emqx/rel/i18n/emqx_schema.hocon

emqx_schema {

fields_mqtt_quic_listener_peer_unidi_stream_count.desc:
"""Number of unidirectional streams to allow the peer to open."""

fields_mqtt_quic_listener_peer_unidi_stream_count.label:
"""Peer unidi stream count"""

fields_authorization_no_match.desc:
"""Default access control action if the user or client matches no ACL rules,
or if no such user or client is found by the configurable authorization
sources such as built_in_database, an HTTP API, or a query against PostgreSQL.
Find more details in 'authorization.sources' config."""

fields_authorization_no_match.label:
"""Authorization no match"""

sysmon_top_db_hostname.desc:
"""Hostname of the PostgreSQL database that collects the data points"""

sysmon_top_db_hostname.label:
"""DB Hostname"""

zones.desc:
"""A zone is a set of configs grouped by the zone <code>name</code>.
For flexible configuration mapping, the <code>name</code> can be set to a listener's <code>zone</code> config.
NOTE: A built-in zone named <code>default</code> is auto created and can not be deleted."""

fields_mqtt_quic_listener_certfile.desc:
"""Path to the certificate file. Will be deprecated in 5.1, use .ssl_options.certfile instead."""

fields_mqtt_quic_listener_certfile.label:
"""Certificate file"""

fields_rate_limit_conn_bytes_in.desc:
"""Limit the rate of receiving packets for a MQTT connection.
The rate is counted by bytes of packets per second."""

fields_rate_limit_conn_bytes_in.label:
"""Connection bytes in"""

crl_cache_capacity.desc:
"""The maximum number of CRL URLs that can be held in cache.  If the cache is at full capacity and a new URL must be fetched, then it'll evict the oldest inserted URL in the cache."""

crl_cache_capacity.label:
"""CRL Cache Capacity"""

alarm_actions.desc:
"""The actions triggered when the alarm is activated.<br/>Currently, the following actions are supported: <code>log</code> and <code>publish</code>.
<code>log</code> is to write the alarm to log (console or file).
<code>publish</code> is to publish the alarm as an MQTT message to the system topics:
<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate</code> and
<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate</code>"""

alarm_actions.label:
"""Alarm Actions"""

base_listener_max_connections.desc:
"""The maximum number of concurrent connections allowed by the listener."""

base_listener_max_connections.label:
"""Max connections"""

mqtt_peer_cert_as_username.desc:
"""Use the CN, DN field in the peer certificate or the entire certificate content as Username. Only works for the TLS connection.
Supported configurations are the following:
- <code>cn</code>: CN field of the certificate
- <code>dn</code>: DN field of the certificate
- <code>crt</code>: Content of the <code>DER</code> or <code>PEM</code> certificate
- <code>pem</code>: Convert <code>DER</code> certificate content to <code>PEM</code> format and use as Username
- <code>md5</code>: MD5 value of the <code>DER</code> or <code>PEM</code> certificate"""

mqtt_peer_cert_as_username.label:
"""Use Peer Certificate as Username"""

fields_cache_enable.desc:
"""Enable or disable the authorization cache."""

fields_cache_enable.label:
"""Enable or disable the authorization cache."""

fields_mqtt_quic_listener_disconnect_timeout_ms.desc:
"""How long to wait for an ACK before declaring a path dead and disconnecting. Default: 16000"""

fields_mqtt_quic_listener_disconnect_timeout_ms.label:
"""Disconnect timeout ms"""

mqtt_max_topic_alias.desc:
"""Maximum topic alias, 0 means no topic alias supported."""

mqtt_max_topic_alias.label:
"""Max Topic Alias"""

common_ssl_opts_schema_user_lookup_fun.desc:
"""EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.<br/>
Has no effect when TLS version is configured (or negotiated) to 1.3"""

common_ssl_opts_schema_user_lookup_fun.label:
"""SSL PSK user lookup fun"""

fields_listeners_wss.desc:
"""HTTPS websocket listeners."""

fields_listeners_wss.label:
"""HTTPS websocket listeners"""

sysmon_top_max_procs.desc:
"""Stop collecting data when the number of processes
in the VM exceeds this value"""

sysmon_top_max_procs.label:
"""Max procs"""

mqtt_use_username_as_clientid.desc:
"""Whether to use Username as Client ID.
This setting takes effect later than `peer_cert_as_username` and `peer_cert_as_clientid`."""

mqtt_use_username_as_clientid.label:
"""Use Username as Client ID"""

mqtt_max_qos_allowed.desc:
"""Maximum QoS allowed."""

mqtt_max_qos_allowed.label:
"""Max QoS"""

fields_mqtt_quic_listener_max_binding_stateless_operations.desc:
"""The maximum number of stateless operations that may be queued on a binding at any one time. Default: 100"""

fields_mqtt_quic_listener_max_binding_stateless_operations.label:
"""Max binding stateless operations"""

fields_mqtt_quic_listener_stream_recv_buffer_default.desc:
"""Stream initial buffer size. Default: 4096"""

fields_mqtt_quic_listener_stream_recv_buffer_default.label:
"""Stream recv buffer default"""

fields_mqtt_quic_listener_pacing_enabled.desc:
"""Pace sending to avoid overfilling buffers on the path. Default: 1 (Enabled)"""

fields_mqtt_quic_listener_pacing_enabled.label:
"""Pacing enabled"""

mqtt_max_subscriptions.desc:
"""Maximum number of subscriptions allowed per client."""

mqtt_max_subscriptions.label:
"""Max Subscriptions"""

sysmon_os_cpu_low_watermark.desc:
"""The threshold, as percentage of system CPU load,
 for how much system cpu can be used before the corresponding alarm is cleared. Disabled on Windows platform"""

sysmon_os_cpu_low_watermark.label:
"""CPU low watermark"""

fields_mqtt_quic_listener_tls_server_max_send_buffer.desc:
"""How much Server TLS data to buffer. Default: 8192"""

fields_mqtt_quic_listener_tls_server_max_send_buffer.label:
"""TLS server max send buffer"""

base_listener_bind.desc:
"""IP address and port for the listening socket."""

base_listener_bind.label:
"""IP address and port"""

server_ssl_opts_schema_handshake_timeout.desc:
"""Maximum time duration allowed for the handshake to complete"""

server_ssl_opts_schema_handshake_timeout.label:
"""Handshake timeout"""

fields_deflate_opts_server_context_takeover.desc:
"""Takeover means the compression state is retained between server messages."""

fields_deflate_opts_server_context_takeover.label:
"""Server context takeover"""

mqtt_session_expiry_interval.desc:
"""Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections."""

mqtt_session_expiry_interval.label:
"""Session Expiry Interval"""

mqtt_message_expiry_interval.desc:
"""The expiry interval of MQTT messages. For MQTT 5.0 clients, this configuration will only take effect when the `Message-Expiry-Interval` property is not set in the message; otherwise, the value of the `Message-Expiry-Interval` property will be used. For MQTT versions older than 5.0, this configuration will always take effect. Please note that setting `message_expiry_interval` greater than `session_expiry_interval` is meaningless, as all messages will be cleared when the session expires."""

mqtt_message_expiry_interval.label:
"""Message Expiry Interval"""

fields_listener_enabled.desc:
"""Enable listener."""

fields_listener_enabled.label:
"""Enable listener"""

mqtt.desc:
"""Global MQTT configuration.
The configs here work as default values which can be overridden in <code>zone</code> configs"""

crl_cache_refresh_http_timeout.desc:
"""The timeout for the HTTP request when fetching CRLs.  This is a global setting for all listeners."""

crl_cache_refresh_http_timeout.label:
"""CRL Cache Refresh HTTP Timeout"""

fields_tcp_opts_backlog.desc:
"""TCP backlog defines the maximum length that the queue of
pending connections can grow to."""

fields_tcp_opts_backlog.label:
"""TCP backlog length"""

fields_mqtt_quic_listener_initial_window_packets.desc:
"""The size (in packets) of the initial congestion window for a connection. Default: 10"""

fields_mqtt_quic_listener_initial_window_packets.label:
"""Initial window packets"""

flapping_detect_enable.desc:
"""Enable flapping connection detection feature."""

flapping_detect_enable.label:
"""Enable flapping detection"""

sysmon_top_db_password.desc:
"""EMQX user password in the PostgreSQL database"""

sysmon_top_db_password.label:
"""DB Password"""

fields_ws_opts_check_origins.desc:
"""List of allowed origins.<br/>See <code>check_origin_enable</code>."""

fields_ws_opts_check_origins.label:
"""Allowed origins"""

fields_deflate_opts_client_context_takeover.desc:
"""Takeover means the compression state is retained between client messages."""

fields_deflate_opts_client_context_takeover.label:
"""Client context takeover"""

base_listener_acceptors.desc:
"""The size of the listener's receiving pool."""

base_listener_acceptors.label:
"""Acceptors Num"""

common_ssl_opts_schema_cacertfile.desc:
"""Trusted PEM format CA certificates bundle file.<br/>
The certificates in this file are used to verify the TLS peer's certificates.
Append new certificates to the file if new CAs are to be trusted.
There is no need to restart EMQX to have the updated file loaded, because
the system regularly checks if file has been updated (and reload).<br/>
NOTE: invalidating (deleting) a certificate from the file will not affect
already established connections."""

common_ssl_opts_schema_cacertfile.label:
"""CACertfile"""

common_ssl_opts_schema_cacerts.desc:
"""When enabled, uses the system trusted CA certificates for establishing to TLS connections."""

common_ssl_opts_schema_cacerts.label:
"""Use System CA Certificates"""

fields_ws_opts_mqtt_path.desc: """~
    WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:
    `ws://{host}:{port}/mqtt`.
    Append `/[...]` to the end of the path to make EMQX accept any subpath.
    For example, specifying `mqtt/[...]` would allow clients to connect at paths like
    `mqtt/org1` or `mqtt/group2`, etc.

    NOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,
    meaning it will not be traceable at the MQTT layer."""

fields_ws_opts_mqtt_path.label:
"""WS MQTT Path"""

sysmon_os_procmem_high_watermark.desc:
"""The threshold, as percentage of system memory,
 for how much system memory can be allocated by one Erlang process before
 the corresponding alarm is raised. Disabled on Windows platform."""

sysmon_os_procmem_high_watermark.label:
"""ProcMem high wartermark"""

fields_listeners_quic.desc:
"""QUIC listeners."""

fields_listeners_quic.label:
"""QUIC listeners"""

fields_listeners_ws.desc:
"""HTTP websocket listeners."""

fields_listeners_ws.label:
"""HTTP websocket listeners"""

mqtt_retry_interval.desc:
"""Retry interval for QoS 1/2 message delivering."""

mqtt_retry_interval.label:
"""Retry Interval"""

stats_enable.desc:
"""Enable/disable statistic data collection."""

stats_enable.label:
"""Enable/disable statistic data collection."""

fields_authorization_deny_action.desc:
"""The action when the authorization check rejects an operation."""

fields_authorization_deny_action.label:
"""Authorization deny action"""

fields_deflate_opts_server_max_window_bits.desc:
"""Specifies the size of the compression context for the server."""

fields_deflate_opts_server_max_window_bits.label:
"""Server compression max window size"""

client_ssl_opts_schema_server_name_indication.desc:
"""Specify the host name to be used in TLS Server Name Indication extension.<br/>
For instance, when connecting to "server.example.net", the genuine server
which accepts the connection and performs TLS handshake may differ from the
host the TLS client initially connects to, e.g. when connecting to an IP address
or when the host has multiple resolvable DNS records <br/>
If not specified, it will default to the host name string which is used
to establish the connection, unless it is IP address used.<br/>
The host name is then also used in the host name verification of the peer
certificate.<br/> The special value 'disable' prevents the Server Name
Indication extension from being sent and disables the hostname
verification check."""

client_ssl_opts_schema_server_name_indication.label:
"""Server Name Indication"""

fields_mqtt_quic_listener_retry_memory_limit.desc:
"""The percentage of available memory usable for handshake connections before stateless retry is used. Calculated as `N/65535`. Default: 65"""

fields_mqtt_quic_listener_retry_memory_limit.label:
"""Retry memory limit"""

force_shutdown_max_mailbox_size.desc:
"""EMQX creates at least one lightweight process for each client connection.

Each process has its own message queue (aka mailbox) to hold messages from other processes (e.g. MQTT messages) so that the process can read messages from the message queue (mailbox) at any time.

If the system is busy or the process hangs due to a busy socket (see `high_watermark`), the message queue can accumulate many messages.

To avoid excessive memory usage, EMQX will force a process to shut down when the length of its message queue exceeds `max_mailbox_size`."""

force_shutdown_max_mailbox_size.label:
"""Maximum mailbox size."""

sys_heartbeat_interval.desc:
"""Time interval for publishing following heartbeat messages:
  - `$SYS/brokers/<node>/uptime`
  - `$SYS/brokers/<node>/datetime`"""

flapping_detect_ban_time.desc:
"""How long the flapping clientid will be banned."""

flapping_detect_ban_time.label:
"""Ban time"""

sysmon_top_num_items.desc:
"""The number of top processes per monitoring group"""

sysmon_top_num_items.label:
"""Top num items"""

mqtt_upgrade_qos.desc:
"""Force upgrade of QoS level according to subscription."""

mqtt_upgrade_qos.label:
"""Upgrade QoS"""

mqtt_shared_subscription.desc:
"""Whether to enable support for MQTT shared subscription."""

mqtt_shared_subscription.label:
"""Shared Subscription Available"""

fields_tcp_opts_sndbuf.desc:
"""The TCP send buffer (OS kernel) for the connections."""

fields_tcp_opts_sndbuf.label:
"""TCP send buffer"""

sysmon_os_mem_check_interval.desc:
"""The time interval for the periodic memory check. Disabled on Windows platform."""

sysmon_os_mem_check_interval.label:
"""Mem check interval"""

server_ssl_opts_schema_gc_after_handshake.desc:
"""Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake."""

server_ssl_opts_schema_gc_after_handshake.label:
"""Perform GC after handshake"""

fields_mqtt_quic_listener_ssl_options.desc:
"""TLS options for QUIC transport"""

fields_mqtt_quic_listener_ssl_options.label:
"""TLS Options"""

fields_ws_opts_mqtt_piggyback.desc:
"""Whether a WebSocket message is allowed to contain multiple MQTT packets."""

fields_ws_opts_mqtt_piggyback.label:
"""MQTT Piggyback"""

base_listener_mountpoint.desc:
"""When publishing or subscribing, prefix all topics with a mountpoint string.
The prefixed string will be removed from the topic name when the message
is delivered to the subscriber. The mountpoint is a way that users can use
to implement isolation of message routing between different listeners.
For example if a client A subscribes to `t` with `listeners.tcp.\<name>.mountpoint`
set to `some_tenant`, then the client actually subscribes to the topic
`some_tenant/t`. Similarly, if another client B (connected to the same listener
as the client A) sends a message to topic `t`, the message is routed
to all the clients subscribed `some_tenant/t`, so client A will receive the
message, with topic name `t`.<br/>
Set to `""` to disable the feature.<br/>

Variables in mountpoint string:
  - <code>${clientid}</code>: clientid
  - <code>${username}</code>: username"""

base_listener_mountpoint.label:
"""mountpoint"""

mqtt_max_awaiting_rel.desc:
"""For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL. After reaching this limit, new QoS 2 PUBLISH requests will be rejected with `147(0x93)` until either PUBREL is received or timed out."""

mqtt_max_awaiting_rel.label:
"""Max Awaiting PUBREL"""

ciphers_schema_quic.desc:
"""This config holds TLS cipher suite names separated by comma,
or as an array of strings. e.g.
<code>"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256"</code> or
<code>["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]</code>.
<br/>
Ciphers (and their ordering) define the way in which the
client and server encrypts information over the network connection.
Selecting a good cipher suite is critical for the
application's data security, confidentiality and performance.

The names should be in OpenSSL string format (not RFC format).
All default values and examples provided by EMQX config
documentation are all in OpenSSL format.<br/>

NOTE: Certain cipher suites are only compatible with
specific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')
incompatible cipher suites will be silently dropped.
For instance, if only 'tlsv1.3' is given in the <code>versions</code>,
configuring cipher suites for other versions will have no effect.
<br/>

NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>
If PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>
PSK cipher suites: <code>"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,
RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,
RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,
RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA"</code><br/>

NOTE: QUIC listener supports only 'tlsv1.3' ciphers"""

ciphers_schema_quic.label:
"""QUIC TLS cipher suites"""

fields_mqtt_quic_listener_max_bytes_per_key.desc:
"""Maximum number of bytes to encrypt with a single 1-RTT encryption key before initiating key update. Default: 274877906944"""

fields_mqtt_quic_listener_max_bytes_per_key.label:
"""Max bytes per key"""

fields_mqtt_quic_listener_mtu_discovery_search_complete_timeout_us.desc:
"""The time in microseconds to wait before reattempting MTU probing if max was not reached. Default: 600000000"""

fields_mqtt_quic_listener_mtu_discovery_search_complete_timeout_us.label:
"""MTU discovery search complete timeout us"""

fields_ws_opts_check_origin_enable.desc:
"""If <code>true</code>, <code>origin</code> HTTP header will be
 validated against the list of allowed origins configured in <code>check_origins</code>
 parameter."""

fields_ws_opts_check_origin_enable.label:
"""Check origin"""

sysmon_vm_busy_dist_port.desc:
"""When the RPC connection used to communicate with other nodes in the cluster is overloaded,
there will be a <code>busy_dist_port</code> warning log,
and an MQTT message is published to system topic <code>$SYS/sysmon/busy_dist_port</code>."""

sysmon_vm_busy_dist_port.label:
"""Enable Busy Distribution Port monitoring."""

mqtt_max_mqueue_len.desc:
"""Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full."""

mqtt_max_mqueue_len.label:
"""Max Message Queue Length"""

mqtt_max_inflight.desc:
"""Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment."""

mqtt_max_inflight.label:
"""Max Inflight"""

fields_deflate_opts_level.desc:
"""Compression level."""

fields_deflate_opts_level.label:
"""Compression level"""

mqtt_server_keepalive.desc:
"""The keep alive duration required by EMQX. To use the setting from the client side, choose disabled from the drop-down list. Only applicable to MQTT 5.0 clients."""

mqtt_server_keepalive.label:
"""Server Keep Alive"""

fields_mqtt_quic_listener_load_balancing_mode.desc:
"""0: Disabled, 1: SERVER_ID_IP, 2: SERVER_ID_FIXED. default: 0"""

fields_mqtt_quic_listener_load_balancing_mode.label:
"""Load balancing mode"""

server_ssl_opts_schema_ocsp_refresh_http_timeout.desc:
"""The timeout for the HTTP request when checking OCSP responses."""

server_ssl_opts_schema_ocsp_refresh_http_timeout.label:
"""OCSP Refresh HTTP Timeout"""

fields_tcp_opts_send_timeout.desc:
"""The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.

The process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).

Therefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout."""

fields_tcp_opts_send_timeout.label:
"""TCP send timeout"""

sysmon_vm_process_high_watermark.desc:
"""The threshold, as percentage of processes, for how many
 processes can simultaneously exist at the local node before the corresponding
 alarm is raised."""

sysmon_vm_process_high_watermark.label:
"""Process high watermark"""

fields_tcp_opts_buffer.desc:
"""The size of the user-space buffer used by the driver."""

fields_tcp_opts_buffer.label:
"""TCP user-space buffer"""

server_ssl_opts_schema_honor_cipher_order.desc:
"""An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.

The server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.

It is often better to use the server's preferences, as it is more likely that the server will be configured correctly."""

server_ssl_opts_schema_honor_cipher_order.label:
"""SSL honor cipher order"""

conn_congestion_min_alarm_sustain_duration.desc:
"""Minimal time before clearing the alarm.<br/>The alarm is cleared only when there's no pending data in<br/>the queue, and at least <code>min_alarm_sustain_duration</code>milliseconds passed since the last time we considered the connection 'congested'.<br/>This is to avoid clearing and raising the alarm again too often."""

conn_congestion_min_alarm_sustain_duration.label:
"""Sustain duration"""

fields_mqtt_quic_listener_keep_alive_interval_ms.desc:
"""How often to send PING frames to keep a connection alive."""

fields_mqtt_quic_listener_keep_alive_interval_ms.label:
"""Keep alive interval ms"""

fields_mqtt_quic_listener_handshake_idle_timeout_ms.desc:
"""How long a handshake can idle before it is discarded"""

fields_mqtt_quic_listener_handshake_idle_timeout_ms.label:
"""Handshake idle timeout ms"""

broker_session_locking_strategy.desc:
"""Session locking strategy in a cluster.
  - `local`: only lock the session on the current node
  - `one`: select only one remote node to lock the session
  - `quorum`: select some nodes to lock the session
  - `all`: lock the session on all the nodes in the cluster"""

fields_mqtt_quic_listener_stream_recv_window_default.desc:
"""Initial stream receive window size. Default: 32678"""

fields_mqtt_quic_listener_stream_recv_window_default.label:
"""Stream recv window default"""

mqtt_mqueue_priorities.desc:
"""Topic priority list. Prioritize messages in the message queue by topic. The priority range is `[1, 255]`.

The larger the value, the higher the priority. Messages with higher priority will be sent first.

Topics not in this list will use the default priority (specified by `mqueue_default_priority`).

By default, this list is empty, which means all topics have the same priority.

Note: commas and equal signs are not supported in topic names.

For example, if you want `topic/1` to have a higher priority than `topic/2`, you can configure it like this:

`mqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}`"""

mqtt_mqueue_priorities.label:
"""Topic Priorities"""

fields_rate_limit_conn_messages_in.desc:
"""Message limit for the external MQTT connections."""

fields_rate_limit_conn_messages_in.label:
"""connecting messages in"""

fields_rate_limit_max_conn_rate.desc:
"""Maximum connections per second."""

fields_rate_limit_max_conn_rate.label:
"""Max connection rate"""

alarm_size_limit.desc:
"""The maximum number of historical alarms that can be stored.

When the maximum number is reached, the oldest historical alarms will be deleted to store new historical alarms."""

alarm_size_limit.label:
"""Alarm size limit"""

fields_cache_max_size.desc:
"""Maximum number of cached items."""

fields_cache_max_size.label:
"""Maximum number of cached items."""

fields_listeners_tcp.desc:
"""TCP listeners."""

fields_listeners_tcp.label:
"""TCP listeners"""

conn_congestion_enable_alarm.desc:
"""Enable or disable connection congestion alarm."""

conn_congestion_enable_alarm.label:
"""Enable/disable congestion alarm"""

fields_ws_opts_proxy_port_header.desc:
"""The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.

This option is typically used when EMQX is deployed behind a WebSocket proxy."""

fields_ws_opts_proxy_port_header.label:
"""Proxy port header"""

overload_protection_enable.desc:
"""React on system overload or not."""

overload_protection_enable.label:
"""React on system overload or not"""

fields_mqtt_quic_listener_minimum_mtu.desc:
"""The minimum MTU supported by a connection. This will be used as the starting MTU. Default: 1248"""

fields_mqtt_quic_listener_minimum_mtu.label:
"""Minimum MTU"""

sys_msg_interval.desc:
"""Time interval for publishing following system messages:
  - `$SYS/brokers`
  - `$SYS/brokers/<node>/version`
  - `$SYS/brokers/<node>/sysdescr`
  - `$SYS/brokers/<node>/stats/<name>`
  - `$SYS/brokers/<node>/metrics/<name>`"""

mqtt_await_rel_timeout.desc:
"""For client to broker QoS 2 message, the time limit for the broker to wait before the `PUBREL` message is received. The wait is aborted after timed out, meaning the packet ID is freed for new `PUBLISH` requests. Receiving a stale `PUBREL` causes a warning level log. Note, the message is delivered to subscribers before entering the wait for PUBREL."""

mqtt_await_rel_timeout.label:
"""Max Awaiting PUBREL TIMEOUT"""

common_ssl_opts_schema_verify.desc:
"""Enable or disable peer verification."""

common_ssl_opts_schema_verify.label:
"""Verify peer"""

fields_listeners_ssl.desc:
"""SSL listeners."""

fields_listeners_ssl.label:
"""SSL listeners"""

fields_deflate_opts_client_max_window_bits.desc:
"""Specifies the size of the compression context for the client."""

fields_deflate_opts_client_max_window_bits.label:
"""Client compression max window size"""

common_ssl_opts_schema_keyfile.desc:
"""PEM format private key file."""

common_ssl_opts_schema_keyfile.label:
"""Keyfile"""

sysmon_os_cpu_high_watermark.desc:
"""The threshold, as percentage of system CPU load,
 for how much system cpu can be used before the corresponding alarm is raised. Disabled on Windows platform"""

sysmon_os_cpu_high_watermark.label:
"""CPU high watermark"""

flapping_detect_window_time.desc:
"""The time window for flapping detection."""

flapping_detect_window_time.label:
"""Window time"""

mqtt_mqueue_default_priority.desc:
"""Default topic priority, which will be used by topics not in <code>Topic Priorities</code> (<code>mqueue_priorities</code>)."""

mqtt_mqueue_default_priority.label:
"""Default Topic Priorities"""

client_ssl_opts_schema_enable.desc:
"""Enable TLS."""

client_ssl_opts_schema_enable.label:
"""Enable TLS."""

fields_mqtt_quic_listener_mtu_discovery_missing_probe_count.desc:
"""The maximum number of stateless operations that may be queued on a binding at any one time. Default: 3"""

fields_mqtt_quic_listener_mtu_discovery_missing_probe_count.label:
"""MTU discovery missing probe count"""

fields_tcp_opts_recbuf.desc:
"""The TCP receive buffer (OS kernel) for the connections."""

fields_tcp_opts_recbuf.label:
"""TCP receive buffer"""

sysmon_vm_process_check_interval.desc:
"""The time interval for the periodic process count limit check, used together with `process_high_watermark` and `process_low_watermark`."""

sysmon_vm_process_check_interval.label:
"""Process limit check interval"""

fields_mqtt_quic_listener_server_resumption_level.desc:
"""Controls resumption tickets and/or 0-RTT server support. Default: 0 (No resumption)"""

fields_mqtt_quic_listener_server_resumption_level.label:
"""Server resumption level"""

fields_ws_opts_proxy_address_header.desc:
"""The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.

This option is typically used when EMQX is deployed behind a WebSocket proxy."""

fields_ws_opts_proxy_address_header.label:
"""Proxy address header"""

sysmon_os_sysmem_high_watermark.desc:
"""The threshold, as percentage of system memory,
 for how much system memory can be allocated before the corresponding alarm is raised. Disabled on Windows platform"""

sysmon_os_sysmem_high_watermark.label:
"""SysMem high wartermark"""

fields_tcp_opts_high_watermark.desc:
"""When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.

If the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.

The process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.

The socket will only be unbusy when the data in the internal buffer is below the low watermark.

While the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details."""

fields_tcp_opts_high_watermark.label:
"""TCP high watermark"""

fields_mqtt_quic_listener_stateless_operation_expiration_ms.desc:
"""The time limit between operations for the same endpoint, in milliseconds. Default: 100"""

fields_mqtt_quic_listener_stateless_operation_expiration_ms.label:
"""Stateless operation expiration ms"""

server_ssl_opts_schema_dhfile.desc:
"""Path to a file containing PEM-encoded Diffie-Hellman parameters
to be used by the server if a cipher suite using Diffie-Hellman
key exchange is negotiated. If not specified, default parameters
are used.<br/>
NOTE: The <code>dhfile</code> option is not supported by TLS 1.3."""

server_ssl_opts_schema_dhfile.label:
"""SSL dhfile"""

flapping_detect_max_count.desc:
"""The maximum number of disconnects allowed for a MQTT Client in `window_time`"""

flapping_detect_max_count.label:
"""Max count"""

mqtt_max_topic_levels.desc:
"""Maximum topic levels allowed."""

mqtt_max_topic_levels.label:
"""Max Topic Levels"""

force_shutdown_max_heap_size.desc:
"""The maximum heap size of the process. If the `force_shutdown` is enabled, processes that exceed this limit will automatically exit or be forcibly killed. Messages in the process message queue (mailbox) are also part of the heap. The shutdown of a process can be divided into the following two situations:

- The process actively checks the current heap size during its own operation, and actively exits after finding that it exceeds the limit.
- The underlying scheduling system checks the current heap size after performing garbage collection for the process, and forcibly kills the process after finding that it exceeds the limit.

Note: The Error logs generated by the above two will be different. The log generated by the former is similar to `...errorContext: connection_shutdown, reason: #{max => 2097152, reason => proc_heap_too_large, value => 2787348}..`,
and the log generated by the latter is similar to `...Context: maximum heap size reached...`."""

force_shutdown_max_heap_size.label:
"""Maximum Process Heap Size"""

mqtt_ignore_loop_deliver.desc:
"""Whether the messages sent by the MQTT v3.1.1/v3.1.0 client will be looped back to the publisher itself, similar to <code>No Local</code> in MQTT 5.0."""

mqtt_ignore_loop_deliver.label:
"""Ignore Loop Deliver"""

common_ssl_opts_schema_certfile.desc:
"""PEM format certificates chain file.<br/>
The certificates in this file should be in reversed order of the certificate
issue chain. That is, the host's certificate should be placed in the beginning
of the file, followed by the immediate issuer certificate and so on.
Although the root CA certificate is optional, it should be placed at the end of
the file if it is to be added."""

common_ssl_opts_schema_certfile.label:
"""Certfile"""

mqtt_exclusive_subscription.desc:
"""Whether to enable support for MQTT exclusive subscription."""

mqtt_exclusive_subscription.label:
"""Exclusive Subscription"""

mqtt_retain_available.desc:
"""Whether to enable support for MQTT retained message."""

mqtt_retain_available.label:
"""Retain Available"""

fields_tcp_opts_reuseaddr.desc:
"""The SO_REUSEADDR flag for the connections."""

fields_tcp_opts_reuseaddr.label:
"""SO_REUSEADDR"""

sysmon_vm_long_schedule.desc:
"""When the Erlang VM detect a task scheduled for too long, a warning level 'long_schedule' log is emitted,
and an MQTT message is published to the system topic <code>$SYS/sysmon/long_schedule</code>."""

sysmon_vm_long_schedule.label:
"""Enable Long Schedule monitoring."""

mqtt_keepalive_multiplier.desc:
"""Keep-Alive Timeout = Keep-Alive interval × Keep-Alive Multiplier.
The default value 1.5 is following the MQTT 5.0 specification. This multiplier is adjustable, providing system administrators flexibility for tailoring to their specific needs. For instance, if a client's 10-second Keep-Alive interval PINGREQ gets delayed by an extra 10 seconds, changing the multiplier to 2 lets EMQX tolerate this delay."""

mqtt_keepalive_multiplier.label:
"""Keep Alive Multiplier"""

mqtt_keepalive_check_interval.desc:
"""The frequency of checking for incoming MQTT packets determines how often the server will check for new MQTT packets.
If a certain amount of time passes without any packets being sent from the client, this time will be added up.
Once the accumulated time exceeds `keepalive-interval * keepalive-multiplier`, the connection will be terminated.
The default is set to 30 seconds, with a minimum value of 1 second and a maximum value of `keepalive-interval / 2`."""

mqtt_keepalive_check_interval.label:
"""Keep Alive Check Interval"""

force_gc_bytes.desc:
"""GC the process after specified number of bytes have passed through."""

force_gc_bytes.label:
"""Process GC bytes"""

server_ssl_opts_schema_fail_if_no_peer_cert.desc:
"""This option is only effective if `verify` is set to `verify_peer`.

If set to `true`, EMQX will reject the connection if the client fails to provide a certificate.

If set to `false`, EMQX will accept clients which don't present a certificate."""

server_ssl_opts_schema_fail_if_no_peer_cert.label:
"""SSL fail if no peer cert"""

fields_ws_opts_compress.desc:
"""If <code>true</code>, compress WebSocket messages using <code>zlib</code>.

The configuration items under <code>deflate_opts</code> belong to the compression-related parameter configuration."""

fields_ws_opts_compress.label:
"""Ws compress"""

fields_mqtt_quic_listener_keep_alive_interval.desc:
"""How often to send PING frames to keep a connection alive. 0 means disabled."""

fields_mqtt_quic_listener_keep_alive_interval.label:
"""Keep Alive Interval"""

fields_cache_ttl.desc:
"""Time to live for the cached data."""

fields_cache_ttl.label:
"""Time to live for the cached data."""

fields_authz_cache_excludes.label:
"""Excludes"""

fields_authz_cache_excludes.desc:
"""Exclude caching ACL check results for topics matching the given patterns."""

sys_topics.desc:
"""System topics configuration."""

sys_event_client_subscribed.desc:
"""Enable to publish event message that client subscribed a topic successfully."""

sysmon_top_db_port.desc:
"""Port of the PostgreSQL database that collects the data points."""

sysmon_top_db_port.label:
"""DB Port"""

fields_mqtt_quic_listener_max_operations_per_drain.desc:
"""The maximum number of operations to drain per connection quantum. Default: 16"""

fields_mqtt_quic_listener_max_operations_per_drain.label:
"""Max operations per drain"""

fields_mqtt_quic_listener_datagram_receive_enabled.desc:
"""Advertise support for QUIC datagram extension. Reserve for the future. Default 0 (FALSE)"""

fields_mqtt_quic_listener_datagram_receive_enabled.label:
"""Datagram receive enabled"""

fields_mqtt_quic_listener_initial_rtt_ms.desc:
"""Initial RTT estimate."""

fields_mqtt_quic_listener_initial_rtt_ms.label:
"""Initial RTT ms"""

overload_protection_backoff_gc.desc:
"""When at high load, skip forceful GC."""

overload_protection_backoff_gc.label:
"""Skip GC"""

broker_perf_route_lock_type.desc:
"""Performance tuning for subscribing/unsubscribing a wildcard topic.
Change this parameter only when there are many wildcard topics.

NOTE: when changing from/to `global` lock, it requires all nodes in the cluster to be stopped before the change.
  - `key`: mnesia transactional updates with per-key locks. Recommended for a single-node setup.
  - `tab`: mnesia transactional updates with table lock. Recommended for a cluster setup.
  - `global`: updates are protected with a global lock. Recommended for large clusters."""

fields_tcp_opts_nodelay.desc:
"""The TCP_NODELAY flag for the connections."""

fields_tcp_opts_nodelay.label:
"""TCP_NODELAY"""

fields_tcp_opts_keepalive.desc:
"""Enable TCP keepalive for MQTT connections over TCP or SSL.
The value is three comma separated numbers in the format of 'Idle,Interval,Probes'
 - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).
 - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).
 - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).
For example "240,30,5" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.
Default: 'none'"""

fields_tcp_opts_keepalive.label:
"""TCP keepalive options"""

sysmon_top_db_username.desc:
"""Username of the PostgreSQL database"""

sysmon_top_db_username.label:
"""DB Username"""

broker.desc:
"""Message broker options."""

force_gc_count.desc:
"""GC the process after this many received messages."""

force_gc_count.label:
"""Process GC messages num"""

mqtt_max_clientid_len.desc:
"""Maximum allowed length of MQTT Client ID."""

mqtt_max_clientid_len.label:
"""Max Client ID Length"""

fields_ws_opts_supported_subprotocols.desc:
"""Comma-separated list of supported subprotocols."""

fields_ws_opts_supported_subprotocols.label:
"""Supported subprotocols"""

mqtt_shared_subscription_strategy.desc:
"""Dispatch strategy for shared subscription.
 - `random`: Randomly select a subscriber for dispatch;
 - `round_robin`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each publisher, so two adjacent messages from **different publishers** may be consumed by the same client in the subscription group;
 - `round_robin_per_group`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each node, so two adjacent messages from **different nodes** may be consumed by the same client in the subscription group;
 - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;
 - `sticky`: Continuously dispatch messages to the initially selected subscriber until their session ends;
 - `hash_clientid`: Hash the publisher's client ID to select a subscriber;
 - `hash_topic`: Hash the publishing topic to select a subscriber."""

fields_deflate_opts_mem_level.desc:
"""Specifies the size of the compression state.<br/>
Lower values decrease memory usage per connection."""

fields_deflate_opts_mem_level.label:
"""Size of the compression state"""

fields_mqtt_quic_listener_send_idle_timeout_ms.desc:
"""Reset congestion control after being idle for amount of time. Default: 1000"""

fields_mqtt_quic_listener_send_idle_timeout_ms.label:
"""Send idle timeout ms"""

base_listener_limiter.desc:
"""Type of the rate limit."""

base_listener_limiter.label:
"""Type of the rate limit."""

alarm_validity_period.desc:
"""The validity period of historical alarms. Calculated from the time of activation of the historical alarm instead of the time of cancelation.

If it exists longer than the validity period, the alarm will be deleted."""

alarm_validity_period.label:
"""Alarm validity period"""

server_ssl_opts_schema_ocsp_issuer_pem.desc:
"""PEM-encoded certificate of the OCSP issuer for the server certificate."""

server_ssl_opts_schema_ocsp_issuer_pem.label:
"""OCSP Issuer Certificate"""

fields_tcp_opts_active_n.desc:
"""Specify the {active, N} option for this Socket.<br/>
See: https://erlang.org/doc/man/inet.html#setopts-2"""

fields_tcp_opts_active_n.label:
"""active_n"""

fields_trace_payload_encode.desc:
"""Determine the format of the payload format in the trace file.<br/>
`text`: Text-based protocol or plain text protocol.
 It is recommended when payload is JSON encoded.<br/>
`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.<br/>
`hidden`: payload is obfuscated as `******`"""

fields_trace_payload_encode.label:
"""Payload encode"""

mqtt_response_information.desc:
"""UTF-8 string, for creating the response topic, for example, if set to <code>reqrsp/</code>, the publisher/subscriber will communicate using the topic prefix <code>reqrsp/</code>.
To disable this feature, input <code>""</code> in the text box below. Only applicable to MQTT 5.0 clients."""

mqtt_response_information.label:
"""Response Information"""

fields_mqtt_quic_listener_migration_enabled.desc:
"""Enable clients to migrate IP addresses and tuples. Requires a cooperative load-balancer, or no load-balancer. Default: 1 (Enabled)"""

fields_mqtt_quic_listener_migration_enabled.label:
"""Migration enabled"""

common_ssl_opts_schema_password.desc:
"""String containing the user's password. Only used if the private key file is password-protected."""

common_ssl_opts_schema_password.label:
"""Keyfile Passphrase"""

common_ssl_opts_schema_hibernate_after.desc:
"""Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.

The hibernating process will be woken up when a new message arrives.
Hibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process."""

common_ssl_opts_schema_hibernate_after.label:
"""Hibernate After"""

fields_mqtt_quic_listener_send_buffering_enabled.desc:
"""Buffer send data instead of holding application buffers until sent data is acknowledged. Default: 1 (Enabled)"""

fields_mqtt_quic_listener_send_buffering_enabled.label:
"""Send buffering enabled"""

sys_event_client_unsubscribed.desc:
"""Enable to publish event message that client unsubscribed a topic successfully."""

overload_protection_backoff_new_conn.desc:
"""When at high load, close new incoming connections."""

overload_protection_backoff_new_conn.label:
"""Close new connections"""

server_ssl_opts_schema_ocsp_responder_url.desc:
"""URL for the OCSP responder to check the server certificate against."""

server_ssl_opts_schema_ocsp_responder_url.label:
"""OCSP Responder URL"""

mqtt_idle_timeout.desc:
"""Configure the duration of time that a connection can remain idle (i.e., without any data transfer) before being:
  - Automatically disconnected  if no CONNECT package is received from the client yet.
  - Put into hibernation mode to save resources if some CONNECT packages are already received.
Note: Please set the parameter with caution as long idle time will lead to resource waste."""

mqtt_idle_timeout.label:
"""Idle Timeout"""

fields_mqtt_quic_listener_conn_flow_control_window.desc:
"""Connection-wide flow control window. Default: 16777216"""

fields_mqtt_quic_listener_conn_flow_control_window.label:
"""Conn flow control window"""

fields_mqtt_quic_listener_maximum_mtu.desc:
"""The maximum MTU supported by a connection. This will be the maximum probed value. Default: 1500"""

fields_mqtt_quic_listener_maximum_mtu.label:
"""Maximum MTU"""

sysmon_top_db_name.desc:
"""PostgreSQL database name"""

sysmon_top_db_name.label:
"""DB Name"""

mqtt_strict_mode.desc:
"""Whether to parse MQTT messages in strict mode.
In strict mode, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected."""

mqtt_strict_mode.label:
"""Strict Mode"""

shared_subscription_group_strategy.desc:
"""Per group dispatch strategy for shared subscription.
This config is a map from shared subscription group name to the strategy
name. The group name should be of format `[A-Za-z0-9]`. i.e. no
special characters are allowed."""

fields_deflate_opts_strategy.desc:
"""Specifies the compression strategy."""

fields_deflate_opts_strategy.label:
"""compression strategy"""

shared_subscription_strategy_enum.desc:
"""Dispatch strategy for shared subscription.
 - `random`: Randomly select a subscriber for dispatch;
 - `round_robin`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each publisher, so two adjacent messages from **different publishers** may be consumed by the same client in the subscription group;
 - `round_robin_per_group`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each node, so two adjacent messages from **different nodes** may be consumed by the same client in the subscription group;
 - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;
 - `sticky`: Continuously dispatch messages to the initially selected subscriber until their session ends;
 - `hash_clientid`: Hash the publisher's client ID to select a subscriber;
 - `hash_topic`: Hash the publishing topic to select a subscriber."""

mqtt_mqueue_store_qos0.desc:
"""Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains."""

mqtt_mqueue_store_qos0.label:
"""Store QoS 0 Message"""

server_ssl_opts_schema_client_renegotiation.desc:
"""In protocols that support client-initiated renegotiation,
the cost of resources of such an operation is higher for the server than the client.
This can act as a vector for denial of service attacks.
The SSL application already takes measures to counter-act such attempts,
but client-initiated renegotiation can be strictly disabled by setting this option to false.
The default value is true. Note that disabling renegotiation can result in
long-lived connections becoming unusable due to limits on
the number of messages the underlying cipher suite can encipher.<br/>
Has no effect when TLS version is configured (or negotiated) to 1.3"""

server_ssl_opts_schema_client_renegotiation.label:
"""SSL client renegotiation"""

server_ssl_opts_schema_enable_crl_check.desc:
"""Whether to enable CRL verification for this listener."""

server_ssl_opts_schema_enable_crl_check.label:
"""Enable CRL Check"""

fields_mqtt_quic_listener_peer_bidi_stream_count.desc:
"""Number of bidirectional streams to allow the peer to open."""

fields_mqtt_quic_listener_peer_bidi_stream_count.label:
"""Peer bidi stream count"""

fields_mqtt_quic_listener_max_stateless_operations.desc:
"""The maximum number of stateless operations that may be queued on a worker at any one time. Default: 16"""

fields_mqtt_quic_listener_max_stateless_operations.label:
"""Max stateless operations"""

fields_ws_opts_idle_timeout.desc:
"""The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed."""

fields_ws_opts_idle_timeout.label:
"""WebSocket Upgrade Timeout"""

fields_mqtt_quic_listener_max_ack_delay_ms.desc:
"""How long to wait after receiving data before sending an ACK. Default: 25"""

fields_mqtt_quic_listener_max_ack_delay_ms.label:
"""Max ack delay ms"""

base_listener_zone.desc: """~
    The configuration zone to which the listener belongs.
    Clients connected to this listener will inherit zone-settings created under this zone name.

    A zone can override the configs under below root names:
    - `mqtt`
    - `force_shutdown`
    - `force_gc`
    - `flapping_detect`
    - `durable_sessions`"""

base_listener_zone.label: "Zone"

fields_mqtt_quic_listener_handshake_idle_timeout.desc:
"""How long a handshake can idle before it is discarded."""

fields_mqtt_quic_listener_handshake_idle_timeout.label:
"""Handshake Idle Timeout"""

force_gc_enable.desc:
"""Enable forced garbage collection."""

force_gc_enable.label:
"""Enable forced garbage collection"""

fields_ws_opts_allow_origin_absence.desc:
"""If <code>false</code> and <code>check_origin_enable</code> is
 <code>true</code>, the server will reject requests that don't have <code>origin</code>
 HTTP header."""

fields_ws_opts_allow_origin_absence.label:
"""Allow origin absence"""

fields_ws_opts_validate_utf8.desc:
"""Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance."""

fields_ws_opts_validate_utf8.label:
"""Enable/Disable WebSocket Frame utf8 validation"""

common_ssl_opts_schema_versions.desc:
"""All TLS/DTLS versions to be supported.<br/>
NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>
In case PSK cipher suites are intended, make sure to configure
<code>['tlsv1.2', 'tlsv1.1']</code> here."""

common_ssl_opts_schema_versions.label:
"""SSL versions"""

mqtt_listener_proxy_protocol_timeout.desc:
"""If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.

EMQX will automatically detect the version of the PROXY protocol and support V1 and V2.

For a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/"""

mqtt_listener_proxy_protocol_timeout.label:
"""Proxy protocol timeout"""

fields_mqtt_quic_listener_idle_timeout.desc:
"""How long a connection can go idle before it is gracefully shut down. 0 to disable"""

fields_mqtt_quic_listener_idle_timeout.label:
"""Idle Timeout"""

common_ssl_opts_schema_secure_renegotiate.desc:
"""Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).

By default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.
If set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.

Has no effect when TLS version is configured (or negotiated) to 1.3."""

common_ssl_opts_schema_secure_renegotiate.label:
"""SSL Secure Renegotiation"""

common_ssl_opts_schema_log_level.desc:
"""The minimum level of logging allowed for SSL output.

The default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues."""

common_ssl_opts_schema_log_level.label:
"""SSL Log Level"""

sysmon_vm_busy_port.desc:
"""When a port (e.g. TCP socket) is overloaded, there will be a <code>busy_port</code> warning log,
and an MQTT message is published to the system topic <code>$SYS/sysmon/busy_port</code>."""

sysmon_vm_busy_port.label:
"""Enable Busy Port monitoring."""

sys_event_client_connected.desc:
"""Enable to publish client connected event messages"""

sysmon_vm_process_low_watermark.desc:
"""The threshold, as percentage of processes, for how many
 processes can simultaneously exist at the local node before the corresponding
 alarm is cleared."""

sysmon_vm_process_low_watermark.label:
"""Process low watermark"""

mqtt_max_packet_size.desc:
"""Maximum MQTT packet size allowed. Default: 1 MB, Maximum: 256 MB"""

mqtt_max_packet_size.label:
"""Max Packet Size"""

common_ssl_opts_schema_reuse_sessions.desc:
"""Enable TLS session reuse.<br/>
Has no effect when TLS version is configured (or negotiated) to 1.3"""

common_ssl_opts_schema_reuse_sessions.label:
"""TLS Session Reuse"""

common_ssl_opts_schema_depth.desc:
"""Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.
So, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>
if 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>
if 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA."""

common_ssl_opts_schema_depth.label:
"""CACert Depth"""

sysmon_vm_long_gc.desc:
"""When an Erlang process spends long time to perform garbage collection, a warning level <code>long_gc</code> log is emitted,
and an MQTT message is published to the system topic <code>$SYS/sysmon/long_gc</code>."""

sysmon_vm_long_gc.label:
"""Enable Long GC monitoring."""

fields_mqtt_quic_listener_keyfile.desc:
"""Path to the secret key file. Will be deprecated in 5.1, use .ssl_options.keyfile instead."""

fields_mqtt_quic_listener_keyfile.label:
"""Key file"""

mqtt_peer_cert_as_clientid.desc:
"""Use the CN, DN field in the peer certificate or the entire certificate content as Client ID. Only works for the TLS connection.
Supported configurations are the following:
- <code>cn</code>: CN field of the certificate
- <code>dn</code>: DN field of the certificate
- <code>crt</code>: <code>DER</code> or <code>PEM</code> certificate
- <code>pem</code>: Convert <code>DER</code> certificate content to <code>PEM</code> format and use as Client ID
- <code>md5</code>: MD5 value of the <code>DER</code> or <code>PEM</code> certificate"""

mqtt_peer_cert_as_clientid.label:
"""Use Peer Certificate as Client ID"""

broker_shared_dispatch_ack_enabled.desc:
"""Deprecated.
This was designed to avoid dispatching messages to a shared-subscription session which has the client disconnected.
However it's no longer useful because the shared-subscrption messages in a expired session will be redispatched to other sessions in the group."""

base_listener_enable_authn.desc:
"""Set <code>true</code> (default) to enable client authentication on this listener, the authentication
process goes through the configured authentication chain.
When set to <code>false</code>, any client (with or without username/password) is allowed to connect.
When set to <code>quick_deny_anonymous</code>, it behaves like when set to <code>true</code>, but clients will be
denied immediately without going through any authenticators if <code>username</code> is not provided. This is useful to fence off
anonymous clients early."""

base_listener_enable_authn.label:
"""Enable authentication"""

force_shutdown_enable.desc:
"""Enable `force_shutdown` feature."""

force_shutdown_enable.label:
"""Enable `force_shutdown` feature"""

broker_enable_session_registry.desc:
"""The Global Session Registry is a cluster-wide mechanism designed to maintain the uniqueness of client IDs within the cluster.
Recommendations for Use<br/>
- Default Setting: It is generally advisable to enable. This feature is crucial for session takeover to work properly. For example if a client reconnected to another node in the cluster, the new connection will need to find the old session and take it over.
- Disabling the Feature: Disabling is an option for scenarios when all sessions expire immediately after client is disconnected (i.e. session expiry interval is zero). This can be relevant in certain specialized use cases.

Advantages of Disabling<br/>
- Reduced Memory Usage: Turning off the session registry can lower the overall memory footprint of the system.
- Improved Performance: Without the overhead of maintaining a global registry, the node can process client connections faster."""

broker_session_history_retain.desc:
"""The duration to retain the session registration history. Setting this to a value greater than `0s` will increase memory usage and impact peformance.
This retained history can be used to monitor how many sessions were registered in the past configured duration.
Note: This config has no effect if `enable_session_registry` is set to `false`.<br/>
Note: If the clients are using random client IDs, it's not recommended to enable this feature, at least not for a long retention period.<br/>
Note: When clustered, the lowest (but greater than `0s`) value among the nodes in the cluster will take effect."""

overload_protection_backoff_delay.desc:
"""The maximum duration of delay for background task execution during high load conditions."""

overload_protection_backoff_delay.label:
"""Delay Time"""

ciphers_schema_common.desc:
"""This config holds TLS cipher suite names separated by comma,
or as an array of strings. e.g.
<code>"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256"</code> or
<code>["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]</code>.
<br/>
Ciphers (and their ordering) define the way in which the
client and server encrypts information over the network connection.
Selecting a good cipher suite is critical for the
application's data security, confidentiality and performance.

The names should be in OpenSSL string format (not RFC format).
All default values and examples provided by EMQX config
documentation are all in OpenSSL format.<br/>

NOTE: Certain cipher suites are only compatible with
specific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')
incompatible cipher suites will be silently dropped.
For instance, if only 'tlsv1.3' is given in the <code>versions</code>,
configuring cipher suites for other versions will have no effect.
<br/>

NOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>
If PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>
PSK cipher suites: <code>"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,
RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,
RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,
RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA"</code>"""

ciphers_schema_common.label:
"""TLS cipher suites"""

sys_event_client_disconnected.desc:
"""Enable to publish client disconnected event messages."""

crl_cache_refresh_interval.desc:
"""The period to refresh the CRLs from the servers.  This is a global setting for all URLs and listeners."""

crl_cache_refresh_interval.label:
"""CRL Cache Refresh Interval"""

mqtt_listener_proxy_protocol.desc:
"""Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.<br/>
See: https://www.haproxy.com/blog/haproxy/proxy-protocol/"""

mqtt_listener_proxy_protocol.label:
"""Proxy protocol"""

mqtt_listener_access_rules.desc:
"""An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.
The format is `allow | deny <address> | <CIDR> | all`.

For example:

`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny, all\"]`"""

mqtt_listener_access_rules.label:
"""Access rules"""

server_ssl_opts_schema_enable_ocsp_stapling.desc:
"""Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener.  If set to true, requires defining the OCSP responder URL and issuer PEM path."""

server_ssl_opts_schema_enable_ocsp_stapling.label:
"""Enable OCSP Stapling"""

fields_tcp_opts_send_timeout_close.desc:
"""Close the connection if send timeout."""

fields_tcp_opts_send_timeout_close.label:
"""TCP send timeout close"""

sysmon_os_cpu_check_interval.desc:
"""The time interval for the periodic CPU check. Disabled on Windows platform."""

sysmon_os_cpu_check_interval.label:
"""The time interval for the periodic CPU check."""

sysmon_top_sample_interval.desc:
"""Specifies how often process top should be collected"""

sysmon_top_sample_interval.label:
"""Top sample interval"""

fields_mqtt_quic_listener_idle_timeout_ms.desc:
"""How long a connection can go idle before it is gracefully shut down. 0 to disable timeout"""

fields_mqtt_quic_listener_idle_timeout_ms.label:
"""Idle timeout ms"""

fields_ws_opts_fail_if_no_subprotocol.desc:
"""If <code>true</code>, the server will return an error when
 the client does not carry the <code>Sec-WebSocket-Protocol</code> field.
 <br/>Note: WeChat applet needs to disable this verification."""

fields_ws_opts_fail_if_no_subprotocol.label:
"""Fail if no subprotocol"""

mqtt_wildcard_subscription.desc:
"""Whether to enable support for MQTT wildcard subscription."""

mqtt_wildcard_subscription.label:
"""Wildcard Subscription Available"""

server_ssl_opts_schema_ocsp_refresh_interval.desc:
"""The period to refresh the OCSP response for the server."""

server_ssl_opts_schema_ocsp_refresh_interval.label:
"""OCSP Refresh Interval"""

overload_protection_backoff_hibernation.desc:
"""When at high load, skip process hibernation."""

overload_protection_backoff_hibernation.label:
"""Skip hibernation"""

fields_ws_opts_max_frame_size.desc:
"""The maximum length of a single MQTT packet."""

fields_ws_opts_max_frame_size.label:
"""Max frame size"""

sys_event_messages.desc:
"""Client events messages."""

broker_routing_storage_schema.desc:
"""Routing storage schema.
Set <code>v1</code> to use the former schema.
<code>v2</code> is introduced in 5.2. It enables routing through 2 separate tables, one for topic filter and one for regular topic subscriptions. This schema should increase both subscription and routing performance at the cost of slight increase in memory consumption per subscription.
NOTE: Schema <code>v2</code> is still experimental.
NOTE: Full non-rolling cluster restart is needed after altering this option for it to take any effect."""

broker_routing_batch_sync_enable_on.desc:
"""Use separate process pool to synchronize subscriptions with the global routing table in a batched manner.
Especially useful in clusters interconnected through links with non-negligible latency, but might help in other scenarios by ensuring that the broker pool has less chance being overloaded.
The selected value determines which nodes in the cluster will have this feature enabled.
- <code>all</code>: enables it unconditionally on each node,
- <code>replicant</code>: enables it only on replicants (e.g. those where <code>node.role = replicant</code>),
- <code>core</code>: enables it only on core nodes,
- <code>none</code>: disables this altogether."""

broker_perf_trie_compaction.desc:
"""Enable trie path compaction.
Enabling it significantly improves wildcard topic subscribe rate, if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/', where ID is unique per subscriber.
Topic match performance (when publishing) may degrade if messages are mostly published to topics with large number of levels.

NOTE: This is a cluster-wide configuration. It requires all nodes to be stopped before changing it."""

sysmon_vm_large_heap.desc:
"""When the heap memory occupied by a process exceeds the size specified by `large_heap`, the system will write a warning level `large_heap` log, and an MQTT message will be published to the system topic `$SYS/sysmon/large_heap`."""

sysmon_vm_large_heap.label:
"""Enable Large Heap monitoring."""

description.label:
"""Description"""
description.desc:
"""Descriptive text."""

resource_tags.label:
"""Tags"""
resource_tags.desc:
"""Tags to annotate this config entry."""

durable_sessions_enable.label:
"""Enable session persistence"""

durable_sessions_enable.desc:
"""Use durable storage for client sessions persistence.
If enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.

:::warning
This feature is currently experimental. Please don't enable it in the production environments that contain valuable data.
:::"""


session_ds_session_gc_interval.label:
"""Session garbage collection interval"""

session_ds_session_gc_interval.desc:
"""The interval at which session garbage collection is executed for persistent sessions."""

session_ds_session_gc_batch_size.label:
"""Session garbage collection batch size"""

session_ds_session_gc_batch_size.desc:
"""The size of each batch of expired persistent sessions to be garbage collected per iteration."""

session_ds_batch_size.label:
"""Batch size"""

session_ds_batch_size.desc:
"""This value affects the flow control for the persistent sessions.
Persistent session queries the durable message storage in batches.
This value specifies size of the batch.

Note: larger batches generally improve the throughput and overall performance of the system, but increase RAM usage per client."""

durable_storage.label:"Durable storage"
durable_storage.desc: """~
    Configuration related to the EMQX durable storages.

    EMQX uses durable storages to offload various data, such as MQTT messages, to disc."""

client_attrs_init {
  label: "Client Attributes Initialization"
  desc: """~
    Specify how to initialize client attributes.
    Each client attribute can be initialized as `client_attrs.{NAME}`,
    where `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.
    The initialized client attribute will be stored in the `client_attrs` property with the specified name,
    and can be used as a placeholder in a template for authentication and authorization.
    For example, use `${client_attrs.alias}` to render an HTTP POST body when `set_as_attr = alias`,
    or render listener config `moutpoint = devices/${client_attrs.alias}/` to initialize a per-client topic namespace."""
}

client_attrs_init_expression {
  label: "Client Attribute Extraction Regular Expression"
  desc: """~
    A one line expression to evaluate a set of predefined string functions (like in the rule engine SQL statements).
    The expression can be a function call with nested calls as its arguments, or direct variable reference.
    So far, it does not provide user-defined variable binding (like `var a=1`) or user-defined functions.
    As an example, to extract the prefix of client ID delimited by a dot: `nth(1, tokens(clientid, '.'))`.

    The variables pre-bound variables are:
    - `cn`: Client's TLS certificate common name.
    - `dn`: Client's TLS certificate distinguished name (the subject).
    - `clientid`: MQTT Client ID.
    - `username`: MQTT Client's username.
    - `user_property.{NAME}`: User properties in the CONNECT packet.

    You can read more about variform expressions in EMQX docs."""
}

client_attrs_init_set_as_attr {
  label: "Name The Extracted Attribute"
  desc: """~
    The name of the client attribute extracted from the client data.
    The extracted attribute will be stored in the `client_attrs` property with this name."""
}

banned_bootstrap_file.desc:
"""The bootstrap file is a CSV file used to batch loading banned data when initializing a single node or cluster, in other words, the import operation is performed only if there is no data in the database.

The delimiter for this file is `,`.

The first line of this file must be a header line. All valid headers are listed here:
- as :: required
- who :: required
- by  :: optional
- reason :: optional
- at :: optional
- until :: optional

See the documentation for details on each field.

Each row in the rest of this file must contain the same number of columns as the header line,
and column can be omitted then its value will be `undefined`."""

}