yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
emqx/etc/emq.conf

1451 lines
37 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

##====================================================================
## EMQ Configuration R2
##====================================================================
##--------------------------------------------------------------------
## Cluster
##--------------------------------------------------------------------
## Cluster name.
cluster.name = emqcl
## Cluster auto-discovery strategy.
##
## Value: Enum
## - manual: Manual join command
## - static: Static node list
## - mcast: IP Multicast
## - dns: DNS A Record
## - etcd: etcd
## - k8s: Kubernates
##
## Default: manual
cluster.discovery = manual
## Enable cluster autoheal from network partition.
##
## Value: on | off
##
## Default: on
cluster.autoheal = on
## Autoclean down node. A down node will be removed from the cluster
## if this value > 0.
##
## Value: Duration
## -h: hour, e.g. '2h' for 2 hours
## -m: minute, e.g. '5m' for 5 minutes
## -s: second, e.g. '30s' for 30 seconds
##
## Default: 5m
cluster.autoclean = 5m
##--------------------------------------------------------------------
## Cluster using static node list
## Node list of the cluster.
##
## Value: String
## cluster.static.seeds = emq1@127.0.0.1,emq2@127.0.0.1
##--------------------------------------------------------------------
## Cluster using IP Multicast.
## IP Multicast Address.
##
## Value: IP Address
## cluster.mcast.addr = 239.192.0.1
## Multicast Ports.
##
## Value: Port List
## cluster.mcast.ports = 4369,4370
## Multicast Iface.
##
## Value: Iface Address
##
## Default: 0.0.0.0
## cluster.mcast.iface = 0.0.0.0
## Multicast Ttl.
##
## Value: 0-255
## cluster.mcast.ttl = 255
## Multicast loop.
##
## Value: on | off
## cluster.mcast.loop = on
##--------------------------------------------------------------------
## Cluster using DNS A records.
## DNS name.
##
## Value: String
## cluster.dns.name = localhost
## The App name is used to build 'node.name' with IP address.
##
## Value: String
## cluster.dns.app = emq
##--------------------------------------------------------------------
## Cluster using etcd
## Etcd server list, seperated by ','.
##
## Value: String
## cluster.etcd.server = http://127.0.0.1:2379
## The prefix helps build nodes path in etcd. Each node in the cluster
## will create a path in etcd: v2/keys/<prefix>/<cluster.name>/<node.name>
##
## Value: String
## cluster.etcd.prefix = emqcl
## The TTL for node's path in etcd.
##
## Value: Duration
##
## Default: 1m, 1 minute
## cluster.etcd.node_ttl = 1m
##--------------------------------------------------------------------
## Cluster using Kubernates
## Kubernates API server list, seperated by ','.
##
## Value: String
## cluster.k8s.apiserver = http://10.110.111.204:8080
## The service name helps lookup EMQ nodes in the cluster.
##
## Value: String
## cluster.k8s.service_name = emq
## The address type is used to extract host from k8s service.
##
## Value: ip | dns
## cluster.k8s.address_type = ip
## The app name helps build 'node.name'.
##
## Value: String
## cluster.k8s.app_name = emq
##--------------------------------------------------------------------
## Node Args
##--------------------------------------------------------------------
## Node name.
##
## See: http://erlang.org/doc/reference_manual/distributed.html
##
## Value: <name>@<host>
##
## Default: emq@127.0.0.1
node.name = emq@127.0.0.1
## Cookie for distributed node communication.
##
## Value: String
node.cookie = emqsecretcookie
## Enable SMP support of Erlang VM.
##
## Value: enable | auto | disable
node.smp = auto
## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
## heartbeat, or set the value as 'on'
##
## Value: on
##
## vm.args: -heart
## node.heartbeat = on
## Enable kernel poll.
##
## Value: on | off
##
## Default: on
node.kernel_poll = on
## Sets the number of threads in async thread pool. Valid range is 0-1024.
##
## See: http://erlang.org/doc/man/erl.html
##
## Value: 0-1024
##
## vm.args: +A Number
node.async_threads = 32
## Sets the maximum number of simultaneously existing processes for this
## system if a Number is passed as value.
##
## See: http://erlang.org/doc/man/erl.html
##
## Value: Number [1024-134217727]
##
## vm.args: +P Number
node.process_limit = 256000
## Sets the maximum number of simultaneously existing ports for this system
## if a Number is passed as value.
##
## See: http://erlang.org/doc/man/erl.html
##
## Value: Number [1024-134217727]
##
## vm.args: +Q Number
node.max_ports = 65536
## Set the distribution buffer busy limit (dist_buf_busy_limit).
##
## See: http://erlang.org/doc/man/erl.html
##
## Value: Number [1KB-2GB]
##
## vm.args: +zdbbl size
node.dist_buffer_size = 8MB
## Sets the maximum number of ETS tables. Note that mnesia and SSL will
## create temporary ETS tables.
##
## Value: Number
##
## vm.args: +e Number
node.max_ets_tables = 256000
## Tweak GC to run more often.
##
## Value: Number [0-65535]
##
## vm.args: -env ERL_FULLSWEEP_AFTER Number
node.fullsweep_after = 1000
## Crash dump log file.
##
## Value: Log file
node.crash_dump = {{ platform_log_dir }}/crash.dump
## Specify the erlang distributed protocol.
##
## Value: Enum
## - inet_tcp: the default; handles TCP streams with IPv4 addressing.
## - inet6_tcp: handles TCP with IPv6 addressing.
##
## vm.args: -proto_dist inet_tcp
node.proto_dist = inet_tcp
## Sets the net_kernel tick time. TickTime is specified in seconds.
## Notice that all communicating nodes are to have the same TickTime
## value specified.
##
## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
##
## Value: Number
##
## vm.args: -kernel net_ticktime Number
node.dist_net_ticktime = 60
## Sets the port range for the listener socket of a distributed Erlang node.
## Note that if there are firewalls between clustered nodes, this port segment
## for nodes communication should be allowed.
##
## See: http://www.erlang.org/doc/man/kernel_app.html
##
## Value: Port [1024-65535]
node.dist_listen_min = 6369
node.dist_listen_max = 6379
##--------------------------------------------------------------------
## Log
##--------------------------------------------------------------------
## Sets the log dir.
##
## Value: Folder
log.dir = {{ platform_log_dir }}
## Where to emit the console logs.
##
## Value: off | file | console | both
## - off: disabled
## - file: write to file
## - console: write to stdout
## - both: file and stdout
log.console = console
## Sets the severity level of console log.
##
## Value: debug | info | notice | warning | error | critical | alert | emergency
##
## Default: error
log.console.level = error
## The file where console logs will be writed to, when 'log.console' is set as 'file'.
##
## Value: File Name
## log.console.file = {{ platform_log_dir }}/console.log
## Maximum file size for console log.
##
## Value: Number(bytes)
## log.console.size = 10485760
## The rotation count for console log.
##
## Value: Number
## log.console.count = 5
## The file where info logs will be writed to.
##
## Value: File Name
## log.info.file = {{ platform_log_dir }}/info.log
## Maximum file size for info log.
##
## Value: Number(bytes)
## log.info.size = 10485760
## The rotation count for info log.
##
## Value: Number
## log.info.count = 5
## The file where error logs will be writed to.
##
## Value: File Name
log.error.file = {{ platform_log_dir }}/error.log
## Maximum file size for error log.
##
## Value: Number(bytes)
log.error.size = 10485760
## The rotation count for error log.
##
## Value: Number
log.error.count = 5
## Enable the crash log.
##
## Value: on | off
log.crash = on
## The file for crash log.
##
## Value: File Name
log.crash.file = {{ platform_log_dir }}/crash.log
## Enable syslog.
##
## Values: on | off
log.syslog = on
## Sets the severity level for syslog.
##
## Value: debug | info | notice | warning | error | critical | alert | emergency
log.syslog.level = error
##--------------------------------------------------------------------
## Allow Anonymous Authentication and Default ACL
##--------------------------------------------------------------------
## Allow Anonymous Authentication.
##
## Notice: Disable the option for production deployment.
##
## Value: true | false
mqtt.allow_anonymous = true
## Default behaviour when ACL nomatch.
##
## Value: allow | deny
mqtt.acl_nomatch = allow
## Default ACL File.
##
## Value: File Name
mqtt.acl_file = {{ platform_etc_dir }}/acl.conf
## Whether to cache ACL for publish messages.
##
## Value: true | false
mqtt.cache_acl = true
##--------------------------------------------------------------------
## MQTT Protocol
##--------------------------------------------------------------------
## Maximum length of MQTT clientId allowed.
##
## Value: Number [23-65535]
mqtt.max_clientid_len = 1024
## Maximum MQTT packet size allowed.
##
## Value: Bytes
##
## Default: 64K
mqtt.max_packet_size = 64KB
## Check if the websocket protocol header is valid.
## Turn off the option when developing WeChat App.
##
## Value: on | off
mqtt.websocket_protocol_header = on
## The backoff for MQTT keepalive timeout.
## EMQ will kick a MQTT connection out until 'Keepalive * backoff * 2' timeout.
##
## Value: Float > 0.5
mqtt.keepalive_backoff = 0.75
##--------------------------------------------------------------------
## MQTT Connection
##--------------------------------------------------------------------
## Force GC the MQTT connections. Value 0 will disable the Force GC.
##
## Value: Number >= 0
mqtt.conn.force_gc_count = 100
##--------------------------------------------------------------------
## MQTT Client
##--------------------------------------------------------------------
## MQTT client idle timeout, specified in seconds.
##
## Value: Duration
mqtt.client.idle_timeout = 30s
## TODO: Maximum publish rate of MQTT messages per second.
##
## Value: Number
## mqtt.client.max_publish_rate = 5
## Enable per client statistics.
##
## Value: on | off
mqtt.client.enable_stats = off
##--------------------------------------------------------------------
## MQTT Session
##--------------------------------------------------------------------
## Maximum number of subscriptions allowed, 0 means no limit.
##
## Value: Number
mqtt.session.max_subscriptions = 0
## Force to upgrade QoS according to subscription.
##
## Value: on | off
mqtt.session.upgrade_qos = off
## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
##
## Value: Number
mqtt.session.max_inflight = 32
## Retry interval for QoS1/2 message delivering.
##
## Value: Duration
mqtt.session.retry_interval = 20s
## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit.
##
## Value: Number
mqtt.session.max_awaiting_rel = 1000
## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.
##
## Value: Duration
mqtt.session.await_rel_timeout = 30s
## Enable per session statistics.
##
## Value: on | off
mqtt.session.enable_stats = on
## Session expiration time.
##
## Value: Duration
## -d: day
## -h: hour
## -m: minute
## -s: second
##
## Default: 2h, 2 hours
mqtt.session.expiry_interval = 2h
## Whether to ignore loop delivery of messages.
##
## Value: true | false
##
## Default: false
mqtt.session.ignore_loop_deliver = false
##--------------------------------------------------------------------
## MQTT Message Queue
##--------------------------------------------------------------------
## Message queue type.
##
## Value: simple | priority
mqtt.mqueue.type = simple
## Topic priority. Default is 0.
##
## Value: Number [0-255]
##
## mqtt.mqueue.priority = topic/1=10,topic/2=8
## Maximum queue length. Enqueued messages when persistent client disconnected,
## or inflight window is full. 0 means no limit.
##
## Value: Number >= 0
mqtt.mqueue.max_length = 1000
## Low-water mark of queued messages.
##
## Value: Percent
mqtt.mqueue.low_watermark = 20%
## High-water mark of queued messages.
##
## Value: Percent
mqtt.mqueue.high_watermark = 60%
## Whether to enqueue Qos0 messages.
##
## Value: false | true
mqtt.mqueue.store_qos0 = true
##--------------------------------------------------------------------
## MQTT Broker and PubSub
##--------------------------------------------------------------------
## System interval of publishing $SYS messages.
##
## Value: Duration
##
## Default: 1m, 1 minute
mqtt.broker.sys_interval = 1m
## The PubSub pool size. Default value should be same as scheduler numbers.
##
## Value: Number > 1
mqtt.pubsub.pool_size = 8
## TODO: Subscribe asynchronously.
##
## Value: true | false
mqtt.pubsub.async = true
##--------------------------------------------------------------------
## MQTT Bridge
##--------------------------------------------------------------------
## The pending message queue size of bridge.
##
## Value: Number
mqtt.bridge.max_queue_len = 10000
## Ping interval of bridge node.
##
## Value: Duration
##
## Default: 1s, 1 second
mqtt.bridge.ping_down_interval = 1s
##-------------------------------------------------------------------
## MQTT Plugins
##-------------------------------------------------------------------
## The etc dir for plugins' config.
##
## Value: Folder
mqtt.plugins.etc_dir ={{ platform_etc_dir }}/plugins/
## The file to store loaded plugin names.
##
## Value: File
mqtt.plugins.loaded_file = {{ platform_data_dir }}/loaded_plugins
##--------------------------------------------------------------------
## MQTT Listeners
##--------------------------------------------------------------------
##--------------------------------------------------------------------
## MQTT/TCP - External TCP Listener for MQTT Protocol
## listener.tcp.<name> is the IP address and port that the MQTT/TCP
## listener will bind.
##
## Value: IP:Port | Port
##
## Examples: 1883, 127.0.0.1:1883, ::1:1883
listener.tcp.external = 0.0.0.0:1883
## The acceptor pool for external MQTT/TCP listener.
##
## Value: Number
listener.tcp.external.acceptors = 16
## Maximum number of concurrent MQTT/TCP connections.
##
## Value: Number
listener.tcp.external.max_clients = 102400
## TODO: Zone of the external MQTT/TCP listener belonged to.
##
## Value: String
## listener.tcp.external.zone = external
## Mountpoint of the MQTT/TCP Listener. All the topics of this
## listener will be prefixed with the mount point if this option
## is enabled.
##
## Value: String
## listener.tcp.external.mountpoint = external/
## Rate limit for the external MQTT/TCP connections.
## Format is 'burst,rate'.
##
## Value: burst,rate
## Unit: KB/sec
## listener.tcp.external.rate_limit = 100,10
## The access control rules for the MQTT/TCP listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## Value: ACL Rule
##
## Example: allow 192.168.0.0/24
listener.tcp.external.access.1 = allow all
## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## Value: on | off
## listener.tcp.external.proxy_protocol = on
## Sets the timeout for proxy protocol. EMQ will close the TCP connection
## if no proxy protocol packet recevied within the timeout.
##
## Value: Duration
## listener.tcp.external.proxy_protocol_timeout = 3s
## Enable the option for X.509 certificate based authentication.
## EMQ will Use the PP2_SUBTYPE_SSL_CN field in Proxy Protocol V2
## as MQTT username.
##
## Value: cn
## listener.tcp.external.peer_cert_as_username = cn
## The TCP backlog defines the maximum length that the queue of pending
## connections can grow to.
##
## Value: Number >= 0
listener.tcp.external.backlog = 1024
## The TCP send timeout for external MQTT connections.
##
## Value: Duration
listener.tcp.external.send_timeout = 15s
## Close the TCP connection if send timeout.
##
## Value: on | off
listener.tcp.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for MQTT connections.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
## listener.tcp.external.recbuf = 4KB
## The TCP send buffer(os kernel) for MQTT connections.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
## listener.tcp.external.sndbuf = 4KB
## The size of the user-level software buffer used by the driver.
## Not to be confused with options sndbuf and recbuf, which correspond
## to the Kernel socket buffers. It is recommended to have val(buffer)
## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because
## of unnecessary copying. val(buffer) is automatically set to the above
## maximum when values sndbuf or recbuf are set.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
## listener.tcp.external.buffer = 4KB
## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
##
## Value: on | off
listener.tcp.external.tune_buffer = on
## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
## sent immediately if the option is enabled.
##
## Value: true | false
listener.tcp.external.nodelay = true
## The SO_REUSEADDR flag for TCP listener.
##
## Value: true | false
listener.tcp.external.reuseaddr = true
##--------------------------------------------------------------------
## Internal TCP Listener for MQTT Protocol
## The IP address and port that the internal MQTT/TCP protocol listener
## will bind.
##
## Value: IP:Port, Port
##
## Examples: 11883, 127.0.0.1:11883, ::1:11883
listener.tcp.internal = 127.0.0.1:11883
## The acceptor pool for internal MQTT/TCP listener.
##
## Value: Number
listener.tcp.internal.acceptors = 4
## Maximum number of concurrent MQTT/TCP connections.
##
## Value: Number
listener.tcp.internal.max_clients = 102400
## TODO: Zone of the internal MQTT/TCP listener belonged to.
##
## Value: String
## listener.tcp.internal.zone = internal
## Mountpoint of the MQTT/TCP Listener.
##
## See: listener.tcp.<name>.mountpoint
##
## Value: String
## listener.tcp.internal.mountpoint = internal/
## Rate limit for the internal MQTT/TCP connections.
##
## See: listener.tcp.<name>.rate_limit
##
## Value: burst,rate
## listener.tcp.internal.rate_limit = 1000,100
## The TCP backlog of internal MQTT/TCP Listener.
##
## See: listener.tcp.<name>.backlog
##
## Value: Number >= 0
listener.tcp.internal.backlog = 512
## The TCP send timeout for internal MQTT connections.
##
## See: listener.tcp.<name>.send_timeout
##
## Value: Duration
listener.tcp.internal.send_timeout = 5s
## Close the MQTT/TCP connection if send timeout.
##
## See: listener.tcp.<name>.send_timeout_close
##
## Value: on | off
listener.tcp.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for internal MQTT connections.
##
## See: listener.tcp.<name>.recbuf
##
## Value: Bytes
listener.tcp.internal.recbuf = 16KB
## The TCP send buffer(os kernel) for internal MQTT connections.
##
## See: http://erlang.org/doc/man/inet.html
##
## Value: Bytes
listener.tcp.internal.sndbuf = 16KB
## The size of the user-level software buffer used by the driver.
##
## See: listener.tcp.<name>.buffer
##
## Value: Bytes
listener.tcp.internal.buffer = 16KB
## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
##
## See: listener.tcp.<name>.tune_buffer
##
## Value: on | off
listener.tcp.internal.tune_buffer = on
## The TCP_NODELAY flag for internal MQTT connections.
##
## See: listener.tcp.<name>.nodelay
##
## Value: true | false
listener.tcp.internal.nodelay = false
## The SO_REUSEADDR flag for MQTT/TCP Listener.
##
## Value: true | false
listener.tcp.internal.reuseaddr = true
##--------------------------------------------------------------------
## MQTT/SSL - External SSL Listener for MQTT Protocol
## listener.ssl.<name> is the IP address and port that the MQTT/SSL
## listener will bind.
##
## Value: IP:Port | Port
##
## Examples: 8883, 127.0.0.1:8883, ::1:8883
listener.ssl.external = 8883
## The acceptor pool for external MQTT/SSL listener.
##
## Value: Number
listener.ssl.external.acceptors = 16
## Maximum number of concurrent MQTT/SSL connections.
##
## Value: Number
listener.ssl.external.max_clients = 1024
## TODO: Zone of the external MQTT/SSL listener belonged to.
##
## Value: String
## listener.ssl.external.zone = external
## Mountpoint of the MQTT/SSL Listener.
##
## Value: String
## listener.ssl.external.mountpoint = inbound/
## The access control rules for the MQTT/SSL listener.
##
## See: listener.tcp.<name>.access
##
## Value: ACL Rule
listener.ssl.external.access.1 = allow all
## Rate limit for the external MQTT/SSL connections.
##
## Value: burst,rate
## listener.ssl.external.rate_limit = 100,10
## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
## HAProxy or Nginx.
##
## See: listener.tcp.<name>.proxy_protocol
##
## Value: on | off
## listener.ssl.external.proxy_protocol = on
## Sets the timeout for proxy protocol.
##
## See: listener.tcp.<name>.proxy_protocol_timeout
##
## Value: Duration
## listener.ssl.external.proxy_protocol_timeout = 3s
## TLS versions only to protect from POODLE attack.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: String, seperated by ','
## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## TLS Handshake timeout.
##
## Value: Duration
listener.ssl.external.handshake_timeout = 15s
## Path to the file containing the user's private PEM-encoded key.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
## Path to a file containing the user certificate.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: File
listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Path to the file containing PEM-encoded CA certificates. The CA certificates
## are used during server authentication and when building the client certificate chain.
##
## Value: File
## listener.ssl.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## The Ephemeral Diffie-Helman key exchange is a very effective way of
## ensuring Forward Secrecy by exchanging a set of keys that never hit
## the wire. Since the DH key is effectively signed by the private key,
## it needs to be at least as strong as the private key. In addition,
## the default DH groups that most of the OpenSSL installations have
## are only a handful (since they are distributed with the OpenSSL
## package that has been built for the operating system its running on)
## and hence predictable (not to mention, 1024 bits only).
## In order to escape this situation, first we need to generate a fresh,
## strong DH group, store it in a file and then use the option above,
## to force our SSL application to use the new DH group. Fortunately,
## OpenSSL provides us with a tool to do that. Simply run:
## openssl dhparam -out dh-params.pem 2048
##
## Value: File
## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## A server only does x509-path validation in mode verify_peer,
## as it then sends a certificate request to the client (this
## message is not sent if the verify option is verify_none).
## You can then also want to specify option fail_if_no_peer_cert.
## More information at: http://erlang.org/doc/man/ssl.html
##
## Value: verify_peer | verify_none
## listener.ssl.external.verify = verify_peer
## Used together with {verify, verify_peer} by an SSL server. If set to true,
## the server fails if the client does not have a certificate to send, that is,
## sends an empty certificate.
##
## Value: true | false
## listener.ssl.external.fail_if_no_peer_cert = true
## This is the single most important configuration option of an Erlang SSL
## application. Ciphers (and their ordering) define the way the client and
## server encrypt information over the wire, from the initial Diffie-Helman
## key exchange, the session key encryption ## algorithm and the message
## digest algorithm. Selecting a good cipher suite is critical for the
## applications data security, confidentiality and performance.
##
## The cipher list above offers:
##
## A good balance between compatibility with older browsers.
## It can get stricter for Machine-To-Machine scenarios.
## Perfect Forward Secrecy.
## No old/insecure encryption and HMAC algorithms
##
## Most of it was copied from Mozillas Server Side TLS article
##
## Value: Ciphers
## listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
## SSL parameter renegotiation is a feature that allows a client and a server
## to renegotiate the parameters of the SSL connection on the fly.
## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
## you drop support for the insecure renegotiation, prone to MitM attacks.
##
## Value: on | off
## listener.ssl.external.secure_renegotiate = off
## A performance optimization setting, it allows clients to reuse
## pre-existing sessions, instead of initializing new ones.
## Read more about it here.
##
## See: http://erlang.org/doc/man/ssl.html
##
## Value: on | off
## listener.ssl.external.reuse_sessions = on
## An important security setting, it forces the cipher to be set based
## on the server-specified order instead of the client-specified order,
## hence enforcing the (usually more properly configured) security
## ordering of the server administrator.
##
## Value: on | off
## listener.ssl.external.honor_cipher_order = on
## Use the CN or DN value from the client certificate as a username.
## Notice that 'verify' should be set as 'verify_peer'.
##
## Value: cn | dn
## listener.ssl.external.peer_cert_as_username = cn
## TCP backlog for the SSL connection.
##
## See listener.tcp.<name>.backlog
##
## Value: Number >= 0
## listener.ssl.external.backlog = 1024
## The TCP send timeout for the SSL connection.
##
## See listener.tcp.<name>.send_timeout
##
## Value: Duration
## listener.ssl.external.send_timeout = 15s
## Close the SSL connection if send timeout.
##
## See: listener.tcp.<name>.send_timeout_close
##
## Value: on | off
## listener.ssl.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for the SSL connections.
##
## See: listener.tcp.<name>.recbuf
##
## Value: Bytes
## listener.ssl.external.recbuf = 4KB
## The TCP send buffer(os kernel) for internal MQTT connections.
##
## See: listener.tcp.<name>.sndbuf
##
## Value: Bytes
## listener.ssl.external.sndbuf = 4KB
## The size of the user-level software buffer used by the driver.
##
## See: listener.tcp.<name>.buffer
##
## Value: Bytes
## listener.ssl.external.buffer = 4KB
## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
##
## See: listener.tcp.<name>.tune_buffer
##
## Value: on | off
## listener.ssl.external.tune_buffer = on
## The TCP_NODELAY flag for SSL connections.
##
## See: listener.tcp.<name>.nodelay
##
## Value: true | false
## listener.ssl.external.nodelay = true
## The SO_REUSEADDR flag for MQTT/SSL Listener.
##
## Value: true | false
listener.ssl.external.reuseaddr = true
##--------------------------------------------------------------------
## External WebSocket Listener for MQTT Protocol
## listener.ws.<name> is the IP address and port that the MQTT/WebSocket
## listener will bind.
##
## Value: IP:Port | Port
##
## Examples: 8083, 127.0.0.1:8083, ::1:8083
listener.ws.external = 8083
## The acceptor pool for external MQTT/WebSocket listener.
##
## Value: Number
listener.ws.external.acceptors = 4
## Maximum number of concurrent MQTT/WebSocket connections.
##
## Value: Number
listener.ws.external.max_clients = 102400
## TODO: Zone of the external MQTT/WebSocket listener belonged to.
##
## Value: String
## listener.ws.external.zone = external
## Mountpoint of the MQTT/WebSocket Listener.
##
## See: listener.tcp.<name>.mountpoint
##
## Value: String
## listener.ws.external.mountpoint = external/
## The access control for the MQTT/WebSocket listener.
##
## See: listener.tcp.<name>.access
##
## Value: ACL Rule
listener.ws.external.access.1 = allow all
## Use X-Forwarded-For header for real source IP if the EMQ cluster is
## deployed behind NGINX or HAProxy.
##
## Value: String
## listener.ws.external.proxy_address_header = X-Forwarded-For
## Use X-Forwarded-Port header for real source port if the EMQ cluster is
## deployed behind NGINX or HAProxy.
##
## Value: String
## listener.ws.external.proxy_port_header = X-Forwarded-Port
## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
## HAProxy or Nginx.
##
## See: listener.tcp.<name>.proxy_protocol
##
## Value: on | off
## listener.ws.external.proxy_protocol = on
## Sets the timeout for proxy protocol.
##
## See: listener.tcp.<name>.proxy_protocol_timeout
##
## Value: Duration
## listener.ws.external.proxy_protocol_timeout = 3s
## The TCP backlog of external MQTT/WebSocket Listener.
##
## See: listener.tcp.<name>.backlog
##
## Value: Number >= 0
listener.ws.external.backlog = 1024
## The TCP send timeout for external MQTT/WebSocket connections.
##
## See: listener.tcp.<name>.send_timeout
##
## Value: Duration
listener.ws.external.send_timeout = 15s
## Close the MQTT/WebSocket connection if send timeout.
##
## See: listener.tcp.<name>.send_timeout_close
##
## Value: on | off
listener.ws.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections.
##
## See: listener.tcp.<name>.recbuf
##
## Value: Bytes
## listener.ws.external.recbuf = 4KB
## The TCP send buffer(os kernel) for external MQTT/WebSocket connections.
##
## See: listener.tcp.<name>.sndbuf
##
## Value: Bytes
## listener.ws.external.sndbuf = 4KB
## The size of the user-level software buffer used by the driver.
##
## See: listener.tcp.<name>.buffer
##
## Value: Bytes
## listener.ws.external.buffer = 4KB
## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
##
## See: listener.tcp.<name>.tune_buffer
##
## Value: on | off
listener.ws.external.tune_buffer = on
## The TCP_NODELAY flag for external MQTT/WebSocket connections.
##
## See: listener.tcp.<name>.nodelay
##
## Value: true | false
listener.ws.external.nodelay = true
## The SO_REUSEADDR flag for MQTT/WebSocket Listener.
##
## Value: true | false
listener.ws.external.reuseaddr = true
##--------------------------------------------------------------------
## External WebSocket/SSL listener for MQTT Protocol
## listener.wss.<name> is the IP address and port that the MQTT/WebSocket/SSL
## listener will bind.
##
## Value: IP:Port | Port
##
## Examples: 8084, 127.0.0.1:8084, ::1:8084
listener.wss.external = 8084
## The acceptor pool for external MQTT/WebSocket/SSL listener.
##
## Value: Number
listener.wss.external.acceptors = 4
## Maximum number of concurrent MQTT/Webwocket/SSL connections.
##
## Value: Number
listener.wss.external.max_clients = 64
## TODO: Zone of the external MQTT/WebSocket/SSL listener belonged to.
##
## Value: String
## listener.wss.external.zone = external
## Mountpoint of the MQTT/WebSocket/SSL Listener.
##
## See: listener.tcp.<name>.mountpoint
##
## Value: String
## listener.wss.external.mountpoint = inbound/
## The access control rules for the MQTT/WebSocket/SSL listener.
##
## See: listener.tcp.<name>.access.<no>
##
## Value: ACL Rule
listener.wss.external.access.1 = allow all
## See: listener.ws.external.proxy_address_header
##
## Value: String
## listener.wss.external.proxy_address_header = X-Forwarded-For
## See: listener.ws.external.proxy_port_header
##
## Value: String
## listener.wss.external.proxy_port_header = X-Forwarded-Port
## Enable the Proxy Protocol V1/2 support.
##
## See: listener.tcp.<name>.proxy_protocol
##
## Value: on | off
## listener.wss.external.proxy_protocol = on
## Sets the timeout for proxy protocol.
##
## See: listener.tcp.<name>.proxy_protocol_timeout
##
## Value: Duration
## listener.wss.external.proxy_protocol_timeout = 3s
## TLS versions only to protect from POODLE attack.
##
## See: listener.ssl.<name>.tls_versions
##
## Value: String, seperated by ','
## listener.wss.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## TLS Handshake timeout.
##
## See: listener.ssl.<name>.handshake_timeout
##
## Value: Duration
listener.wss.external.handshake_timeout = 15s
## Path to the file containing the user's private PEM-encoded key.
##
## See: listener.ssl.<name>.keyfile
##
## Value: File
listener.wss.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
## Path to a file containing the user certificate.
##
## See: listener.ssl.<name>.certfile
##
## Value: File
listener.wss.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
## Path to the file containing PEM-encoded CA certificates.
##
## See: listener.ssl.<name>.cacert
##
## Value: File
## listener.wss.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
## See: listener.ssl.<name>.dhfile
##
## Value: File
## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
## See: listener.ssl.<name>.vefify
##
## Value: vefify_peer | verify_none
## listener.wss.external.verify = verify_peer
## See: listener.ssl.<name>.fail_if_no_peer_cert
##
## Value: false | true
## listener.wss.external.fail_if_no_peer_cert = true
## See: listener.ssl.<name>.ciphers
##
## Value: Ciphers
## listener.wss.external.ciphers =
## See: listener.ssl.<name>.secure_renegotiate
##
## Value: on | off
## listener.wss.external.secure_renegotiate = off
## See: listener.ssl.<name>.reuse_sessions
##
## Value: on | off
## listener.wss.external.reuse_sessions = on
## See: listener.ssl.<name>.honor_cipher_order
##
## Value: on | off
## listener.wss.external.honor_cipher_order = on
## See: listener.ssl.<name>.peer_cert_as_username
##
## Value: cn | dn
## listener.wss.external.peer_cert_as_username = cn
## TCP backlog for the WebSocket/SSL connection.
##
## See listener.tcp.<name>.backlog
##
## Value: Number >= 0
listener.wss.external.backlog = 1024
## The TCP send timeout for the WebSocket/SSL connection.
##
## See: listener.tcp.<name>.send_timeout
##
## Value: Duration
listener.wss.external.send_timeout = 15s
## Close the WebSocket/SSL connection if send timeout.
##
## See: listener.tcp.<name>.send_timeout_close
##
## Value: on | off
listener.wss.external.send_timeout_close = on
## The TCP receive buffer(os kernel) for the WebSocket/SSL connections.
##
## See: listener.tcp.<name>.recbuf
##
## Value: Bytes
## listener.wss.external.recbuf = 4KB
## The TCP send buffer(os kernel) for the WebSocket/SSL connections.
##
## See: listener.tcp.<name>.sndbuf
##
## Value: Bytes
## listener.wss.external.sndbuf = 4KB
## The size of the user-level software buffer used by the driver.
##
## See: listener.tcp.<name>.buffer
##
## Value: Bytes
## listener.wss.external.buffer = 4KB
## The TCP_NODELAY flag for WebSocket/SSL connections.
##
## See: listener.tcp.<name>.nodelay
##
## Value: true | false
## listener.wss.external.nodelay = true
## The SO_REUSEADDR flag for WebSocket/SSL listener.
##
## Value: true | false
listener.wss.external.reuseaddr = true
##--------------------------------------------------------------------
## HTTP Management API Listener
## The IP Address and Port that the EMQ HTTP API will bind.
##
## Value: IP:Port | Port
##
## Default: 0.0.0.0:8080
listener.api.mgmt = 0.0.0.0:8080
## The TCP Acceptor pool size.
##
## Value: Number
listener.api.mgmt.acceptors = 4
## Maximum concurrent HTTP clients allowed.
##
## Value: Number
listener.api.mgmt.max_clients = 64
## The access control rules for the listener.
##
## See: https://github.com/emqtt/esockd#allowdeny
##
## Value: ACL Rule
listener.api.mgmt.access.1 = allow all
## The TCP backlog for HTTP API.
##
## Value: Number >= 0
listener.api.mgmt.backlog = 512
## The TCP send timeout for HTTP API.
##
## Value: Duration
listener.api.mgmt.send_timeout = 15s
## Close the TCP connection if send timeout.
##
## Value: on | off
listener.api.mgmt.send_timeout_close = on
##-------------------------------------------------------------------
## System Monitor
##-------------------------------------------------------------------
## Enable Long GC monitoring.
## Notice: don't enable the monitor in production for:
## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
##
## Value: true | false
sysmon.long_gc = false
## Enable Long Schedule(ms) monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## Value: Number
sysmon.long_schedule = 240
## Enable Large Heap monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## Value: bytes
##
## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM.
sysmon.large_heap = 8MB
## Enable Busy Port monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## Value: true | false
sysmon.busy_port = false
## Enable Busy Dist Port monitoring.
##
## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
##
## Value: true | false
sysmon.busy_dist_port = true
Reference in New Issue View Git Blame Copy Permalink