cacertfile = /path/to/ca.pem
|
|
|
|
## Client ssl certificate.
|
|
##
|
|
## Value: File
|
|
#auth.mysql.ssl.certfile = /path/to/your/clientcert.pem
|
|
|
|
## Client ssl keyfile.
|
|
##
|
|
## Value: File
|
|
#auth.mysql.ssl.keyfile = /path/to/your/clientkey.pem
|
|
|
|
## In mode verify_none the default behavior is to allow all x509-path
|
|
## validation errors.
|
|
##
|
|
## Value: true | false
|
|
#auth.mysql.ssl.verify = false
|
|
|
|
## If not specified, the server's names returned in server's certificate is validated against
|
|
## what's provided `auth.mysql.server` config's host part.
|
|
## Setting to 'disable' will make EMQX ignore unmatched server names.
|
|
## If set with a host name, the server's names returned in server's certificate is validated
|
|
## against this value.
|
|
##
|
|
## Value: String | disable
|
|
## auth.mysql.ssl.server_name_indication = disable
|