The VerneMQ conf file

A closer look at an example vernemq.conf file (Note: This is a work-in-progress section)

VerneMQ is usually configured by editing a single config file called vernemq.conf. The config file will be generated by the make rel process building a release, and it will also come with the binary VerneMQ packages.

In the vernemq.conf file you will find keys and values (sometimes out-commented), with some short documentation. Some values are hidden, that is you won't find them in the auto-generated conf file. Those are meant to be added to the conf file manually. Typically, hidden values aren't the most used configuration values.

Here's a full vernemq.conf template, as generated by the 2.0.0. release. It is a long file, but luckily you won't need to change every value!

## Allow anonymous users to connect, default is 'off'. !!NOTE!!
## Enabling this completely disables authentication of the clients and
## should only be used for testing/development purposes or in case
## clients are authenticated by some other means.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_anonymous = off

## Allow new client connections even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_register_during_netsplit = off

## Allow message publishs even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_publish_during_netsplit = off

## Allow new subscriptions even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_subscribe_during_netsplit = off

## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_unsubscribe_during_netsplit = off

## Client registrations can be either happen in a coordinated or
## uncoordinated fashion. Uncoordinated registrations are faster and
## will cause other clients with the same client-id to be eventually
## disconnected, while coordinated ensures that any other client with
## the same client-id will be immediately disconnected.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
coordinate_registrations = on

## Secret to be used for crendentials obfuscation. Default is "random" which
## generates a random string.
## 
## Default: random
## 
## Acceptable values:
##   - text
logging.obfuscation_secret = random

## Client disconnect due to keepalive is by default a warning. In unstable networks
## it might be "expected" behaviour to have a lot of those warnings. This allows to
## downgrade the warning to an info message.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
logging.keepalive_as_warning = on

## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message
## delivery gets no answer.
## 
## Default: 20
## 
## Acceptable values:
##   - an integer
## retry_interval = 20

## Set the maximum size for client IDs. MQTT v3.1 specifies a
## limit of 23 characters
## 
## Default: 100
## 
## Acceptable values:
##   - an integer
## max_client_id_size = 100

## This option allows persistent clients ( = clean session set to
## false) to be removed if they do not reconnect within 'persistent_client_expiration'.
## This is a non-standard option. As far as the MQTT specification is concerned,
## persistent clients persist forever.
## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for
## day, week, month, and year.
## 
## Default: never
## 
## Acceptable values:
##   - text
## persistent_client_expiration = 1w

## The maximum delay for a last will message. This setting
## applies only to MQTTv5 sessions and can be used to override the
## value provided by the client.
## The delay can be either 'client' which means the value specified by
## the client is used, or an integer followed by one of 's', 'h' 'd',
## 'w', 'm', 'y' for day, week, month, and year used to cap the value
## provided by the client..
## 
## Default: client
## 
## Acceptable values:
##   - text
## max_last_will_delay = client

## The maximum number of QoS 1 or 2 messages that can be in the process of being
## transmitted simultaneously. This includes messages currently going through handshakes
## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set
## to 1, this will guarantee in-order delivery of messages.
## Note: for MQTT v5, use receive_max_client/receive_max_broker to implement
## similar behaviour.
## 
## Default: 20
## 
## Acceptable values:
##   - an integer
max_inflight_messages = 20

## The maximum number of messages to hold in the queue above
## those messages that are currently in flight. Defaults to 1000. This affects
## messages of any QoS. Set to -1 for no maximum (not recommended).
## This option allows to control how a specific client session can deal
## with message bursts. As a general rule of thumb set
## this number a bit higher than the expected message rate a single consumer is
## required to process. Note that setting this value to 0 will totally block
## delivery from any queue.
## 
## Default: 1000
## 
## Acceptable values:
##   - an integer
max_online_messages = 1000

## The maximum number of QoS 1 or 2 messages to hold in the offline queue.
## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0
## if no messages should be stored offline.
## 
## Default: 1000
## 
## Acceptable values:
##   - an integer
max_offline_messages = 1000

## Allows a session that changes from offline to online to override the maximum
## online message count (max_online_messages). All offlines messages will be added
## to the online queue.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
override_max_online_messages = off

## This option sets the maximum MQTT size that VerneMQ will
## allow.  Messages that exceed this size will not be accepted by
## VerneMQ. The default value is 0, which means that all valid MQTT
## messages are accepted. MQTT imposes a maximum payload size of
## 268435455 bytes.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
max_message_size = 0

## If a message is published with a QoS lower than the QoS of the subscription it is
## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
upgrade_outgoing_qos = off

## listener.tcp.buffer_sizes is an list of three integers
## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send
## buffer, the kernel TCP receive buffer and the user-level buffer
## size in the erlang driver.
## It is recommended to have val(user-level buffer) >= val(receive
## buffer) to avoid performance issues because of unnecessary copying.
## If not set, the operating system defaults are used.
## This option can be set on the protocol level by:
## - listener.tcp.buffer_sizes
## - listener.ssl.buffer_sizes
## or on the listener level by:
## - listener.tcp.my_tcp_listener.buffer_sizes
## - listener.ssl.my_ssl_listener.buffer_sizes
## 
## Acceptable values:
##   - text
## listener.tcp.buffer_sizes = 4096,16384,32768

## listener.max_connection_lifetime is an integer defining the maximum lifetime
## of MQTT connection in seconds. This option can be overridden on the protocol level by:
## - listener.tcp.max_connection_lifetime
## - listener.ssl.max_connection_lifetime
## - listener.ws.max_connection_lifetime
## - listener.wss.max_connection_lifetime
## or on the listener level by:
## - listener.tcp.my_tcp_listener.max_connection_lifetime
## - listener.ssl.my_ssl_listener.max_connection_lifetime
## - listener.ws.my_ws_listener.max_connection_lifetime
## - listener.wss.my_wss_listener.
## This is an implementation of MQTT security proposal:
## "Servers may close the Network Connection of Clients and require them to re-authenticate with new credentials."
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
listener.max_connection_lifetime = 0

## listener.max_connections is an integer or 'infinity' defining
## the maximum number of concurrent connections. This option can be overridden
## on the protocol level by:
## - listener.tcp.max_connections
## - listener.ssl.max_connections
## - listener.ws.max_connections
## - listener.wss.max_connections
## or on the listener level by:
## - listener.tcp.my_tcp_listener.max_connections
## - listener.ssl.my_ssl_listener.max_connections
## - listener.ws.my_ws_listener.max_connections
## - listener.wss.my_wss_listener.max_connections
## 
## Default: 10000
## 
## Acceptable values:
##   - an integer
##   - the text "infinity"
listener.max_connections = 10000

## Set the maximum frame in bytes that a WebSocket connection is allowed to
## send. If the client tries to send more in one frame, the server will disconnect it.
## 
## Default: 268435456
## 
## Acceptable values:
##   - an integer
##   - the text "infinity"
max_ws_frame_size = 268435456

## Set the nr of acceptors waiting to concurrently accept new connections.
## This can be specified either on the protocol level:
## - listener.tcp.nr_of_acceptors
## - listener.ssl.nr_of_acceptors
## - listener.ws.nr_of_acceptors
## - listener.wss.nr_of_acceptors
## or on the listener level:
## - listener.tcp.my_tcp_listener.nr_of_acceptors
## - listener.ssl.my_ssl_listener.nr_of_acceptors
## - listener.ws.my_ws_listener.nr_of_acceptors
## - listener.wss.my_wss_listener.nr_of_acceptors
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
listener.nr_of_acceptors = 10

## listener.tcp.<name> is an IP address and TCP port that
## the broker will bind to. You can define multiple listeners e.g:
## - listener.tcp.default = 127.0.0.1:1883
## - listener.tcp.internal = 127.0.0.1:10883
## - listener.tcp.my_other_listener = 127.0.0.1:10884
## This also works for SSL listeners and WebSocket handlers:
## - listener.ssl.default = 127.0.0.1:8883
## - listener.ws.default = 127.0.0.1:800
## - listener.wss.default = 127.0.0.1:880
## 
## Default: 127.0.0.1:1883
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
##   - a Unix Domain Socket, e.g. local:/var/run/app.sock:0
listener.tcp.name = 127.0.0.1:1883

## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
## listener.ssl.name = 127.0.0.1:8883

## 'listener.tcp.my_listener.allow_anonymous_override' configures whether
## this listener is allowed to override the global allow_anonymous setting.
## The setting has one single purpose: to give a listener the capability to switch off
## all authentication plugins. (that is override a global allow_anonymous=off with a per-listener allow_anonymous=on).
## Specifically, it can allow TLS listeners to disable internal authentication (using only client certificates as
## authentication) while keeping all the other MQTT listeners safe.
## global | listener | Result for listener:  (on = anonymous access allowed)
## on	  | on	     | on
## off    | on	     | on
## off    | off      | off
## on     | off      | on
## Both values are simply OR'ed together. Please note that this does not allow you to globally allow anonymous access, and
## then selectively switch off single listeners!
## - listener.tcp.my_listener.allow_anonymous_override
## - listener.ssl.my_listener.allow_anonymous_override
## Allowed values are 'on' or 'off'. The default value for an unconfigured listener will be 'off'.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
listener.tcp.name.allow_anonymous_override = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
listener.ssl.name.allow_anonymous_override = off

## 'listener.tcp.allowed_protocol_versions' configures which
## protocol versions are allowed for an MQTT listener. The allowed
## protocol versions can be specified the tcp, websocket or ssl level:
## - listener.tcp.allowed_protocol_versions
## - listener.ws.allowed_protocol_versions
## - listener.wss.allowed_protocol_versions
## - listener.ssl.allowed_protocol_versions
## or for a specific listener:
## - listener.tcp.my_tcp_listener.allowed_protocol_versions
## - listener.ws.my_ws_listener.allowed_protocol_versions
## - listener.wss.my_ws_listener.allowed_protocol_versions
## - listener.ssl.my_ws_listener.allowed_protocol_versions
## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131
## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).
## 
## Default: 3,4,5,131
## 
## Acceptable values:
##   - text
## listener.tcp.allowed_protocol_versions = 3,4,5

## listener.vmq.clustering is the IP address and TCP port that
## the broker will bind to accept connections from other cluster
## nodes e.g:
## - listener.vmq.clustering = 0.0.0.0:18883
## This also works for SSL listeners:
## - listener.vmqs.clustering = 0.0.0.0:18884
## 
## Default: 0.0.0.0:44053
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.vmq.clustering = 0.0.0.0:44053

## listener.http.default is the IP address and TCP port that
## the broker will bind to accept HTTP connections
## - listener.http.default = 0.0.0.0:8888
## This also works for SSL listeners:
## - listener.https.default= 0.0.0.0:8889
## 
## Default: 127.0.0.1:8888
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.http.default = 127.0.0.1:8888

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted. Set the cafile
## on the protocol level or on the listener level:
## - listener.ssl.cafile
## - listener.wss.cafile
## or on the listener level:
## - listener.ssl.my_ssl_listener.cafile
## - listener.wss.my_wss_listener.cafile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.cafile = ./etc/cacerts.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.cafile = ./etc/cacerts.pem

## Set the path to the PEM encoded server certificate
## on the protocol level or on the listener level:
## - listener.ssl.certfile
## - listener.wss.certfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.certfile
## - listener.wss.my_wss_listener.certfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.certfile = ./etc/cert.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file on the protocol
## level or on the listener level:
## - listener.ssl.keyfile
## - listener.wss.keyfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.keyfile
## - listener.wss.my_wss_listener.keyfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.keyfile = ./etc/key.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.vmqs.keyfile = ./etc/key.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.keyfile = ./etc/key.pem

## Set the list of allowed ciphers (each separated with a colon,
## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),
## on the protocol level or on the listener level. Reasonable defaults
## are used if nothing is specified:
## - listener.ssl.ciphers
## - listener.wss.ciphers
## or on the listener level:
## - listener.ssl.my_ssl_listener.ciphers
## - listener.wss.my_wss_listener.ciphers
## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.ssl.ciphers = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.vmqs.ciphers = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.https.ciphers = 

## Set the list of allowed elliptical curves (each separated with a colon,
## e.g. "[sect571k1,secp521r1,brainpoolP512r1]"), on the protocol level or on the listener level.
## All known curves are used if nothing is specified.
## - listener.ssl.eccs
## - listener.wss.eccs
## or on the listener level:
## - listener.ssl.my_ssl_listener.eccs
## - listener.wss.my_wss_listener.eccs
## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.ssl.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.vmqs.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.https.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## If you have 'listener.ssl.require_certificate' set to true,
## you can create a certificate revocation list file to revoke access
## to particular client certificates. If you have done this, use crlfile
## to point to the PEM encoded revocation file. This can be done on the
## protocol level or on the listener level.
## - listener.ssl.crlfile
## - listener.wss.crlfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.crlfile
## - listener.wss.my_wss_listener.crlfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.crlfile = 

## Enable this option if you want to use SSL client certificates
## to authenticate your clients. This can be done on the protocol level
## or on the listener level.
## - listener.ssl.require_certificate
## - listener.wss.require_certificate
## or on the listener level:
## - listener.ssl.my_ssl_listener.require_certificate
## - listener.wss.my_wss_listener.require_certificate
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.require_certificate = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.vmqs.require_certificate = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.https.require_certificate = off

## Configure the TLS protocol version (tlsv1, tlsv1.1, tlsv1.2 or tlsv1.3) to be
## used for either all configured SSL listeners or for a specific listener:
## - listener.ssl.tls_version
## - listener.wss.tls_version
## or on the listener level:
## - listener.ssl.my_ssl_listener.tls_version
## - listener.wss.my_wss_listener.tls_version
## TLSv1.3 requires OTP 23 or later.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.ssl.tls_version = tlsv1.2

## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.vmqs.tls_version = tlsv1.2

## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.https.tls_version = tlsv1.2

## If 'listener.ssl.require_certificate' is enabled, you may enable
## 'listener.ssl.use_identity_as_username' to use the CN value from the client
## certificate as a username. If enabled other authentication plugins are not
## considered. The option can be specified either for all SSL listeners or for
## a specific listener:
## - listener.ssl.use_identity_as_username
## - listener.wss.use_identity_as_username
## or on the listener level:
## - listener.ssl.my_ssl_listener.use_identity_as_username
## - listener.wss.my_wss_listener.use_identity_as_username
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.use_identity_as_username = off

## If listener.ssl.pskfile is enabled VerneMQ supports TLS connection based on
## pre-shared keys (PSK).
## The option can be specified either for all SSL listeners or for
## a specific listener.
## - listener.ssl.psk_support
## or on the listener level:
## - listener.ssl.my_ssl_listener.psk_support
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.psk_support = off

## The PSK hint sent by the server to the client.
## The option can be specified either for all SSL listeners or for
## a specific listener.
## - listener.ssl.psk_identity_hint
## or on the listener level:
## - listener.ssl.my_ssl_listener.psk_identity_hint
## 
## Default: VMQ_PSK
## 
## Acceptable values:
##   - text
## listener.ssl.psk_identity_hint = VMQ_PSK

## If PSK support is enabled, the pre-shared keys must be provided as key value pairs
## seperated by a seperator (by default ":"), e.g.
## mypskidentity:mypskkey
## The key is a string (not hex-encoded). The psk file is used for all listerners.
## 
## Default: ./etc/vmq.psk
## 
## Acceptable values:
##   - the path to a file
listener.ssl.pskfile = ./etc/vmq.psk

## The pre-shared keys and the psk identity are separated by a separator.
## By default, a colon is used.
## 
## Default: :
## 
## Acceptable values:
##   - text
## listener.ssl.pskfile_separator = :

## Enable the $SYSTree Reporter.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
systree_enabled = on

## The integer number of milliseconds between updates of the $SYS subscription hierarchy,
## which provides status information about the broker. If unset, defaults to 20 seconds.
## Set to 0 to disable publishing the $SYS hierarchy completely.
## 
## Default: 20000
## 
## Acceptable values:
##   - an integer
systree_interval = 20000

## Prometheus namespace prefix
## 
## Default: vernemq_
## 
## Acceptable values:
##   - text
prometheus_namespace = vernemq_

## Enable the Graphite Reporter. Ensure to also configure a
## proper graphite.host
## 
## Default: off
## 
## Acceptable values:
##   - on or off
graphite_enabled = off

## the graphite server host name
## 
## Default: localhost
## 
## Acceptable values:
##   - text
graphite_host = localhost

## the tcp port of the graphite server
## 
## Default: 2003
## 
## Acceptable values:
##   - an integer
graphite_port = 2003

## the interval we push metrics to the graphite server in ms
## 
## Default: 20000
## 
## Acceptable values:
##   - an integer
graphite_interval = 20000

## set the prefix that is applied to all metrics reported to graphite
## 
## Default: 
## 
## Acceptable values:
##   - text
## graphite_prefix = my-prefix

## the graphite server api key, e.g. used by hostedgraphite.com
## 
## Default: 
## 
## Acceptable values:
##   - text
## graphite_api_key = My-Api-Key

## Distribution policy for shared subscriptions. Default is
## 'prefer_local' which will ensure that local subscribers will be
## used if any are available. 'local_only' will select a random local
## subscriber if any are available. 'random' will randomly choose
## between all available subscribers.
## 
## Default: prefer_local
## 
## Acceptable values:
##   - text
shared_subscription_policy = prefer_local

## plugins.<plugin> enables/disables a plugin.
## Plugin specific settings are set via the plugin itself, i.e., to
## set the 'file' setting for the myplugin plugin, add a line like:
## myplugin.file = /path/to/file
## 
## Acceptable values:
##   - on or off
## plugins.name = on

## plugins.<name>.path defines the location of the plugin
## associated with <name>. This is needed for plugins that are not
## shipped with VerneMQ.
## 
## Acceptable values:
##   - the path to a directory
## plugins.mypluginname.path = /path/to/myplugin

## plugins.<name>.priority defines the load order of the
## plugins. Plugins are loaded by priority. If no priority is given
## the load order is undefined. Prioritized plugins will always be
## loaded before plugins with no defined priority.
## 
## Acceptable values:
##   - an integer
## plugins.mypluginname.priority = 5

## File based authentication plugin.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
plugins.vmq_passwd = on

## File based authorization plugin.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
plugins.vmq_acl = on

## Lua based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_diversity = off

## Webhook based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_webhooks = off

## The VerneMQ bridge plugin.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_bridge = off

## Limits the maximum topic depth
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
topic_max_depth = 10

## Specifies the metadata plugin that is used for storing and replicating
## VerneMQ metadata objects such as MQTT subscriptions and retained messages.
## The default is kept at `vmq_plumtree` for compatibility with existing deployments.
## For new cluster deployments, the recommendation is to use 'vmq_swc' from the
## beginning. Note that the 2 protocols are not compatible, so clusters can't be
## mixed.
## 
## Default: vmq_swc
## 
## Acceptable values:
##   - one of: vmq_plumtree, vmq_swc
metadata_plugin = vmq_swc

## Set the path to an access control list file.
## 
## Default: ./etc/vmq.acl
## 
## Acceptable values:
##   - the path to a file
vmq_acl.acl_file = ./etc/vmq.acl

## set the acl reload interval in seconds, the value 0 disables
## the automatic reloading of the acl file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_acl.acl_reload_interval = 10

## Set the path to a password file.
## 
## Default: ./etc/vmq.passwd
## 
## Acceptable values:
##   - the path to a file
vmq_passwd.password_file = ./etc/vmq.passwd

## set the password reload interval in seconds, the value 0
## disables the automatic reloading of the password file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_passwd.password_reload_interval = 10

## Configure the vmq_diversity plugin script dir. The script dir
## is searched for Lua scripts which are automatically loaded when the
## plugin is enabled.
## 
## Default: ./share/lua
## 
## Acceptable values:
##   - the path to a directory
vmq_diversity.script_dir = ./share/lua

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_postgres.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.host = localhost

## 
## Default: 5432
## 
## Acceptable values:
##   - an integer
## vmq_diversity.postgres.port = 5432

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.database = vernemq_db

## Specify if the postgresql driver should use TLS or not.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.postgres.ssl = off

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.keyfile = ./etc/keyfile.pem

## Allow the plugin to open SSL connections to remote DB with wildcard certs
## 
## Default: https
## 
## Acceptable values:
##   - one of: https
## vmq_diversity.postgres.ssl.customize_hostname_check = on

## Whether the client verifies the server cert or not.
## Use "verify_peer" in production.
## 
## Default: verify_peer
## 
## Acceptable values:
##   - one of: verify_none, verify_peer
vmq_diversity.postgres.ssl.verify = verify_peer

## Whether to use the System CAs (public_key:cacerts_get/0).
## Can be used as an alternative to provide a CAcertfile
## 
## Default: on
## 
## Acceptable values:
##   - on or off
vmq_diversity.postgres.ssl.use_system_cas = on

## The password hashing method to use in PostgreSQL:
## 
## Default: crypt
## 
## Acceptable values:
##   - one of: crypt, bcrypt
vmq_diversity.postgres.password_hash_method = crypt

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_cockroachdb.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.host = localhost

## 
## Default: 5432
## 
## Acceptable values:
##   - an integer
## vmq_diversity.cockroachdb.port = 5432

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.database = vernemq_db

## Specify if the cockroachdb driver should use TLS or not.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
vmq_diversity.cockroachdb.ssl = on

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.keyfile = ./etc/keyfile.pem

## Allow the plugin to open SSL connections to remote DB with wildcard certs
## 
## Default: https
## 
## Acceptable values:
##   - one of: https
## vmq_diversity.cockroachdb.ssl.customize_hostname_check = on

## Whether the client verifies the server cert or not.
## Use "verify_peer" in production.
## 
## Default: verify_peer
## 
## Acceptable values:
##   - one of: verify_none, verify_peer
vmq_diversity.cockroachdb.ssl.verify = verify_peer

## Whether to use the System CAs (public_key:cacerts_get/0).
## Can be used as an alternative to provide a CAcertfile
## 
## Default: on
## 
## Acceptable values:
##   - on or off
vmq_diversity.cockroachdb.ssl.use_system_cas = on

## The password hashing method to use in CockroachDB:
## 
## Default: bcrypt
## 
## Acceptable values:
##   - one of: sha256, bcrypt
vmq_diversity.cockroachdb.password_hash_method = bcrypt

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_mysql.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.host = localhost

## 
## Default: 3306
## 
## Acceptable values:
##   - an integer
## vmq_diversity.mysql.port = 3306

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.database = vernemq_db

## The password hashing method to use in MySQL:
## password: Default for compatibility, deprecated since MySQL 5.7.6 and not
## usable with MySQL 8.0.11+.
## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password
## md5: Calculates an MD5 128-bit checksum of the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5
## sha1: Calculates the SHA-1 160-bit checksum for the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1
## sha256: Calculates the SHA-2 hash of the password, using 256 bits.
## Works only if MySQL has been configured with SSL support.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
## 
## Default: password
## 
## Acceptable values:
##   - one of: password, md5, sha1, sha256
vmq_diversity.mysql.password_hash_method = password

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_mongodb.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.host = localhost

## 
## Default: 27017
## 
## Acceptable values:
##   - an integer
## vmq_diversity.mongodb.port = 27017

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.login = 

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.password = 

## 
## Default: admin
## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.auth_source = 

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.database = 

## Specify if the mongodb driver should use TLS or not.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.mongodb.ssl = off

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.keyfile = ./etc/keyfile.pem

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_redis.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.host = localhost

## 
## Default: 6379
## 
## Acceptable values:
##   - an integer
## vmq_diversity.redis.port = 6379

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.password = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.user = 

## 
## Default: 0
## 
## Acceptable values:
##   - an integer
## vmq_diversity.redis.database = 0

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.memcache.host = localhost

## 
## Default: 11211
## 
## Acceptable values:
##   - an integer
## vmq_diversity.memcache.port = 11211

## vmq_diversity.<name>.file = <file> loads a specific lua
## script when `vmq_diversity` starts. The scripts are loaded in the
## order defined by the names given, i.e., the script with <name>
## 'script1' is started before the plugin with <name> 'script2'.
## Scripts loaded like this are loaded after the scripts in the
## default script dir.
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.script1.file = path/to/my/script.lua

## The pool_size specifies how many bcrypt port operations are
## allowed concurrently. The value `auto` will try to detect all
## logical cpus and set the pool size to that number minus 1.
## If the number of logical cpus cannot be detected, a value of 1 is used.
## 
## Default: 1
## 
## Acceptable values:
##   - an integer
##   - one of: auto
vmq_bcrypt.pool_size = 1

## The pool_size specifies how many bcrypt NIF operations are
## allowed concurrently. The value `auto` will try to detect all
## logical cpus and set the pool size to that number minus 1.
## If the number of logical cpus cannot be detected, a value of 1 is used.
## 
## Default: 4
## 
## Acceptable values:
##   - an integer
##   - one of: auto
vmq_bcrypt.nif_pool_size = 4

## Specifies the max workers to overflow of the bcrypt NIF program pool.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_bcrypt.nif_pool_max_overflow = 10

## Specifies the number of bcrypt log rounds, defining the hashing complexity.
## 
## Default: 12
## 
## Acceptable values:
##   - an integer
vmq_bcrypt.default_log_rounds = 12

## Specify where bcrypt is called as an Erlang port or NIF
## 
## Default: port
## 
## Acceptable values:
##   - one of: nif, port
vmq_bcrypt.mechanism = port

## To configure and register a webhook a hook and an endpoint
## need to be configured and this is achieved by associating both with
## a name. vmq_webhooks.<name>.hook = <hook> associates the hook
## <hook> with the name <name>. Webhooks are registered in the order
## of the name given to it. Therefore a webhook with name 'webhook1'
## is registered before a webhook with the name 'webhook2'.
## 
## Acceptable values:
##   - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_session_expired, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5
## vmq_webhooks.webhook1.hook = auth_on_register

## Associate an endpoint with a name.
## 
## Acceptable values:
##   - text
## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints

## Configure TLS version for HTTPS webhook calls
## HTTPS webhooks.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## vmq_webhooks.tls_version = tlsv1.2

## Specify the address and port of the bridge to connect to. Several
## bridges can configured by using different bridge names (e.g. br0). If the
## connection supports SSL encryption bridge.ssl.<name> can be used.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0 = 127.0.0.1:1889

## Set the clean session option for the bridge. By default this is disabled,
## which means that all subscriptions on the remote broker are kept in case of
## the network connection dropping. If enabled, all subscriptions and messages
## on the remote broker will be cleaned up if the connection drops.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.cleansession = off

## Set the client id for this bridge connection. If not defined, this
## defaults to 'name.hostname', where name is the connection name and hostname
## is the hostname of this computer.
## 
## Default: auto
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.client_id = auto

## Set the number of seconds after which the bridge should send a ping if
## no other traffic has occurred.
## 
## Default: 60
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.keepalive_interval = 60

## Set the persistent queue option for this bridge. By default this is off,
## meaning the queued messages are stored in memory only. If set to on,
## queued messages will be stored persistently on disk. If you're using
## persistency, make sure to configure the queue_dir option.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.persistent_queue = off

## Set the directory where queued messages for this bridge will be stored, if persistent_queue is set to on.
## It is recommended to set this to a unique directory. If you're using multiple persistent bridge instances,
## then omitting this option can lead to serious problems.
## 
## Acceptable values:
##   - the path to a directory
## vmq_bridge.tcp.br0.queue_dir = /qdata/br0

## Configure a username for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. See also the password option.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.username = my_remote_user

## Configure a password for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. This option is only valid if a username
## is also supplied.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.password = my_remote_password

## Configure segment size (in Bytes) for the persistent queue.
## 
## Default: 4KB
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
## vmq_bridge.tcp.br0.segment_size = 4KB

## Number of messages that will be read from Queue and published at once.
## Only after the entire batch has been completed (e.g. all messages were pubacked if QoS 1),
## will the next batch be read. Set this to a lower setting if  you encounter bandwidth problems.
## 
## Default: 100
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.outgoing_batch_size = 100

## Define one or more topic pattern to be shared between the two brokers.
## Any topics matching the pattern (including wildcards) are shared.
## The following format is used:
## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]
## [ out | in | both ]: specifies that this bridge exports messages (out), imports
## messages (in) or shared in both directions (both). If undefined we default to
## export (out).
## qos-level: specifies the publish/subscribe QoS level used for this
## toppic. If undefined we default to QoS 0.
## local-prefix and remote-prefix: For incoming topics, the bridge
## will prepend the pattern with the remote prefix and subscribe to
## the resulting topic on the remote broker.  When a matching
## incoming message is received, the remote prefix will be removed
## from the topic and then the local prefix added.
## For outgoing topics, the bridge will prepend the pattern with the
## local prefix and subscribe to the resulting topic on the local
## broker. When an outgoing message is processed, the local prefix
## will be removed from the topic then the remote prefix added.
## For shared subscriptions topic prefixes are applied only to the
## topic part of the subscription.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.topic.1 = topic

## Set the amount of time a bridge using the automatic start type will wait
## until attempting to reconnect. Defaults to 30 seconds.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.restart_timeout = 10

## If try_private is enabled, the bridge will attempt to indicate to the
## remote broker that it is a bridge not an ordinary client.
## Note that loop detection for bridges is not yet implemented.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.try_private = on

## Set the MQTT protocol version to be used by the bridge.
## 
## Default: 3
## 
## Acceptable values:
##   - one of: 3, 4
## vmq_bridge.tcp.br0.mqtt_version = on

## Maximum number of outgoing messages the bridge will buffer
## while not connected to the remote broker. Messages published while
## the buffer is full are dropped. A value of 0 means buffering is
## disabled.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0

## Percentage of max_outgoing_buffered_messages that will be used for the pubrel queue.
## The pubrel queue is only relevant, when bridging topics with QoS 2. In that case it is highly recommended,
## to set this option. Allowed values: 0-100, e.g. value of 10 means 10%.
## If this is set to 0, the pubrel queue will be disabled (default).
## Caution: the segment_size should not be bigger than max_outgoing_buffered_messages * (pubrel_queue_ratio/100).
## 
## Default: 0%
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.pubrel_queue_ratio = 10%

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.cafile = ./etc/cacerts.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.keyfile = ./etc/key.pem

## When using certificate based TLS, the bridge will attempt to verify the
## hostname provided in the remote certificate matches the host/address being
## connected to. This may cause problems in testing scenarios, so this option
## may be enabled to disable the hostname verification.
## Setting this option to true means that a malicious third party could
## potentially inpersonate your server, so it should always be disabled in
## production environments.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.ssl.sbr0.insecure = off

## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
## used for this bridge.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2

## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the identity used.
## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.identity = 

## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the shared secret used in hexadecimal
## format without leading '0x'.
## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.psk = 

## Allow the bridge to open SSL connections to remote broker with wildcard certs
## 
## Default: https
## 
## Acceptable values:
##   - one of: https
## vmq_bridge.ssl.name.customize_hostname_check = on

## Specifies the auth method used after the API call has been authenticated
## /authorized by the endpoint. The only possible values is "on-behalf-of" and
## "predefined"
## If you specify "on-behalf-of" every HTTP call needs to provide a client-id,
## a username and a password. Those are only used to authenticated/authorize
## the request. They have no impact on any client with the same id already
## connected. You should anyway consider using  dedicated users and clients for
## HTTP calls.
## It is possible to set the app_auth setting on each listener.
## listener.https.$name$.http_modules.vmq_http_pub.app_auth
## listener.http.$name$.http_modules.vmq_http_pub.app_auth
## Using HTTP is not recommended.
## 
## Default: on-behalf-of
## 
## Acceptable values:
##   - text
## vmq_http_pub.mqtt_auth.mode = on-behalf-of

## 
## Default: mqtt
## 
## Acceptable values:
##   - text
## vmq_http_pub.mqtt_auth.auth_plugin = mqtt

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_web_ui.admin.auth = password

## 
## Default: admin
## 
## Acceptable values:
##   - text
## vmq_web_ui.admin.user_name = admin

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_web_ui.admin.user_pwd = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_web_ui.mgmt_api.key = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_web_ui.mgmt_api.port = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_web_ui.mgmt_api.scheme = 

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_web_ui.file_access.allow_read = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_web_ui.file_access.allow_write = off

## Where to emit the default log messages (typically at 'info'
## severity):
## off: disabled
## file: the file specified by log.console.file
## console: to standard output (seen when using `vmq attach-direct`)
## both: log.console.file and standard out.
## 
## Default: file
## 
## Acceptable values:
##   - one of: off, file, console, both
log.console = file

## The severity level of the console log, default is 'info'.
## 
## Default: info
## 
## Acceptable values:
##   - one of: debug, info, notice, warning, error, critical, alert, emergency
log.console.level = info

## When 'log.console' is set to 'file' or 'both', the file where
## console messages will be logged.
## 
## Default: ./log/console.log
## 
## Acceptable values:
##   - the path to a file
log.console.file = ./log/console.log

## Logger format for console logging to standard output: text or json. Default text)
## 
## Default: text
## 
## Acceptable values:
##   - one of: text, json
log.console.console.format = text

## Logger format for console logging to file: text or json. Default text)
## 
## Default: text
## 
## Acceptable values:
##   - one of: text, json
log.console.file.format = text

## Maximum size of the console log in bytes, before it is rotated
## 
## Default: infinity
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
##   - the text "infinity"
log.console.rotation.size = infinity

## The number of rotated console logs to keep. When set to
## '0', only the current open log file is kept. This setting is only
## considered if log.error.rotation.size is different than "infinity".
## 
## Default: 5
## 
## Acceptable values:
##   - an integer
log.console.rotation.keep = 5

## Should rotated console log file archives be compressed (default off)
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.console.rotation.compress_on_rotate = off

## Disables are enables the dedicated error logger
## 
## Default: on
## 
## Acceptable values:
##   - on or off
log.error = on

## The file where error messages will be logged.
## 
## Default: ./log/error.log
## 
## Acceptable values:
##   - the path to a file
log.error.file = ./log/error.log

## Logger format: text or json. Default text)
## 
## Default: text
## 
## Acceptable values:
##   - one of: text, json
log.error.file.format = text

## Maximum size of the error log in bytes, before it is rotated
## 
## Default: infinity
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
##   - the text "infinity"
log.error.rotation.size = infinity

## The number of rotated error logs to keep. When set to
## '0', only the current open log file is kept. This setting is only
## considered if log.error.rotation.size is different than "infinity".
## 
## Default: 5
## 
## Acceptable values:
##   - an integer
log.error.rotation.keep = 5

## Should rotated log file archives be compressed (default off)
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.error.rotation.compress_on_rotate = off

## Disables are enables the dedicated crash logger. Crash logs are also written
## to the error log, so this logger is disabled by default.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.crash = off

## The file where crash messages will be logged.
## 
## Default: ./log/crash.log
## 
## Acceptable values:
##   - the path to a file
log.crash.file = ./log/crash.log

## Maximum size of the crash log in bytes, before it is rotated
## 
## Default: infinity
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
##   - the text "infinity"
log.crash.rotation.size = infinity

## The number of rotated crash logs to keep. When set to
## '0', only the current open log file is kept.
## 
## Default: 5
## 
## Acceptable values:
##   - an integer
log.crash.rotation.keep = 5

## Should rotated log file archives be compressed (default off)
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.crash.rotation.compress_on_rotate = off

## Disables are enables the dedicated sasl logger. Crash logs are also written
## to the error log, so this logger is disabled by default.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.sasl = off

## The file where sasl messages will be logged.
## 
## Default: ./log/sasl.log
## 
## Acceptable values:
##   - the path to a file
log.sasl.file = ./log/sasl.log

## Maximum size of the crash log in bytes, before it is rotated
## 
## Default: infinity
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
##   - the text "infinity"
log.sasl.rotation.size = infinity

## The number of rotated crash logs to keep. When set to
## '0', only the current open log file is kept.
## 
## Default: 5
## 
## Acceptable values:
##   - an integer
log.sasl.rotation.keep = 5

## Should rotated log file archives be compressed (default off)
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.sasl.rotation.compress_on_rotate = off

## When set to 'on', enables log output to syslog.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.syslog = off

## Name of the Erlang node
## Default: VerneMQ@127.0.0.1
## Acceptable values:
## - text
## 
## Default: VerneMQ@127.0.0.1
## 
## Acceptable values:
##   - text
nodename = VerneMQ@127.0.0.1

## Cookie for distributed node communication.  All nodes in the
## same cluster should use the same cookie or they will not be able to
## communicate.
## IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT!
## 
## Default: vmq
## 
## Acceptable values:
##   - text
distributed_cookie = vmq

## Sets the number of threads in async thread pool, valid range
## is 0-1024. If thread support is available, the default is 64.
## More information at: http://erlang.org/doc/man/erl.html
## 
## Default: 64
## 
## Acceptable values:
##   - an integer
erlang.async_threads = 64

## The number of concurrent ports/sockets
## Valid range is 1024-134217727
## 
## Default: 262144
## 
## Acceptable values:
##   - an integer
erlang.max_ports = 262144

## Set scheduler forced wakeup interval. All run queues will be
## scanned each Interval milliseconds. While there are sleeping
## schedulers in the system, one scheduler will be woken for each
## non-empty run queue found. An Interval of zero disables this
## feature, which also is the default.
## This feature is a workaround for lengthy executing native code, and
## native code that do not bump reductions properly.
## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
## 
## Acceptable values:
##   - an integer
## erlang.schedulers.force_wakeup_interval = 500

## Enable or disable scheduler compaction of load. By default
## scheduler compaction of load is enabled. When enabled, load
## balancing will strive for a load distribution which causes as many
## scheduler threads as possible to be fully loaded (i.e., not run out
## of work). This is accomplished by migrating load (e.g. runnable
## processes) into a smaller set of schedulers when schedulers
## frequently run out of work. When disabled, the frequency with which
## schedulers run out of work will not be taken into account by the
## load balancing logic.
## More information: http://www.erlang.org/doc/man/erl.html#+scl
## 
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.compaction_of_load = false

## Enable or disable scheduler utilization balancing of load. By
## default scheduler utilization balancing is disabled and instead
## scheduler compaction of load is enabled which will strive for a
## load distribution which causes as many scheduler threads as
## possible to be fully loaded (i.e., not run out of work). When
## scheduler utilization balancing is enabled the system will instead
## try to balance scheduler utilization between schedulers. That is,
## strive for equal scheduler utilization on all schedulers.
## More information: http://www.erlang.org/doc/man/erl.html#+sub
## 
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.utilization_balancing = true

## This parameter defines the percentage of total server memory
## to assign to LevelDB. LevelDB will dynamically adjust its internal
## cache sizes to stay within this size.  The memory size can
## alternately be assigned as a byte count via leveldb.maximum_memory
## instead.
## 
## Default: 70
## 
## Acceptable values:
##   - an integer
leveldb.maximum_memory.percent = 70

## Enables or disables the compression of data on disk.
## Enabling (default) saves disk space.  Disabling may reduce read
## latency but increase overall disk activity.  Option can be
## changed at any time, but will not impact data on disk until
## next time a file requires compaction.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
leveldb.compression = on

## Selection of compression algorithms.  snappy is
## original compression supplied for leveldb.  lz4 is new
## algorithm that compresses to similar volume but averages twice
## as fast on writes and four times as fast on reads.
## 
## Acceptable values:
##   - one of: snappy, lz4
leveldb.compression.algorithm = lz4

PreviousIntroduction NextSchema Files

Last updated 27 days ago

Was this helpful?

## Allow anonymous users to connect, default is 'off'. !!NOTE!! ## Enabling this completely disables authentication of the clients and ## should only be used for testing/development purposes or in case ## clients are authenticated by some other means. ## ## Default: off ## ## Acceptable values: ## - on or off allow_anonymous = off ## Allow new client connections even when a VerneMQ cluster is inconsistent. ## ## Default: off ## ## Acceptable values: ## - on or off allow_register_during_netsplit = off ## Allow message publishs even when a VerneMQ cluster is inconsistent. ## ## Default: off ## ## Acceptable values: ## - on or off allow_publish_during_netsplit = off ## Allow new subscriptions even when a VerneMQ cluster is inconsistent. ## ## Default: off ## ## Acceptable values: ## - on or off allow_subscribe_during_netsplit = off ## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent. ## ## Default: off ## ## Acceptable values: ## - on or off allow_unsubscribe_during_netsplit = off ## Client registrations can be either happen in a coordinated or ## uncoordinated fashion. Uncoordinated registrations are faster and ## will cause other clients with the same client-id to be eventually ## disconnected, while coordinated ensures that any other client with ## the same client-id will be immediately disconnected. ## ## Default: on ## ## Acceptable values: ## - on or off coordinate_registrations = on ## Secret to be used for crendentials obfuscation. Default is "random" which ## generates a random string. ## ## Default: random ## ## Acceptable values: ## - text logging.obfuscation_secret = random ## Client disconnect due to keepalive is by default a warning. In unstable networks ## it might be "expected" behaviour to have a lot of those warnings. This allows to ## downgrade the warning to an info message. ## ## Default: on ## ## Acceptable values: ## - on or off logging.keepalive_as_warning = on ## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message ## delivery gets no answer. ## ## Default: 20 ## ## Acceptable values: ## - an integer ## retry_interval = 20 ## Set the maximum size for client IDs. MQTT v3.1 specifies a ## limit of 23 characters ## ## Default: 100 ## ## Acceptable values: ## - an integer ## max_client_id_size = 100 ## This option allows persistent clients ( = clean session set to ## false) to be removed if they do not reconnect within 'persistent_client_expiration'. ## This is a non-standard option. As far as the MQTT specification is concerned, ## persistent clients persist forever. ## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for ## day, week, month, and year. ## ## Default: never ## ## Acceptable values: ## - text ## persistent_client_expiration = 1w ## The maximum delay for a last will message. This setting ## applies only to MQTTv5 sessions and can be used to override the ## value provided by the client. ## The delay can be either 'client' which means the value specified by ## the client is used, or an integer followed by one of 's', 'h' 'd', ## 'w', 'm', 'y' for day, week, month, and year used to cap the value ## provided by the client.. ## ## Default: client ## ## Acceptable values: ## - text ## max_last_will_delay = client ## The maximum number of QoS 1 or 2 messages that can be in the process of being ## transmitted simultaneously. This includes messages currently going through handshakes ## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set ## to 1, this will guarantee in-order delivery of messages. ## Note: for MQTT v5, use receive_max_client/receive_max_broker to implement ## similar behaviour. ## ## Default: 20 ## ## Acceptable values: ## - an integer max_inflight_messages = 20 ## The maximum number of messages to hold in the queue above ## those messages that are currently in flight. Defaults to 1000. This affects ## messages of any QoS. Set to -1 for no maximum (not recommended). ## This option allows to control how a specific client session can deal ## with message bursts. As a general rule of thumb set ## this number a bit higher than the expected message rate a single consumer is ## required to process. Note that setting this value to 0 will totally block ## delivery from any queue. ## ## Default: 1000 ## ## Acceptable values: ## - an integer max_online_messages = 1000 ## The maximum number of QoS 1 or 2 messages to hold in the offline queue. ## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0 ## if no messages should be stored offline. ## ## Default: 1000 ## ## Acceptable values: ## - an integer max_offline_messages = 1000 ## Allows a session that changes from offline to online to override the maximum ## online message count (max_online_messages). All offlines messages will be added ## to the online queue. ## ## Default: off ## ## Acceptable values: ## - on or off override_max_online_messages = off ## This option sets the maximum MQTT size that VerneMQ will ## allow. Messages that exceed this size will not be accepted by ## VerneMQ. The default value is 0, which means that all valid MQTT ## messages are accepted. MQTT imposes a maximum payload size of ## 268435455 bytes. ## ## Default: 0 ## ## Acceptable values: ## - an integer max_message_size = 0 ## If a message is published with a QoS lower than the QoS of the subscription it is ## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option. ## ## Default: off ## ## Acceptable values: ## - on or off upgrade_outgoing_qos = off ## listener.tcp.buffer_sizes is an list of three integers ## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send ## buffer, the kernel TCP receive buffer and the user-level buffer ## size in the erlang driver. ## It is recommended to have val(user-level buffer) >= val(receive ## buffer) to avoid performance issues because of unnecessary copying. ## If not set, the operating system defaults are used. ## This option can be set on the protocol level by: ## - listener.tcp.buffer_sizes ## - listener.ssl.buffer_sizes ## or on the listener level by: ## - listener.tcp.my_tcp_listener.buffer_sizes ## - listener.ssl.my_ssl_listener.buffer_sizes ## ## Acceptable values: ## - text ## listener.tcp.buffer_sizes = 4096,16384,32768 ## listener.max_connection_lifetime is an integer defining the maximum lifetime ## of MQTT connection in seconds. This option can be overridden on the protocol level by: ## - listener.tcp.max_connection_lifetime ## - listener.ssl.max_connection_lifetime ## - listener.ws.max_connection_lifetime ## - listener.wss.max_connection_lifetime ## or on the listener level by: ## - listener.tcp.my_tcp_listener.max_connection_lifetime ## - listener.ssl.my_ssl_listener.max_connection_lifetime ## - listener.ws.my_ws_listener.max_connection_lifetime ## - listener.wss.my_wss_listener. ## This is an implementation of MQTT security proposal: ## "Servers may close the Network Connection of Clients and require them to re-authenticate with new credentials." ## ## Default: 0 ## ## Acceptable values: ## - an integer listener.max_connection_lifetime = 0 ## listener.max_connections is an integer or 'infinity' defining ## the maximum number of concurrent connections. This option can be overridden ## on the protocol level by: ## - listener.tcp.max_connections ## - listener.ssl.max_connections ## - listener.ws.max_connections ## - listener.wss.max_connections ## or on the listener level by: ## - listener.tcp.my_tcp_listener.max_connections ## - listener.ssl.my_ssl_listener.max_connections ## - listener.ws.my_ws_listener.max_connections ## - listener.wss.my_wss_listener.max_connections ## ## Default: 10000 ## ## Acceptable values: ## - an integer ## - the text "infinity" listener.max_connections = 10000 ## Set the maximum frame in bytes that a WebSocket connection is allowed to ## send. If the client tries to send more in one frame, the server will disconnect it. ## ## Default: 268435456 ## ## Acceptable values: ## - an integer ## - the text "infinity" max_ws_frame_size = 268435456 ## Set the nr of acceptors waiting to concurrently accept new connections. ## This can be specified either on the protocol level: ## - listener.tcp.nr_of_acceptors ## - listener.ssl.nr_of_acceptors ## - listener.ws.nr_of_acceptors ## - listener.wss.nr_of_acceptors ## or on the listener level: ## - listener.tcp.my_tcp_listener.nr_of_acceptors ## - listener.ssl.my_ssl_listener.nr_of_acceptors ## - listener.ws.my_ws_listener.nr_of_acceptors ## - listener.wss.my_wss_listener.nr_of_acceptors ## ## Default: 10 ## ## Acceptable values: ## - an integer listener.nr_of_acceptors = 10 ## listener.tcp.<name> is an IP address and TCP port that ## the broker will bind to. You can define multiple listeners e.g: ## - listener.tcp.default = 127.0.0.1:1883 ## - listener.tcp.internal = 127.0.0.1:10883 ## - listener.tcp.my_other_listener = 127.0.0.1:10884 ## This also works for SSL listeners and WebSocket handlers: ## - listener.ssl.default = 127.0.0.1:8883 ## - listener.ws.default = 127.0.0.1:800 ## - listener.wss.default = 127.0.0.1:880 ## ## Default: 127.0.0.1:1883 ## ## Acceptable values: ## - an IP/port pair, e.g. 127.0.0.1:10011 ## - a Unix Domain Socket, e.g. local:/var/run/app.sock:0 listener.tcp.name = 127.0.0.1:1883 ## ## Acceptable values: ## - an IP/port pair, e.g. 127.0.0.1:10011 ## listener.ssl.name = 127.0.0.1:8883 ## 'listener.tcp.my_listener.allow_anonymous_override' configures whether ## this listener is allowed to override the global allow_anonymous setting. ## The setting has one single purpose: to give a listener the capability to switch off ## all authentication plugins. (that is override a global allow_anonymous=off with a per-listener allow_anonymous=on). ## Specifically, it can allow TLS listeners to disable internal authentication (using only client certificates as ## authentication) while keeping all the other MQTT listeners safe. ## global | listener | Result for listener: (on = anonymous access allowed) ## on | on | on ## off | on | on ## off | off | off ## on | off | on ## Both values are simply OR'ed together. Please note that this does not allow you to globally allow anonymous access, and ## then selectively switch off single listeners! ## - listener.tcp.my_listener.allow_anonymous_override ## - listener.ssl.my_listener.allow_anonymous_override ## Allowed values are 'on' or 'off'. The default value for an unconfigured listener will be 'off'. ## ## Default: off ## ## Acceptable values: ## - on or off listener.tcp.name.allow_anonymous_override = off ## ## Default: off ## ## Acceptable values: ## - on or off listener.ssl.name.allow_anonymous_override = off ## 'listener.tcp.allowed_protocol_versions' configures which ## protocol versions are allowed for an MQTT listener. The allowed ## protocol versions can be specified the tcp, websocket or ssl level: ## - listener.tcp.allowed_protocol_versions ## - listener.ws.allowed_protocol_versions ## - listener.wss.allowed_protocol_versions ## - listener.ssl.allowed_protocol_versions ## or for a specific listener: ## - listener.tcp.my_tcp_listener.allowed_protocol_versions ## - listener.ws.my_ws_listener.allowed_protocol_versions ## - listener.wss.my_ws_listener.allowed_protocol_versions ## - listener.ssl.my_ws_listener.allowed_protocol_versions ## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131 ## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge). ## ## Default: 3,4,5,131 ## ## Acceptable values: ## - text ## listener.tcp.allowed_protocol_versions = 3,4,5 ## listener.vmq.clustering is the IP address and TCP port that ## the broker will bind to accept connections from other cluster ## nodes e.g: ## - listener.vmq.clustering = 0.0.0.0:18883 ## This also works for SSL listeners: ## - listener.vmqs.clustering = 0.0.0.0:18884 ## ## Default: 0.0.0.0:44053 ## ## Acceptable values: ## - an IP/port pair, e.g. 127.0.0.1:10011 listener.vmq.clustering = 0.0.0.0:44053 ## listener.http.default is the IP address and TCP port that ## the broker will bind to accept HTTP connections ## - listener.http.default = 0.0.0.0:8888 ## This also works for SSL listeners: ## - listener.https.default= 0.0.0.0:8889 ## ## Default: 127.0.0.1:8888 ## ## Acceptable values: ## - an IP/port pair, e.g. 127.0.0.1:10011 listener.http.default = 127.0.0.1:8888 ## The cafile is used to define the path to a file containing ## the PEM encoded CA certificates that are trusted. Set the cafile ## on the protocol level or on the listener level: ## - listener.ssl.cafile ## - listener.wss.cafile ## or on the listener level: ## - listener.ssl.my_ssl_listener.cafile ## - listener.wss.my_wss_listener.cafile ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.ssl.cafile = ./etc/cacerts.pem ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.https.cafile = ./etc/cacerts.pem ## Set the path to the PEM encoded server certificate ## on the protocol level or on the listener level: ## - listener.ssl.certfile ## - listener.wss.certfile ## or on the listener level: ## - listener.ssl.my_ssl_listener.certfile ## - listener.wss.my_wss_listener.certfile ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.ssl.certfile = ./etc/cert.pem ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.https.certfile = ./etc/cert.pem ## Set the path to the PEM encoded key file on the protocol ## level or on the listener level: ## - listener.ssl.keyfile ## - listener.wss.keyfile ## or on the listener level: ## - listener.ssl.my_ssl_listener.keyfile ## - listener.wss.my_wss_listener.keyfile ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.ssl.keyfile = ./etc/key.pem ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.vmqs.keyfile = ./etc/key.pem ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.https.keyfile = ./etc/key.pem ## Set the list of allowed ciphers (each separated with a colon, ## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"), ## on the protocol level or on the listener level. Reasonable defaults ## are used if nothing is specified: ## - listener.ssl.ciphers ## - listener.wss.ciphers ## or on the listener level: ## - listener.ssl.my_ssl_listener.ciphers ## - listener.wss.my_wss_listener.ciphers ## ## Default: ## ## Acceptable values: ## - text ## listener.ssl.ciphers = ## ## Default: ## ## Acceptable values: ## - text ## listener.vmqs.ciphers = ## ## Default: ## ## Acceptable values: ## - text ## listener.https.ciphers = ## Set the list of allowed elliptical curves (each separated with a colon, ## e.g. "[sect571k1,secp521r1,brainpoolP512r1]"), on the protocol level or on the listener level. ## All known curves are used if nothing is specified. ## - listener.ssl.eccs ## - listener.wss.eccs ## or on the listener level: ## - listener.ssl.my_ssl_listener.eccs ## - listener.wss.my_wss_listener.eccs ## ## Default: ## ## Acceptable values: ## - text ## listener.ssl.eccs = [brainpoolP384r1, secp384r1, sect283k1] ## ## Default: ## ## Acceptable values: ## - text ## listener.vmqs.eccs = [brainpoolP384r1, secp384r1, sect283k1] ## ## Default: ## ## Acceptable values: ## - text ## listener.https.eccs = [brainpoolP384r1, secp384r1, sect283k1] ## If you have 'listener.ssl.require_certificate' set to true, ## you can create a certificate revocation list file to revoke access ## to particular client certificates. If you have done this, use crlfile ## to point to the PEM encoded revocation file. This can be done on the ## protocol level or on the listener level. ## - listener.ssl.crlfile ## - listener.wss.crlfile ## or on the listener level: ## - listener.ssl.my_ssl_listener.crlfile ## - listener.wss.my_wss_listener.crlfile ## ## Default: ## ## Acceptable values: ## - the path to a file ## listener.ssl.crlfile = ## Enable this option if you want to use SSL client certificates ## to authenticate your clients. This can be done on the protocol level ## or on the listener level. ## - listener.ssl.require_certificate ## - listener.wss.require_certificate ## or on the listener level: ## - listener.ssl.my_ssl_listener.require_certificate ## - listener.wss.my_wss_listener.require_certificate ## ## Default: off ## ## Acceptable values: ## - on or off ## listener.ssl.require_certificate = off ## ## Default: off ## ## Acceptable values: ## - on or off ## listener.vmqs.require_certificate = off ## ## Default: off ## ## Acceptable values: ## - on or off ## listener.https.require_certificate = off ## Configure the TLS protocol version (tlsv1, tlsv1.1, tlsv1.2 or tlsv1.3) to be ## used for either all configured SSL listeners or for a specific listener: ## - listener.ssl.tls_version ## - listener.wss.tls_version ## or on the listener level: ## - listener.ssl.my_ssl_listener.tls_version ## - listener.wss.my_wss_listener.tls_version ## TLSv1.3 requires OTP 23 or later. ## ## Default: tlsv1.2 ## ## Acceptable values: ## - text ## listener.ssl.tls_version = tlsv1.2 ## ## Default: tlsv1.2 ## ## Acceptable values: ## - text ## listener.vmqs.tls_version = tlsv1.2 ## ## Default: tlsv1.2 ## ## Acceptable values: ## - text ## listener.https.tls_version = tlsv1.2 ## If 'listener.ssl.require_certificate' is enabled, you may enable ## 'listener.ssl.use_identity_as_username' to use the CN value from the client ## certificate as a username. If enabled other authentication plugins are not ## considered. The option can be specified either for all SSL listeners or for ## a specific listener: ## - listener.ssl.use_identity_as_username ## - listener.wss.use_identity_as_username ## or on the listener level: ## - listener.ssl.my_ssl_listener.use_identity_as_username ## - listener.wss.my_wss_listener.use_identity_as_username ## ## Default: off ## ## Acceptable values: ## - on or off ## listener.ssl.use_identity_as_username = off ## If listener.ssl.pskfile is enabled VerneMQ supports TLS connection based on ## pre-shared keys (PSK). ## The option can be specified either for all SSL listeners or for ## a specific listener. ## - listener.ssl.psk_support ## or on the listener level: ## - listener.ssl.my_ssl_listener.psk_support ## ## Default: off ## ## Acceptable values: ## - on or off ## listener.ssl.psk_support = off ## The PSK hint sent by the server to the client. ## The option can be specified either for all SSL listeners or for ## a specific listener. ## - listener.ssl.psk_identity_hint ## or on the listener level: ## - listener.ssl.my_ssl_listener.psk_identity_hint ## ## Default: VMQ_PSK ## ## Acceptable values: ## - text ## listener.ssl.psk_identity_hint = VMQ_PSK ## If PSK support is enabled, the pre-shared keys must be provided as key value pairs ## seperated by a seperator (by default ":"), e.g. ## mypskidentity:mypskkey ## The key is a string (not hex-encoded). The psk file is used for all listerners. ## ## Default: ./etc/vmq.psk ## ## Acceptable values: ## - the path to a file listener.ssl.pskfile = ./etc/vmq.psk ## The pre-shared keys and the psk identity are separated by a separator. ## By default, a colon is used. ## ## Default: : ## ## Acceptable values: ## - text ## listener.ssl.pskfile_separator = : ## Enable the $SYSTree Reporter. ## ## Default: on ## ## Acceptable values: ## - on or off systree_enabled = on ## The integer number of milliseconds between updates of the $SYS subscription hierarchy, ## which provides status information about the broker. If unset, defaults to 20 seconds. ## Set to 0 to disable publishing the $SYS hierarchy completely. ## ## Default: 20000 ## ## Acceptable values: ## - an integer systree_interval = 20000 ## Prometheus namespace prefix ## ## Default: vernemq_ ## ## Acceptable values: ## - text prometheus_namespace = vernemq_ ## Enable the Graphite Reporter. Ensure to also configure a ## proper graphite.host ## ## Default: off ## ## Acceptable values: ## - on or off graphite_enabled = off ## the graphite server host name ## ## Default: localhost ## ## Acceptable values: ## - text graphite_host = localhost ## the tcp port of the graphite server ## ## Default: 2003 ## ## Acceptable values: ## - an integer graphite_port = 2003 ## the interval we push metrics to the graphite server in ms ## ## Default: 20000 ## ## Acceptable values: ## - an integer graphite_interval = 20000 ## set the prefix that is applied to all metrics reported to graphite ## ## Default: ## ## Acceptable values: ## - text ## graphite_prefix = my-prefix ## the graphite server api key, e.g. used by hostedgraphite.com ## ## Default: ## ## Acceptable values: ## - text ## graphite_api_key = My-Api-Key ## Distribution policy for shared subscriptions. Default is ## 'prefer_local' which will ensure that local subscribers will be ## used if any are available. 'local_only' will select a random local ## subscriber if any are available. 'random' will randomly choose ## between all available subscribers. ## ## Default: prefer_local ## ## Acceptable values: ## - text shared_subscription_policy = prefer_local ## plugins.<plugin> enables/disables a plugin. ## Plugin specific settings are set via the plugin itself, i.e., to ## set the 'file' setting for the myplugin plugin, add a line like: ## myplugin.file = /path/to/file ## ## Acceptable values: ## - on or off ## plugins.name = on ## plugins.<name>.path defines the location of the plugin ## associated with <name>. This is needed for plugins that are not ## shipped with VerneMQ. ## ## Acceptable values: ## - the path to a directory ## plugins.mypluginname.path = /path/to/myplugin ## plugins.<name>.priority defines the load order of the ## plugins. Plugins are loaded by priority. If no priority is given ## the load order is undefined. Prioritized plugins will always be ## loaded before plugins with no defined priority. ## ## Acceptable values: ## - an integer ## plugins.mypluginname.priority = 5 ## File based authentication plugin. ## ## Default: on ## ## Acceptable values: ## - on or off plugins.vmq_passwd = on ## File based authorization plugin. ## ## Default: on ## ## Acceptable values: ## - on or off plugins.vmq_acl = on ## Lua based plugins. ## ## Default: off ## ## Acceptable values: ## - on or off plugins.vmq_diversity = off ## Webhook based plugins. ## ## Default: off ## ## Acceptable values: ## - on or off plugins.vmq_webhooks = off ## The VerneMQ bridge plugin. ## ## Default: off ## ## Acceptable values: ## - on or off plugins.vmq_bridge = off ## Limits the maximum topic depth ## ## Default: 10 ## ## Acceptable values: ## - an integer topic_max_depth = 10 ## Specifies the metadata plugin that is used for storing and replicating ## VerneMQ metadata objects such as MQTT subscriptions and retained messages. ## The default is kept at `vmq_plumtree` for compatibility with existing deployments. ## For new cluster deployments, the recommendation is to use 'vmq_swc' from the ## beginning. Note that the 2 protocols are not compatible, so clusters can't be ## mixed. ## ## Default: vmq_swc ## ## Acceptable values: ## - one of: vmq_plumtree, vmq_swc metadata_plugin = vmq_swc ## Set the path to an access control list file. ## ## Default: ./etc/vmq.acl ## ## Acceptable values: ## - the path to a file vmq_acl.acl_file = ./etc/vmq.acl ## set the acl reload interval in seconds, the value 0 disables ## the automatic reloading of the acl file. ## ## Default: 10 ## ## Acceptable values: ## - an integer vmq_acl.acl_reload_interval = 10 ## Set the path to a password file. ## ## Default: ./etc/vmq.passwd ## ## Acceptable values: ## - the path to a file vmq_passwd.password_file = ./etc/vmq.passwd ## set the password reload interval in seconds, the value 0 ## disables the automatic reloading of the password file. ## ## Default: 10 ## ## Acceptable values: ## - an integer vmq_passwd.password_reload_interval = 10 ## Configure the vmq_diversity plugin script dir. The script dir ## is searched for Lua scripts which are automatically loaded when the ## plugin is enabled. ## ## Default: ./share/lua ## ## Acceptable values: ## - the path to a directory vmq_diversity.script_dir = ./share/lua ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.auth_postgres.enabled = off ## ## Default: localhost ## ## Acceptable values: ## - text ## vmq_diversity.postgres.host = localhost ## ## Default: 5432 ## ## Acceptable values: ## - an integer ## vmq_diversity.postgres.port = 5432 ## ## Default: root ## ## Acceptable values: ## - text ## vmq_diversity.postgres.user = root ## ## Default: password ## ## Acceptable values: ## - text ## vmq_diversity.postgres.password = password ## ## Default: vernemq_db ## ## Acceptable values: ## - text ## vmq_diversity.postgres.database = vernemq_db ## Specify if the postgresql driver should use TLS or not. ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.postgres.ssl = off ## The cafile is used to define the path to a file containing ## the PEM encoded CA certificates that are trusted. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.postgres.cafile = ./etc/cafile.pem ## Set the path to the PEM encoded server certificate. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.postgres.certfile = ./etc/cert.pem ## Set the path to the PEM encoded key file. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.postgres.keyfile = ./etc/keyfile.pem ## Allow the plugin to open SSL connections to remote DB with wildcard certs ## ## Default: https ## ## Acceptable values: ## - one of: https ## vmq_diversity.postgres.ssl.customize_hostname_check = on ## Whether the client verifies the server cert or not. ## Use "verify_peer" in production. ## ## Default: verify_peer ## ## Acceptable values: ## - one of: verify_none, verify_peer vmq_diversity.postgres.ssl.verify = verify_peer ## Whether to use the System CAs (public_key:cacerts_get/0). ## Can be used as an alternative to provide a CAcertfile ## ## Default: on ## ## Acceptable values: ## - on or off vmq_diversity.postgres.ssl.use_system_cas = on ## The password hashing method to use in PostgreSQL: ## ## Default: crypt ## ## Acceptable values: ## - one of: crypt, bcrypt vmq_diversity.postgres.password_hash_method = crypt ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.auth_cockroachdb.enabled = off ## ## Default: localhost ## ## Acceptable values: ## - text ## vmq_diversity.cockroachdb.host = localhost ## ## Default: 5432 ## ## Acceptable values: ## - an integer ## vmq_diversity.cockroachdb.port = 5432 ## ## Default: root ## ## Acceptable values: ## - text ## vmq_diversity.cockroachdb.user = root ## ## Default: password ## ## Acceptable values: ## - text ## vmq_diversity.cockroachdb.password = password ## ## Default: vernemq_db ## ## Acceptable values: ## - text ## vmq_diversity.cockroachdb.database = vernemq_db ## Specify if the cockroachdb driver should use TLS or not. ## ## Default: on ## ## Acceptable values: ## - on or off vmq_diversity.cockroachdb.ssl = on ## The cafile is used to define the path to a file containing ## the PEM encoded CA certificates that are trusted. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.cockroachdb.cafile = ./etc/cafile.pem ## Set the path to the PEM encoded server certificate. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.cockroachdb.certfile = ./etc/cert.pem ## Set the path to the PEM encoded key file. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.cockroachdb.keyfile = ./etc/keyfile.pem ## Allow the plugin to open SSL connections to remote DB with wildcard certs ## ## Default: https ## ## Acceptable values: ## - one of: https ## vmq_diversity.cockroachdb.ssl.customize_hostname_check = on ## Whether the client verifies the server cert or not. ## Use "verify_peer" in production. ## ## Default: verify_peer ## ## Acceptable values: ## - one of: verify_none, verify_peer vmq_diversity.cockroachdb.ssl.verify = verify_peer ## Whether to use the System CAs (public_key:cacerts_get/0). ## Can be used as an alternative to provide a CAcertfile ## ## Default: on ## ## Acceptable values: ## - on or off vmq_diversity.cockroachdb.ssl.use_system_cas = on ## The password hashing method to use in CockroachDB: ## ## Default: bcrypt ## ## Acceptable values: ## - one of: sha256, bcrypt vmq_diversity.cockroachdb.password_hash_method = bcrypt ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.auth_mysql.enabled = off ## ## Default: localhost ## ## Acceptable values: ## - text ## vmq_diversity.mysql.host = localhost ## ## Default: 3306 ## ## Acceptable values: ## - an integer ## vmq_diversity.mysql.port = 3306 ## ## Default: root ## ## Acceptable values: ## - text ## vmq_diversity.mysql.user = root ## ## Default: password ## ## Acceptable values: ## - text ## vmq_diversity.mysql.password = password ## ## Default: vernemq_db ## ## Acceptable values: ## - text ## vmq_diversity.mysql.database = vernemq_db ## The password hashing method to use in MySQL: ## password: Default for compatibility, deprecated since MySQL 5.7.6 and not ## usable with MySQL 8.0.11+. ## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password ## md5: Calculates an MD5 128-bit checksum of the password. ## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5 ## sha1: Calculates the SHA-1 160-bit checksum for the password. ## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1 ## sha256: Calculates the SHA-2 hash of the password, using 256 bits. ## Works only if MySQL has been configured with SSL support. ## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2 ## ## Default: password ## ## Acceptable values: ## - one of: password, md5, sha1, sha256 vmq_diversity.mysql.password_hash_method = password ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.auth_mongodb.enabled = off ## ## Default: localhost ## ## Acceptable values: ## - text ## vmq_diversity.mongodb.host = localhost ## ## Default: 27017 ## ## Acceptable values: ## - an integer ## vmq_diversity.mongodb.port = 27017 ## ## Acceptable values: ## - text ## vmq_diversity.mongodb.login = ## ## Acceptable values: ## - text ## vmq_diversity.mongodb.password = ## ## Default: admin ## ## Acceptable values: ## - text ## vmq_diversity.mongodb.auth_source = ## ## Acceptable values: ## - text ## vmq_diversity.mongodb.database = ## Specify if the mongodb driver should use TLS or not. ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.mongodb.ssl = off ## The cafile is used to define the path to a file containing ## the PEM encoded CA certificates that are trusted. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.mongodb.cafile = ./etc/cafile.pem ## Set the path to the PEM encoded server certificate. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.mongodb.certfile = ./etc/cert.pem ## Set the path to the PEM encoded key file. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_diversity.mongodb.keyfile = ./etc/keyfile.pem ## ## Default: off ## ## Acceptable values: ## - on or off vmq_diversity.auth_redis.enabled = off ## ## Default: localhost ## ## Acceptable values: ## - text ## vmq_diversity.redis.host = localhost ## ## Default: 6379 ## ## Acceptable values: ## - an integer ## vmq_diversity.redis.port = 6379 ## ## Default: ## ## Acceptable values: ## - text ## vmq_diversity.redis.password = ## ## Default: ## ## Acceptable values: ## - text ## vmq_diversity.redis.user = ## ## Default: 0 ## ## Acceptable values: ## - an integer ## vmq_diversity.redis.database = 0 ## ## Default: localhost ## ## Acceptable values: ## - text ## vmq_diversity.memcache.host = localhost ## ## Default: 11211 ## ## Acceptable values: ## - an integer ## vmq_diversity.memcache.port = 11211 ## vmq_diversity.<name>.file = <file> loads a specific lua ## script when `vmq_diversity` starts. The scripts are loaded in the ## order defined by the names given, i.e., the script with <name> ## 'script1' is started before the plugin with <name> 'script2'. ## Scripts loaded like this are loaded after the scripts in the ## default script dir. ## ## Acceptable values: ## - the path to a file ## vmq_diversity.script1.file = path/to/my/script.lua ## The pool_size specifies how many bcrypt port operations are ## allowed concurrently. The value `auto` will try to detect all ## logical cpus and set the pool size to that number minus 1. ## If the number of logical cpus cannot be detected, a value of 1 is used. ## ## Default: 1 ## ## Acceptable values: ## - an integer ## - one of: auto vmq_bcrypt.pool_size = 1 ## The pool_size specifies how many bcrypt NIF operations are ## allowed concurrently. The value `auto` will try to detect all ## logical cpus and set the pool size to that number minus 1. ## If the number of logical cpus cannot be detected, a value of 1 is used. ## ## Default: 4 ## ## Acceptable values: ## - an integer ## - one of: auto vmq_bcrypt.nif_pool_size = 4 ## Specifies the max workers to overflow of the bcrypt NIF program pool. ## ## Default: 10 ## ## Acceptable values: ## - an integer vmq_bcrypt.nif_pool_max_overflow = 10 ## Specifies the number of bcrypt log rounds, defining the hashing complexity. ## ## Default: 12 ## ## Acceptable values: ## - an integer vmq_bcrypt.default_log_rounds = 12 ## Specify where bcrypt is called as an Erlang port or NIF ## ## Default: port ## ## Acceptable values: ## - one of: nif, port vmq_bcrypt.mechanism = port ## To configure and register a webhook a hook and an endpoint ## need to be configured and this is achieved by associating both with ## a name. vmq_webhooks.<name>.hook = <hook> associates the hook ## <hook> with the name <name>. Webhooks are registered in the order ## of the name given to it. Therefore a webhook with name 'webhook1' ## is registered before a webhook with the name 'webhook2'. ## ## Acceptable values: ## - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_session_expired, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5 ## vmq_webhooks.webhook1.hook = auth_on_register ## Associate an endpoint with a name. ## ## Acceptable values: ## - text ## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints ## Configure TLS version for HTTPS webhook calls ## HTTPS webhooks. ## ## Default: tlsv1.2 ## ## Acceptable values: ## - text ## vmq_webhooks.tls_version = tlsv1.2 ## Specify the address and port of the bridge to connect to. Several ## bridges can configured by using different bridge names (e.g. br0). If the ## connection supports SSL encryption bridge.ssl.<name> can be used. ## ## Acceptable values: ## - text ## vmq_bridge.tcp.br0 = 127.0.0.1:1889 ## Set the clean session option for the bridge. By default this is disabled, ## which means that all subscriptions on the remote broker are kept in case of ## the network connection dropping. If enabled, all subscriptions and messages ## on the remote broker will be cleaned up if the connection drops. ## ## Default: off ## ## Acceptable values: ## - on or off ## vmq_bridge.tcp.br0.cleansession = off ## Set the client id for this bridge connection. If not defined, this ## defaults to 'name.hostname', where name is the connection name and hostname ## is the hostname of this computer. ## ## Default: auto ## ## Acceptable values: ## - text ## vmq_bridge.tcp.br0.client_id = auto ## Set the number of seconds after which the bridge should send a ping if ## no other traffic has occurred. ## ## Default: 60 ## ## Acceptable values: ## - an integer ## vmq_bridge.tcp.br0.keepalive_interval = 60 ## Set the persistent queue option for this bridge. By default this is off, ## meaning the queued messages are stored in memory only. If set to on, ## queued messages will be stored persistently on disk. If you're using ## persistency, make sure to configure the queue_dir option. ## ## Default: off ## ## Acceptable values: ## - on or off ## vmq_bridge.tcp.br0.persistent_queue = off ## Set the directory where queued messages for this bridge will be stored, if persistent_queue is set to on. ## It is recommended to set this to a unique directory. If you're using multiple persistent bridge instances, ## then omitting this option can lead to serious problems. ## ## Acceptable values: ## - the path to a directory ## vmq_bridge.tcp.br0.queue_dir = /qdata/br0 ## Configure a username for the bridge. This is used for authentication ## purposes when connecting to a broker that support MQTT v3.1 and requires a ## username and/or password to connect. See also the password option. ## ## Acceptable values: ## - text ## vmq_bridge.tcp.br0.username = my_remote_user ## Configure a password for the bridge. This is used for authentication ## purposes when connecting to a broker that support MQTT v3.1 and requires a ## username and/or password to connect. This option is only valid if a username ## is also supplied. ## ## Acceptable values: ## - text ## vmq_bridge.tcp.br0.password = my_remote_password ## Configure segment size (in Bytes) for the persistent queue. ## ## Default: 4KB ## ## Acceptable values: ## - a byte size with units, e.g. 10GB ## vmq_bridge.tcp.br0.segment_size = 4KB ## Number of messages that will be read from Queue and published at once. ## Only after the entire batch has been completed (e.g. all messages were pubacked if QoS 1), ## will the next batch be read. Set this to a lower setting if you encounter bandwidth problems. ## ## Default: 100 ## ## Acceptable values: ## - an integer ## vmq_bridge.tcp.br0.outgoing_batch_size = 100 ## Define one or more topic pattern to be shared between the two brokers. ## Any topics matching the pattern (including wildcards) are shared. ## The following format is used: ## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix] ## [ out | in | both ]: specifies that this bridge exports messages (out), imports ## messages (in) or shared in both directions (both). If undefined we default to ## export (out). ## qos-level: specifies the publish/subscribe QoS level used for this ## toppic. If undefined we default to QoS 0. ## local-prefix and remote-prefix: For incoming topics, the bridge ## will prepend the pattern with the remote prefix and subscribe to ## the resulting topic on the remote broker. When a matching ## incoming message is received, the remote prefix will be removed ## from the topic and then the local prefix added. ## For outgoing topics, the bridge will prepend the pattern with the ## local prefix and subscribe to the resulting topic on the local ## broker. When an outgoing message is processed, the local prefix ## will be removed from the topic then the remote prefix added. ## For shared subscriptions topic prefixes are applied only to the ## topic part of the subscription. ## ## Acceptable values: ## - text ## vmq_bridge.tcp.br0.topic.1 = topic ## Set the amount of time a bridge using the automatic start type will wait ## until attempting to reconnect. Defaults to 30 seconds. ## ## Default: 10 ## ## Acceptable values: ## - an integer ## vmq_bridge.tcp.br0.restart_timeout = 10 ## If try_private is enabled, the bridge will attempt to indicate to the ## remote broker that it is a bridge not an ordinary client. ## Note that loop detection for bridges is not yet implemented. ## ## Default: on ## ## Acceptable values: ## - on or off ## vmq_bridge.tcp.br0.try_private = on ## Set the MQTT protocol version to be used by the bridge. ## ## Default: 3 ## ## Acceptable values: ## - one of: 3, 4 ## vmq_bridge.tcp.br0.mqtt_version = on ## Maximum number of outgoing messages the bridge will buffer ## while not connected to the remote broker. Messages published while ## the buffer is full are dropped. A value of 0 means buffering is ## disabled. ## ## Default: 0 ## ## Acceptable values: ## - an integer ## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0 ## Percentage of max_outgoing_buffered_messages that will be used for the pubrel queue. ## The pubrel queue is only relevant, when bridging topics with QoS 2. In that case it is highly recommended, ## to set this option. Allowed values: 0-100, e.g. value of 10 means 10%. ## If this is set to 0, the pubrel queue will be disabled (default). ## Caution: the segment_size should not be bigger than max_outgoing_buffered_messages * (pubrel_queue_ratio/100). ## ## Default: 0% ## ## Acceptable values: ## - text ## vmq_bridge.tcp.br0.pubrel_queue_ratio = 10% ## The cafile is used to define the path to a file containing ## the PEM encoded CA certificates that are trusted. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_bridge.ssl.sbr0.cafile = ./etc/cacerts.pem ## Set the path to the PEM encoded server certificate. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_bridge.ssl.sbr0.certfile = ./etc/cert.pem ## Set the path to the PEM encoded key file. ## ## Default: ## ## Acceptable values: ## - the path to a file ## vmq_bridge.ssl.sbr0.keyfile = ./etc/key.pem ## When using certificate based TLS, the bridge will attempt to verify the ## hostname provided in the remote certificate matches the host/address being ## connected to. This may cause problems in testing scenarios, so this option ## may be enabled to disable the hostname verification. ## Setting this option to true means that a malicious third party could ## potentially inpersonate your server, so it should always be disabled in ## production environments. ## ## Default: off ## ## Acceptable values: ## - on or off ## vmq_bridge.ssl.sbr0.insecure = off ## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be ## used for this bridge. ## ## Default: tlsv1.2 ## ## Acceptable values: ## - text ## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2 ## Pre-shared-key encryption provides an alternative to certificate based ## encryption. This option specifies the identity used. ## ## Default: ## ## Acceptable values: ## - text ## vmq_bridge.ssl.sbr0.identity = ## Pre-shared-key encryption provides an alternative to certificate based ## encryption. This option specifies the shared secret used in hexadecimal ## format without leading '0x'. ## ## Default: ## ## Acceptable values: ## - text ## vmq_bridge.ssl.sbr0.psk = ## Allow the bridge to open SSL connections to remote broker with wildcard certs ## ## Default: https ## ## Acceptable values: ## - one of: https ## vmq_bridge.ssl.name.customize_hostname_check = on ## Specifies the auth method used after the API call has been authenticated ## /authorized by the endpoint. The only possible values is "on-behalf-of" and ## "predefined" ## If you specify "on-behalf-of" every HTTP call needs to provide a client-id, ## a username and a password. Those are only used to authenticated/authorize ## the request. They have no impact on any client with the same id already ## connected. You should anyway consider using dedicated users and clients for ## HTTP calls. ## It is possible to set the app_auth setting on each listener. ## listener.https.$name$.http_modules.vmq_http_pub.app_auth ## listener.http.$name$.http_modules.vmq_http_pub.app_auth ## Using HTTP is not recommended. ## ## Default: on-behalf-of ## ## Acceptable values: ## - text ## vmq_http_pub.mqtt_auth.mode = on-behalf-of ## ## Default: mqtt ## ## Acceptable values: ## - text ## vmq_http_pub.mqtt_auth.auth_plugin = mqtt ## ## Default: password ## ## Acceptable values: ## - text ## vmq_web_ui.admin.auth = password ## ## Default: admin ## ## Acceptable values: ## - text ## vmq_web_ui.admin.user_name = admin ## ## Default: ## ## Acceptable values: ## - text ## vmq_web_ui.admin.user_pwd = ## ## Default: ## ## Acceptable values: ## - text ## vmq_web_ui.mgmt_api.key = ## ## Default: ## ## Acceptable values: ## - text ## vmq_web_ui.mgmt_api.port = ## ## Default: ## ## Acceptable values: ## - text ## vmq_web_ui.mgmt_api.scheme = ## ## Default: off ## ## Acceptable values: ## - on or off ## vmq_web_ui.file_access.allow_read = off ## ## Default: off ## ## Acceptable values: ## - on or off ## vmq_web_ui.file_access.allow_write = off ## Where to emit the default log messages (typically at 'info' ## severity): ## off: disabled ## file: the file specified by log.console.file ## console: to standard output (seen when using `vmq attach-direct`) ## both: log.console.file and standard out. ## ## Default: file ## ## Acceptable values: ## - one of: off, file, console, both log.console = file ## The severity level of the console log, default is 'info'. ## ## Default: info ## ## Acceptable values: ## - one of: debug, info, notice, warning, error, critical, alert, emergency log.console.level = info ## When 'log.console' is set to 'file' or 'both', the file where ## console messages will be logged. ## ## Default: ./log/console.log ## ## Acceptable values: ## - the path to a file log.console.file = ./log/console.log ## Logger format for console logging to standard output: text or json. Default text) ## ## Default: text ## ## Acceptable values: ## - one of: text, json log.console.console.format = text ## Logger format for console logging to file: text or json. Default text) ## ## Default: text ## ## Acceptable values: ## - one of: text, json log.console.file.format = text ## Maximum size of the console log in bytes, before it is rotated ## ## Default: infinity ## ## Acceptable values: ## - a byte size with units, e.g. 10GB ## - the text "infinity" log.console.rotation.size = infinity ## The number of rotated console logs to keep. When set to ## '0', only the current open log file is kept. This setting is only ## considered if log.error.rotation.size is different than "infinity". ## ## Default: 5 ## ## Acceptable values: ## - an integer log.console.rotation.keep = 5 ## Should rotated console log file archives be compressed (default off) ## ## Default: off ## ## Acceptable values: ## - on or off log.console.rotation.compress_on_rotate = off ## Disables are enables the dedicated error logger ## ## Default: on ## ## Acceptable values: ## - on or off log.error = on ## The file where error messages will be logged. ## ## Default: ./log/error.log ## ## Acceptable values: ## - the path to a file log.error.file = ./log/error.log ## Logger format: text or json. Default text) ## ## Default: text ## ## Acceptable values: ## - one of: text, json log.error.file.format = text ## Maximum size of the error log in bytes, before it is rotated ## ## Default: infinity ## ## Acceptable values: ## - a byte size with units, e.g. 10GB ## - the text "infinity" log.error.rotation.size = infinity ## The number of rotated error logs to keep. When set to ## '0', only the current open log file is kept. This setting is only ## considered if log.error.rotation.size is different than "infinity". ## ## Default: 5 ## ## Acceptable values: ## - an integer log.error.rotation.keep = 5 ## Should rotated log file archives be compressed (default off) ## ## Default: off ## ## Acceptable values: ## - on or off log.error.rotation.compress_on_rotate = off ## Disables are enables the dedicated crash logger. Crash logs are also written ## to the error log, so this logger is disabled by default. ## ## Default: off ## ## Acceptable values: ## - on or off log.crash = off ## The file where crash messages will be logged. ## ## Default: ./log/crash.log ## ## Acceptable values: ## - the path to a file log.crash.file = ./log/crash.log ## Maximum size of the crash log in bytes, before it is rotated ## ## Default: infinity ## ## Acceptable values: ## - a byte size with units, e.g. 10GB ## - the text "infinity" log.crash.rotation.size = infinity ## The number of rotated crash logs to keep. When set to ## '0', only the current open log file is kept. ## ## Default: 5 ## ## Acceptable values: ## - an integer log.crash.rotation.keep = 5 ## Should rotated log file archives be compressed (default off) ## ## Default: off ## ## Acceptable values: ## - on or off log.crash.rotation.compress_on_rotate = off ## Disables are enables the dedicated sasl logger. Crash logs are also written ## to the error log, so this logger is disabled by default. ## ## Default: off ## ## Acceptable values: ## - on or off log.sasl = off ## The file where sasl messages will be logged. ## ## Default: ./log/sasl.log ## ## Acceptable values: ## - the path to a file log.sasl.file = ./log/sasl.log ## Maximum size of the crash log in bytes, before it is rotated ## ## Default: infinity ## ## Acceptable values: ## - a byte size with units, e.g. 10GB ## - the text "infinity" log.sasl.rotation.size = infinity ## The number of rotated crash logs to keep. When set to ## '0', only the current open log file is kept. ## ## Default: 5 ## ## Acceptable values: ## - an integer log.sasl.rotation.keep = 5 ## Should rotated log file archives be compressed (default off) ## ## Default: off ## ## Acceptable values: ## - on or off log.sasl.rotation.compress_on_rotate = off ## When set to 'on', enables log output to syslog. ## ## Default: off ## ## Acceptable values: ## - on or off log.syslog = off ## Name of the Erlang node ## Default: VerneMQ@127.0.0.1 ## Acceptable values: ## - text ## ## Default: VerneMQ@127.0.0.1 ## ## Acceptable values: ## - text nodename = VerneMQ@127.0.0.1 ## Cookie for distributed node communication. All nodes in the ## same cluster should use the same cookie or they will not be able to ## communicate. ## IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT! ## ## Default: vmq ## ## Acceptable values: ## - text distributed_cookie = vmq ## Sets the number of threads in async thread pool, valid range ## is 0-1024. If thread support is available, the default is 64. ## More information at: http://erlang.org/doc/man/erl.html ## ## Default: 64 ## ## Acceptable values: ## - an integer erlang.async_threads = 64 ## The number of concurrent ports/sockets ## Valid range is 1024-134217727 ## ## Default: 262144 ## ## Acceptable values: ## - an integer erlang.max_ports = 262144 ## Set scheduler forced wakeup interval. All run queues will be ## scanned each Interval milliseconds. While there are sleeping ## schedulers in the system, one scheduler will be woken for each ## non-empty run queue found. An Interval of zero disables this ## feature, which also is the default. ## This feature is a workaround for lengthy executing native code, and ## native code that do not bump reductions properly. ## More information: http://www.erlang.org/doc/man/erl.html#+sfwi ## ## Acceptable values: ## - an integer ## erlang.schedulers.force_wakeup_interval = 500 ## Enable or disable scheduler compaction of load. By default ## scheduler compaction of load is enabled. When enabled, load ## balancing will strive for a load distribution which causes as many ## scheduler threads as possible to be fully loaded (i.e., not run out ## of work). This is accomplished by migrating load (e.g. runnable ## processes) into a smaller set of schedulers when schedulers ## frequently run out of work. When disabled, the frequency with which ## schedulers run out of work will not be taken into account by the ## load balancing logic. ## More information: http://www.erlang.org/doc/man/erl.html#+scl ## ## Acceptable values: ## - one of: true, false ## erlang.schedulers.compaction_of_load = false ## Enable or disable scheduler utilization balancing of load. By ## default scheduler utilization balancing is disabled and instead ## scheduler compaction of load is enabled which will strive for a ## load distribution which causes as many scheduler threads as ## possible to be fully loaded (i.e., not run out of work). When ## scheduler utilization balancing is enabled the system will instead ## try to balance scheduler utilization between schedulers. That is, ## strive for equal scheduler utilization on all schedulers. ## More information: http://www.erlang.org/doc/man/erl.html#+sub ## ## Acceptable values: ## - one of: true, false ## erlang.schedulers.utilization_balancing = true ## This parameter defines the percentage of total server memory ## to assign to LevelDB. LevelDB will dynamically adjust its internal ## cache sizes to stay within this size. The memory size can ## alternately be assigned as a byte count via leveldb.maximum_memory ## instead. ## ## Default: 70 ## ## Acceptable values: ## - an integer leveldb.maximum_memory.percent = 70 ## Enables or disables the compression of data on disk. ## Enabling (default) saves disk space. Disabling may reduce read ## latency but increase overall disk activity. Option can be ## changed at any time, but will not impact data on disk until ## next time a file requires compaction. ## ## Default: on ## ## Acceptable values: ## - on or off leveldb.compression = on ## Selection of compression algorithms. snappy is ## original compression supplied for leveldb. lz4 is new ## algorithm that compresses to similar volume but averages twice ## as fast on writes and four times as fast on reads. ## ## Acceptable values: ## - one of: snappy, lz4 leveldb.compression.algorithm = lz4