83 lines
2.6 KiB
Plaintext
83 lines
2.6 KiB
Plaintext
## Dashboard on HTTPS
|
|
##
|
|
## Configure HTTPS for EMQX dashboard
|
|
|
|
dashboard {
|
|
## JWT token expiration time
|
|
token_expired_time = 60m
|
|
|
|
## Support Cross-Origin Resource Sharing (CORS)
|
|
cors = false
|
|
|
|
listeners.https {
|
|
|
|
## Port or Address to listen on, 0 means disable
|
|
bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084
|
|
|
|
## Socket acceptor pool size for TCP protocols
|
|
num_acceptors = 8
|
|
|
|
## Maximum number of simultaneous connections
|
|
max_connections = 512
|
|
|
|
## Defines the maximum length that the queue of pending connections can grow to
|
|
backlog = 1024
|
|
|
|
## Send timeout for the socket
|
|
send_timeout = 10s
|
|
|
|
## Enable IPv6 support, default is false, which means IPv4 only
|
|
inet6 = false
|
|
|
|
## Disable IPv4-to-IPv6 mapping for the listener
|
|
ipv6_v6only = false
|
|
|
|
## Enable support for `HAProxy` header
|
|
proxy_header = false
|
|
|
|
## Trusted PEM format CA certificates bundle file
|
|
cacertfile = "data/certs/cacert.pem"
|
|
|
|
## PEM format certificates chain file
|
|
certfile = "data/certs/cert.pem"
|
|
|
|
## PEM format private key file
|
|
keyfile = "data/certs/key.pem"
|
|
|
|
## Enable or disable peer verification
|
|
verify = verify_none ## use verify_peer to enable
|
|
|
|
## Enable TLS session reuse
|
|
reuse_sessions = true
|
|
|
|
## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
|
|
depth = 10
|
|
|
|
## Which versions are to be supported
|
|
versions = [tlsv1.3, tlsv1.2]
|
|
|
|
## TLS cipher suite names
|
|
## Note: By default, all available suites are supported, you do not need to set this
|
|
ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]
|
|
|
|
## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
|
|
secure_renegotiate = true
|
|
|
|
## Log level for SSL communication
|
|
## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
|
|
log_level = notice
|
|
|
|
## Hibernate the SSL process after idling for amount of time reducing its memory footprint
|
|
hibernate_after = 5s
|
|
|
|
## Forces the cipher to be set based on the server-specified order instead of the client-specified order
|
|
honor_cipher_order = true
|
|
|
|
## Setting this to false to disable client-initiated renegotiation
|
|
client_renegotiation = true
|
|
|
|
## Maximum time duration allowed for the handshake to complete
|
|
handshake_timeout = 15s
|
|
}
|
|
}
|