82 lines
2.9 KiB
Plaintext
82 lines
2.9 KiB
Plaintext
##--------------------------------------------------------------------
|
|
## Cluster in service discovery using 'etcd' service mode
|
|
##
|
|
## Configs to instruct how individual nodes can discover each other
|
|
##--------------------------------------------------------------------
|
|
## Note: This is an example of how to configure this feature
|
|
## you should copy and paste the below data into the emqx.conf for working
|
|
|
|
cluster {
|
|
## Human-friendly name of the EMQX cluster.
|
|
name = emqxcl
|
|
|
|
## Service discovery method for the cluster nodes
|
|
discovery_strategy = etcd
|
|
|
|
## List of core nodes that the replicant will connect to
|
|
core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"]
|
|
|
|
## If true, the node will try to heal network partitions automatically
|
|
autoheal = true
|
|
|
|
etcd {
|
|
## List of endpoint URLs of the etcd cluster
|
|
server = "http://ur1,http://ur2"
|
|
|
|
## Key prefix used for EMQX service discovery
|
|
prefix = emqxcl
|
|
|
|
## Expiration time of the etcd key associated with the node.
|
|
node_ttl = 1m
|
|
|
|
ssl_options {
|
|
## Trusted PEM format CA certificates bundle file
|
|
cacertfile = "data/certs/cacert.pem"
|
|
|
|
## PEM format certificates chain file
|
|
certfile = "data/certs/cert.pem"
|
|
|
|
## PEM format private key file
|
|
keyfile = "data/certs/key.pem"
|
|
|
|
## Enable or disable peer verification
|
|
verify = verify_none ## use verify_peer to enable
|
|
|
|
## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send
|
|
fail_if_no_peer_cert = false
|
|
|
|
## Enable TLS session reuse
|
|
reuse_sessions = true
|
|
|
|
## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
|
|
depth = 10
|
|
|
|
## Which versions are to be supported
|
|
versions = [tlsv1.3, tlsv1.2]
|
|
|
|
## TLS cipher suite names
|
|
## Note: By default, all available suites are supported, you do not need to set this
|
|
ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]
|
|
|
|
## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
|
|
secure_renegotiate = true
|
|
|
|
## Log level for SSL communication
|
|
## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
|
|
log_level = notice
|
|
|
|
## Hibernate the SSL process after idling for amount of time reducing its memory footprint
|
|
hibernate_after = 5s
|
|
|
|
## Forces the cipher to be set based on the server-specified order instead of the client-specified order
|
|
honor_cipher_order = true
|
|
|
|
## Setting this to false to disable client-initiated renegotiation
|
|
client_renegotiation = true
|
|
|
|
## Maximum time duration allowed for the handshake to complete
|
|
handshake_timeout = 15s
|
|
}
|
|
}
|
|
}
|