The VerneMQ conf file
A closer look at an example vernemq.conf file (Note: This is a work-in-progress section)
VerneMQ is usually configured by editing a single config file called vernemq.conf. The config file will be generated by the process building a release, and it will also come with the binary VerneMQ packages.
In the vernemq.conf file you will find keys and values (sometimes outcommented), most of the time along with a quick documentation. Some values are hidden, that is you won't find them in the auto-generated conf file. Those are meant to be added to the conf file manually. Typically, hidden values aren't the most used configuration values. You'll find a full list of all the hidden options below.
Here's a full example vernemq.conf file, as generated by the 1.12.3 release. It is a long file, but luckily you won't need to touch every single value!
1
## Allow anonymous users to connect, default is 'off'. !!NOTE!!
2
## Enabling this completely disables authentication of the clients and
3
## should only be used for testing/development purposes or in case
4
## clients are authenticated by some other means.
5
##
6
## Default: off
7
##
8
## Acceptable values:
9
## - on or off
10
allow_anonymous = off
11
12
## Allow new client connections even when a VerneMQ cluster is inconsistent.
13
##
14
## Default: off
15
##
16
## Acceptable values:
17
## - on or off
18
allow_register_during_netsplit = off
19
20
## Allow message publishs even when a VerneMQ cluster is inconsistent.
21
##
22
## Default: off
23
##
24
## Acceptable values:
25
## - on or off
26
allow_publish_during_netsplit = off
27
28
## Allow new subscriptions even when a VerneMQ cluster is inconsistent.
29
##
30
## Default: off
31
##
32
## Acceptable values:
33
## - on or off
34
allow_subscribe_during_netsplit = off
35
36
## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.
37
##
38
## Default: off
39
##
40
## Acceptable values:
41
## - on or off
42
allow_unsubscribe_during_netsplit = off
43
44
## Allows a client to logon multiple times using the same client
45
## id (non-standard behaviour!). This feature is DEPRECATED and will
46
## be removed in VerneMQ 2.0.
47
##
48
## Default: off
49
##
50
## Acceptable values:
51
## - on or off
52
allow_multiple_sessions = off
53
54
## Client registrations can be either happen in a coordinated or
55
## uncoordinated fashion. Uncoordinated registrations are faster and
56
## will cause other clients with the same client-id to be eventually
57
## disconnected, while coordinated ensures that any other client with
58
## the same client-id will be immediately disconnected.
59
##
60
## Default: on
61
##
62
## Acceptable values:
63
## - on or off
64
coordinate_registrations = on
65
66
## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message
67
## delivery gets no answer.
68
##
69
## Default: 20
70
##
71
## Acceptable values:
72
## - an integer
73
## retry_interval = 20
74
75
## Set the maximum size for client IDs. MQTT v3.1 specifies a
76
## limit of 23 characters
77
##
78
## Default: 100
79
##
80
## Acceptable values:
81
## - an integer
82
## max_client_id_size = 100
83
84
## This option allows persistent clients ( = clean session set to
85
## false) to be removed if they do not reconnect within 'persistent_client_expiration'.
86
## This is a non-standard option. As far as the MQTT specification is concerned,
87
## persistent clients persist forever.
88
## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for
89
## day, week, month, and year.
90
##
91
## Default: never
92
##
93
## Acceptable values:
94
## - text
95
## persistent_client_expiration = 1w
96
97
## The maximum delay for a last will message. This setting
98
## applies only to MQTTv5 sessions and can be used to override the
99
## value provided by the client.
100
## The delay can be either 'client' which means the value specified by
101
## the client is used, or an integer followed by one of 's', 'h' 'd',
102
## 'w', 'm', 'y' for day, week, month, and year used to cap the value
103
## provided by the client..
104
##
105
## Default: client
106
##
107
## Acceptable values:
108
## - text
109
## max_last_will_delay = client
110
111
## The maximum number of QoS 1 or 2 messages that can be in the process of being
112
## transmitted simultaneously. This includes messages currently going through handshakes
113
## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set
114
## to 1, this will guarantee in-order delivery of messages.
115
##
116
## Default: 20
117
##
118
## Acceptable values:
119
## - an integer
120
max_inflight_messages = 20
121
122
## The maximum number of messages to hold in the queue above
123
## those messages that are currently in flight. Defaults to 1000. This affects
124
## messages of any QoS. Set to -1 for no maximum (not recommended).
125
## This option allows to control how a specific client session can deal
126
## with message bursts. As a general rule of thumb set
127
## this number a bit higher than the expected message rate a single consumer is
128
## required to process. Note that setting this value to 0 will totally block
129
## delivery from any queue.
130
##
131
## Default: 1000
132
##
133
## Acceptable values:
134
## - an integer
135
max_online_messages = 1000
136
137
## The maximum number of QoS 1 or 2 messages to hold in the offline queue.
138
## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0
139
## if no messages should be stored offline.
140
##
141
## Default: 1000
142
##
143
## Acceptable values:
144
## - an integer
145
max_offline_messages = 1000
146
147
## This option sets the maximum MQTT size that VerneMQ will
148
## allow. Messages that exceed this size will not be accepted by
149
## VerneMQ. The default value is 0, which means that all valid MQTT
150
## messages are accepted. MQTT imposes a maximum payload size of
151
## 268435455 bytes.
152
##
153
## Default: 0
154
##
155
## Acceptable values:
156
## - an integer
157
max_message_size = 0
158
159
## If a message is published with a QoS lower than the QoS of the subscription it is
160
## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.
161
##
162
## Default: off
163
##
164
## Acceptable values:
165
## - on or off
166
upgrade_outgoing_qos = off
167
168
## listener.tcp.buffer_sizes is an list of three integers
169
## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send
170
## buffer, the kernel TCP receive buffer and the user-level buffer
171
## size in the erlang driver.
172
## It is recommended to have val(user-level buffer) >= val(receive
173
## buffer) to avoid performance issues because of unnecessary copying.
174
## If not set, the operating system defaults are used.
175
## This option can be set on the protocol level by:
176
## - listener.tcp.buffer_sizes
177
## - listener.ssl.buffer_sizes
178
## or on the listener level by:
179
## - listener.tcp.my_tcp_listener.buffer_sizes
180
## - listener.ssl.my_ssl_listener.buffer_sizes
181
##
182
## Acceptable values:
183
## - text
184
## listener.tcp.buffer_sizes = 4096,16384,32768
185
186
## listener.max_connections is an integer or 'infinity' defining
187
## the maximum number of concurrent connections. This option can be overridden
188
## on the protocol level by:
189
## - listener.tcp.max_connections
190
## - listener.ssl.max_connections
191
## - listener.ws.max_connections
192
## - listener.wss.max_connections
193
## or on the listener level by:
194
## - listener.tcp.my_tcp_listener.max_connections
195
## - listener.ssl.my_ssl_listener.max_connections
196
## - listener.ws.my_ws_listener.max_connections
197
## - listener.wss.my_wss_listener.max_connections
198
##
199
## Default: 10000
200
##
201
## Acceptable values:
202
## - an integer
203
## - the text "infinity"
204
listener.max_connections = 10000
205
206
## Set the nr of acceptors waiting to concurrently accept new connections.
207
## This can be specified either on the protocol level:
208
## - listener.tcp.nr_of_acceptors
209
## - listener.ssl.nr_of_acceptors
210
## - listener.ws.nr_of_acceptors
211
## - listener.wss.nr_of_acceptors
212
## or on the listener level:
213
## - listener.tcp.my_tcp_listener.nr_of_acceptors
214
## - listener.ssl.my_ssl_listener.nr_of_acceptors
215
## - listener.ws.my_ws_listener.nr_of_acceptors
216
## - listener.wss.my_wss_listener.nr_of_acceptors
217
##
218
## Default: 10
219
##
220
## Acceptable values:
221
## - an integer
222
listener.nr_of_acceptors = 10
223
224
## listener.tcp.<name> is an IP address and TCP port that
225
## the broker will bind to. You can define multiple listeners e.g:
226
## - listener.tcp.default = 127.0.0.1:1883
227
## - listener.tcp.internal = 127.0.0.1:10883
228
## - listener.tcp.my_other_listener = 127.0.0.1:10884
229
## This also works for SSL listeners and WebSocket handlers:
230
## - listener.ssl.default = 127.0.0.1:8883
231
## - listener.ws.default = 127.0.0.1:800
232
## - listener.wss.default = 127.0.0.1:880
233
##
234
## Default: 127.0.0.1:1883
235
##
236
## Acceptable values:
237
## - an IP/port pair, e.g. 127.0.0.1:10011
238
listener.tcp.default = 127.0.0.1:1883
239
240
## 'listener.tcp.allowed_protocol_versions' configures which
241
## protocol versions are allowed for an MQTT listener. The allowed
242
## protocol versions can be specified the tcp, websocket or ssl level:
243
## - listener.tcp.allowed_protocol_versions
244
## - listener.ws.allowed_protocol_versions
245
## - listener.wss.allowed_protocol_versions
246
## - listener.ssl.allowed_protocol_versions
247
## or for a specific listener:
248
## - listener.tcp.my_tcp_listener.allowed_protocol_versions
249
## - listener.ws.my_ws_listener.allowed_protocol_versions
250
## - listener.wss.my_ws_listener.allowed_protocol_versions
251
## - listener.ssl.my_ws_listener.allowed_protocol_versions
252
## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131
253
## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).
254
##
255
## Default: 3,4,131
256
##
257
## Acceptable values:
258
## - text
259
## listener.tcp.allowed_protocol_versions = 3,4
260
261
## listener.vmq.clustering is the IP address and TCP port that
262
## the broker will bind to accept connections from other cluster
263
## nodes e.g:
264
## - listener.vmq.clustering = 0.0.0.0:18883
265
## This also works for SSL listeners:
266
## - listener.vmqs.clustering = 0.0.0.0:18884
267
##
268
## Default: 0.0.0.0:44053
269
##
270
## Acceptable values:
271
## - an IP/port pair, e.g. 127.0.0.1:10011
272
listener.vmq.clustering = 0.0.0.0:44053
273
274
## listener.http.default is the IP address and TCP port that
275
## the broker will bind to accept HTTP connections
276
## - listener.http.default = 0.0.0.0:8888
277
## This also works for SSL listeners:
278
## - listener.https.default= 0.0.0.0:8889
279
##
280
## Default: 127.0.0.1:8888
281
##
282
## Acceptable values:
283
## - an IP/port pair, e.g. 127.0.0.1:10011
284
listener.http.default = 127.0.0.1:8888
285
286
## The cafile is used to define the path to a file containing
287
## the PEM encoded CA certificates that are trusted. Set the cafile
288
## on the protocol level or on the listener level:
289
## - listener.ssl.cafile
290
## - listener.wss.cafile
291
## or on the listener level:
292
## - listener.ssl.my_ssl_listener.cafile
293
## - listener.wss.my_wss_listener.cafile
294
##
295
## Default:
296
##
297
## Acceptable values:
298
## - the path to a file
299
## listener.ssl.cafile = ./etc/cacerts.pem
300
301
##
302
## Default:
303
##
304
## Acceptable values:
305
## - the path to a file
306
## listener.https.cafile = ./etc/cacerts.pem
307
308
## Set the path to the PEM encoded server certificate
309
## on the protocol level or on the listener level:
310
## - listener.ssl.certfile
311
## - listener.wss.certfile
312
## or on the listener level:
313
## - listener.ssl.my_ssl_listener.certfile
314
## - listener.wss.my_wss_listener.certfile
315
##
316
## Default:
317
##
318
## Acceptable values:
319
## - the path to a file
320
## listener.ssl.certfile = ./etc/cert.pem
321
322
##
323
## Default:
324
##
325
## Acceptable values:
326
## - the path to a file
327
## listener.https.certfile = ./etc/cert.pem
328
329
## Set the path to the PEM encoded key file on the protocol
330
## level or on the listener level:
331
## - listener.ssl.keyfile
332
## - listener.wss.keyfile
333
## or on the listener level:
334
## - listener.ssl.my_ssl_listener.keyfile
335
## - listener.wss.my_wss_listener.keyfile
336
##
337
## Default:
338
##
339
## Acceptable values:
340
## - the path to a file
341
## listener.ssl.keyfile = ./etc/key.pem
342
343
##
344
## Default:
345
##
346
## Acceptable values:
347
## - the path to a file
348
## listener.vmqs.keyfile = ./etc/key.pem
349
350
##
351
## Default:
352
##
353
## Acceptable values:
354
## - the path to a file
355
## listener.https.keyfile = ./etc/key.pem
356
357
## Set the list of allowed ciphers (each separated with a colon,
358
## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),
359
## on the protocol level or on the listener level. Reasonable defaults
360
## are used if nothing is specified:
361
## - listener.ssl.ciphers
362
## - listener.wss.ciphers
363
## or on the listener level:
364
## - listener.ssl.my_ssl_listener.ciphers
365
## - listener.wss.my_wss_listener.ciphers
366
##
367
## Default:
368
##
369
## Acceptable values:
370
## - text
371
## listener.ssl.ciphers =
372
373
##
374
## Default:
375
##
376
## Acceptable values:
377
## - text
378
## listener.vmqs.ciphers =
379
380
##
381
## Default:
382
##
383
## Acceptable values:
384
## - text
385
## listener.https.ciphers =
386
387
## Set the list of allowed elliptical curves (each separated with a colon,
388
## e.g. "[sect571k1,secp521r1,brainpoolP512r1]"), on the protocol level or on the listener level.
389
## All known curves are used if nothing is specified.
390
## - listener.ssl.eccs
391
## - listener.wss.eccs
392
## or on the listener level:
393
## - listener.ssl.my_ssl_listener.eccs
394
## - listener.wss.my_wss_listener.eccs
395
##
396
## Default:
397
##
398
## Acceptable values:
399
## - text
400
## listener.ssl.eccs = [brainpoolP384r1, secp384r1, sect283k1]
401
402
##
403
## Default:
404
##
405
## Acceptable values:
406
## - text
407
## listener.vmqs.eccs = [brainpoolP384r1, secp384r1, sect283k1]
408
409
##
410
## Default:
411
##
412
## Acceptable values:
413
## - text
414
## listener.https.eccs = [brainpoolP384r1, secp384r1, sect283k1]
415
416
## If you have 'listener.ssl.require_certificate' set to true,
417
## you can create a certificate revocation list file to revoke access
418
## to particular client certificates. If you have done this, use crlfile
419
## to point to the PEM encoded revocation file. This can be done on the
420
## protocol level or on the listener level.
421
## - listener.ssl.crlfile
422
## - listener.wss.crlfile
423
## or on the listener level:
424
## - listener.ssl.my_ssl_listener.crlfile
425
## - listener.wss.my_wss_listener.crlfile
426
##
427
## Default:
428
##
429
## Acceptable values:
430
## - the path to a file
431
## listener.ssl.crlfile =
432
433
## Enable this option if you want to use SSL client certificates
434
## to authenticate your clients. This can be done on the protocol level
435
## or on the listener level.
436
## - listener.ssl.require_certificate
437
## - listener.wss.require_certificate
438
## or on the listener level:
439
## - listener.ssl.my_ssl_listener.require_certificate
440
## - listener.wss.my_wss_listener.require_certificate
441
##
442
## Default: off
443
##
444
## Acceptable values:
445
## - on or off
446
## listener.ssl.require_certificate = off
447
448
##
449
## Default: off
450
##
451
## Acceptable values:
452
## - on or off
453
## listener.vmqs.require_certificate = off
454
455
##
456
## Default: off
457
##
458
## Acceptable values:
459
## - on or off
460
## listener.https.require_certificate = off
461
462
## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
463
##
464
## Default: tlsv1.2
465
##
466
## Acceptable values:
467
## - text
468
## listener.ssl.tls_version = tlsv1.2
469
470
##
471
## Default: tlsv1.2
472
##
473
## Acceptable values:
474
## - text
475
## listener.vmqs.tls_version = tlsv1.2
476
477
##
478
## Default: tlsv1.2
479
##
480
## Acceptable values:
481
## - text
482
## listener.https.tls_version = tlsv1.2
483
484
## If 'listener.ssl.require_certificate' is enabled, you may enable
485
## 'listener.ssl.use_identity_as_username' to use the CN value from the client
486
## certificate as a username. If enabled other authentication plugins are not
487
## considered. The option can be specified either for all SSL listeners or for
488
## a specific listener:
489
## - listener.ssl.use_identity_as_username
490
## - listener.wss.use_identity_as_username
491
## or on the listener level:
492
## - listener.ssl.my_ssl_listener.use_identity_as_username
493
## - listener.wss.my_wss_listener.use_identity_as_username
494
##
495
## Default: off
496
##
497
## Acceptable values:
498
## - on or off
499
## listener.ssl.use_identity_as_username = off
500
501
## Enable the $SYSTree Reporter.
502
##
503
## Default: on
504
##
505
## Acceptable values:
506
## - on or off
507
systree_enabled = on
508
509
## The integer number of milliseconds between updates of the $SYS subscription hierarchy,
510
## which provides status information about the broker. If unset, defaults to 20 seconds.
511
## Set to 0 to disable publishing the $SYS hierarchy completely.
512
##
513
## Default: 20000
514
##
515
## Acceptable values:
516
## - an integer
517
systree_interval = 20000
518
519
## Enable the Graphite Reporter. Ensure to also configure a
520
## proper graphite.host
521
##
522
## Default: off
523
##
524
## Acceptable values:
525
## - on or off
526
graphite_enabled = off
527
528
## the graphite server host name
529
##
530
## Default: localhost
531
##
532
## Acceptable values:
533
## - text
534
graphite_host = localhost
535
536
## the tcp port of the graphite server
537
##
538
## Default: 2003
539
##
540
## Acceptable values:
541
## - an integer
542
graphite_port = 2003
543
544
## the interval we push metrics to the graphite server in ms
545
##
546
## Default: 20000
547
##
548
## Acceptable values:
549
## - an integer
550
graphite_interval = 20000
551
552
## set the prefix that is applied to all metrics reported to graphite
553
##
554
## Default:
555
##
556
## Acceptable values:
557
## - text
558
## graphite_prefix = my-prefix
559
560
## the graphite server api key, e.g. used by hostedgraphite.com
561
##
562
## Default:
563
##
564
## Acceptable values:
565
## - text
566
## graphite_api_key = My-Api-Key
567
568
## Distribution policy for shared subscriptions. Default is
569
## 'prefer_local' which will ensure that local subscribers will be
570
## used if any are available. 'local_only' will select a random local
571
## subscriber if any are available. 'random' will randomly choose
572
## between all available subscribers.
573
##
574
## Default: prefer_local
575
##
576
## Acceptable values:
577
## - text
578
shared_subscription_policy = prefer_local
579
580
## plugins.<plugin> enables/disables a plugin.
581
## Plugin specific settings are set via the plugin itself, i.e., to
582
## set the 'file' setting for the myplugin plugin, add a line like:
583
## myplugin.file = /path/to/file
584
##
585
## Acceptable values:
586
## - on or off
587
## plugins.name = on
588
589
## plugins.<name>.path defines the location of the plugin
590
## associated with <name>. This is needed for plugins that are not
591
## shipped with VerneMQ.
592
##
593
## Acceptable values:
594
## - the path to a directory
595
## plugins.mypluginname.path = /path/to/myplugin
596
597
## plugins.<name>.priority defines the load order of the
598
## plugins. Plugins are loaded by priority. If no priority is given
599
## the load order is undefined. Prioritized plugins will always be
600
## loaded before plugins with no defined priority.
601
##
602
## Acceptable values:
603
## - an integer
604
## plugins.mypluginname.priority = 5
605
606
## File based authentication plugin.
607
##
608
## Default: on
609
##
610
## Acceptable values:
611
## - on or off
612
plugins.vmq_passwd = on
613
614
## File based authorization plugin.
615
##
616
## Default: on
617
##
618
## Acceptable values:
619
## - on or off
620
plugins.vmq_acl = on
621
622
## Lua based plugins.
623
##
624
## Default: off
625
##
626
## Acceptable values:
627
## - on or off
628
plugins.vmq_diversity = off
629
630
## Webhook based plugins.
631
##
632
## Default: off
633
##
634
## Acceptable values:
635
## - on or off
636
plugins.vmq_webhooks = off
637
638
## The VerneMQ bridge plugin.
639
##
640
## Default: off
641
##
642
## Acceptable values:
643
## - on or off
644
plugins.vmq_bridge = off
645
646
## Limits the maximum topic depth
647
##
648
## Default: 10
649
##
650
## Acceptable values:
651
## - an integer
652
topic_max_depth = 10
653
654
## Specifies the metadata plugin that is used for storing and replicating
655
## VerneMQ metadata objects such as MQTT subscriptions and retained messages.
656
## The default is kept at `vmq_plumtree` for compatibility with existing deployments.
657
## For new cluster deployments, the recommendation is to use 'vmq_swc' from the
658
## beginning. Note that the 2 protocols are not compatible, so clusters can't be
659
## mixed.
660
##
661
## Default: vmq_swc
662
##
663
## Acceptable values:
664
## - one of: vmq_plumtree, vmq_swc
665
metadata_plugin = vmq_swc
666
667
## Set the path to an access control list file.
668
##
669
## Default: ./etc/vmq.acl
670
##
671
## Acceptable values:
672
## - the path to a file
673
vmq_acl.acl_file = ./etc/vmq.acl
674
675
## set the acl reload interval in seconds, the value 0 disables
676
## the automatic reloading of the acl file.
677
##
678
## Default: 10
679
##
680
## Acceptable values:
681
## - an integer
682
vmq_acl.acl_reload_interval = 10
683
684
## Set the path to a password file.
685
##
686
## Default: ./etc/vmq.passwd
687
##
688
## Acceptable values:
689
## - the path to a file
690
vmq_passwd.password_file = ./etc/vmq.passwd
691
692
## set the password reload interval in seconds, the value 0
693
## disables the automatic reloading of the password file.
694
##
695
## Default: 10
696
##
697
## Acceptable values:
698
## - an integer
699
vmq_passwd.password_reload_interval = 10
700
701
## Configure the vmq_diversity plugin script dir. The script dir
702
## is searched for Lua scripts which are automatically loaded when the
703
## plugin is enabled.
704
##
705
## Default: ./share/lua
706
##
707
## Acceptable values:
708
## - the path to a directory
709
vmq_diversity.script_dir = ./share/lua
710
711
##
712
## Default: off
713
##
714
## Acceptable values:
715
## - on or off
716
vmq_diversity.auth_postgres.enabled = off
717
718
##
719
## Default: localhost
720
##
721
## Acceptable values:
722
## - text
723
## vmq_diversity.postgres.host = localhost
724
725
##
726
## Default: 5432
727
##
728
## Acceptable values:
729
## - an integer
730
## vmq_diversity.postgres.port = 5432
731
732
##
733
## Default: root
734
##
735
## Acceptable values:
736
## - text
737
## vmq_diversity.postgres.user = root
738
739
##
740
## Default: password
741
##
742
## Acceptable values:
743
## - text
744
## vmq_diversity.postgres.password = password
745
746
##
747
## Default: vernemq_db
748
##
749
## Acceptable values:
750
## - text
751
## vmq_diversity.postgres.database = vernemq_db
752
753
## Specify if the postgresql driver should use TLS or not.
754
##
755
## Default: off
756
##
757
## Acceptable values:
758
## - on or off
759
vmq_diversity.postgres.ssl = off
760
761
## The cafile is used to define the path to a file containing
762
## the PEM encoded CA certificates that are trusted.
763
##
764
## Default:
765
##
766
## Acceptable values:
767
## - the path to a file
768
## vmq_diversity.postgres.cafile = ./etc/cafile.pem
769
770
## Set the path to the PEM encoded server certificate.
771
##
772
## Default:
773
##
774
## Acceptable values:
775
## - the path to a file
776
## vmq_diversity.postgres.certfile = ./etc/cert.pem
777
778
## Set the path to the PEM encoded key file.
779
##
780
## Default:
781
##
782
## Acceptable values:
783
## - the path to a file
784
## vmq_diversity.postgres.keyfile = ./etc/keyfile.pem
785
786
## The password hashing method to use in PostgreSQL:
787
##
788
## Default: crypt
789
##
790
## Acceptable values:
791
## - one of: crypt, bcrypt
792
vmq_diversity.postgres.password_hash_method = crypt
793
794
##
795
## Default: off
796
##
797
## Acceptable values:
798
## - on or off
799
vmq_diversity.auth_cockroachdb.enabled = off
800
801
##
802
## Default: localhost
803
##
804
## Acceptable values:
805
## - text
806
## vmq_diversity.cockroachdb.host = localhost
807
808
##
809
## Default: 5432
810
##
811
## Acceptable values:
812
## - an integer
813
## vmq_diversity.cockroachdb.port = 5432
814
815
##
816
## Default: root
817
##
818
## Acceptable values:
819
## - text
820
## vmq_diversity.cockroachdb.user = root
821
822
##
823
## Default: password
824
##
825
## Acceptable values:
826
## - text
827
## vmq_diversity.cockroachdb.password = password
828
829
##
830
## Default: vernemq_db
831
##
832
## Acceptable values:
833
## - text
834
## vmq_diversity.cockroachdb.database = vernemq_db
835
836
## Specify if the cockroachdb driver should use TLS or not.
837
##
838
## Default: on
839
##
840
## Acceptable values:
841
## - on or off
842
vmq_diversity.cockroachdb.ssl = on
843
844
## The cafile is used to define the path to a file containing
845
## the PEM encoded CA certificates that are trusted.
846
##
847
## Default:
848
##
849
## Acceptable values:
850
## - the path to a file
851
## vmq_diversity.cockroachdb.cafile = ./etc/cafile.pem
852
853
## Set the path to the PEM encoded server certificate.
854
##
855
## Default:
856
##
857
## Acceptable values:
858
## - the path to a file
859
## vmq_diversity.cockroachdb.certfile = ./etc/cert.pem
860
861
## Set the path to the PEM encoded key file.
862
##
863
## Default:
864
##
865
## Acceptable values:
866
## - the path to a file
867
## vmq_diversity.cockroachdb.keyfile = ./etc/keyfile.pem
868
869
## The password hashing method to use in CockroachDB:
870
##
871
## Default: bcrypt
872
##
873
## Acceptable values:
874
## - one of: sha256, bcrypt
875
vmq_diversity.cockroachdb.password_hash_method = bcrypt
876
877
##
878
## Default: off
879
##
880
## Acceptable values:
881
## - on or off
882
vmq_diversity.auth_mysql.enabled = off
883
884
##
885
## Default: localhost
886
##
887
## Acceptable values:
888
## - text
889
## vmq_diversity.mysql.host = localhost
890
891
##
892
## Default: 3306
893
##
894
## Acceptable values:
895
## - an integer
896
## vmq_diversity.mysql.port = 3306
897
898
##
899
## Default: root
900
##
901
## Acceptable values:
902
## - text
903
## vmq_diversity.mysql.user = root
904
905
##
906
## Default: password
907
##
908
## Acceptable values:
909
## - text
910
## vmq_diversity.mysql.password = password
911
912
##
913
## Default: vernemq_db
914
##
915
## Acceptable values:
916
## - text
917
## vmq_diversity.mysql.database = vernemq_db
918
919
## The password hashing method to use in MySQL:
920
## password: Default for compatibility, deprecated since MySQL 5.7.6 and not
921
## usable with MySQL 8.0.11+.
922
## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password
923
## md5: Calculates an MD5 128-bit checksum of the password.
924
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5
925
## sha1: Calculates the SHA-1 160-bit checksum for the password.
926
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1
927
## sha256: Calculates the SHA-2 hash of the password, using 256 bits.
928
## Works only if MySQL has been configured with SSL support.
929
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
930
##
931
## Default: password
932
##
933
## Acceptable values:
934
## - one of: password, md5, sha1, sha256
935
vmq_diversity.mysql.password_hash_method = password
936
937
##
938
## Default: off
939
##
940
## Acceptable values:
941
## - on or off
942
vmq_diversity.auth_mongodb.enabled = off
943
944
##
945
## Default: localhost
946
##
947
## Acceptable values:
948
## - text
949
## vmq_diversity.mongodb.host = localhost
950
951
##
952
## Default: 27017
953
##
954
## Acceptable values:
955
## - an integer
956
## vmq_diversity.mongodb.port = 27017
957
958
##
959
## Acceptable values:
960
## - text
961
## vmq_diversity.mongodb.login =
962
963
##
964
## Acceptable values:
965
## - text
966
## vmq_diversity.mongodb.password =
967
968
##
969
## Default: admin
970
##
971
## Acceptable values:
972
## - text
973
## vmq_diversity.mongodb.auth_source =
974
975
##
976
## Acceptable values:
977
## - text
978
## vmq_diversity.mongodb.database =
979
980
## Specify if the mongodb driver should use TLS or not.
981
##
982
## Default: off
983
##
984
## Acceptable values:
985
## - on or off
986
vmq_diversity.mongodb.ssl = off
987
988
## The cafile is used to define the path to a file containing
989
## the PEM encoded CA certificates that are trusted.
990
##
991
## Default:
992
##
993
## Acceptable values:
994
## - the path to a file
995
## vmq_diversity.mongodb.cafile = ./etc/cafile.pem
996
997
## Set the path to the PEM encoded server certificate.
998
##
999
## Default:
1000
##
1001
## Acceptable values:
1002
## - the path to a file
1003
## vmq_diversity.mongodb.certfile = ./etc/cert.pem
1004
1005
## Set the path to the PEM encoded key file.
1006
##
1007
## Default:
1008
##
1009
## Acceptable values:
1010
## - the path to a file
1011
## vmq_diversity.mongodb.keyfile = ./etc/keyfile.pem
1012
1013
##
1014
## Default: off
1015
##
1016
## Acceptable values:
1017
## - on or off
1018
vmq_diversity.auth_redis.enabled = off
1019
1020
##
1021
## Default: localhost
1022
##
1023
## Acceptable values:
1024
## - text
1025
## vmq_diversity.redis.host = localhost
1026
1027
##
1028
## Default: 6379
1029
##
1030
## Acceptable values:
1031
## - an integer
1032
## vmq_diversity.redis.port = 6379
1033
1034
##
1035
## Default:
1036
##
1037
## Acceptable values:
1038
## - text
1039
## vmq_diversity.redis.password =
1040
1041
##
1042
## Default: 0
1043
##
1044
## Acceptable values:
1045
## - an integer
1046
## vmq_diversity.redis.database = 0
1047
1048
##
1049
## Default: localhost
1050
##
1051
## Acceptable values:
1052
## - text
1053
## vmq_diversity.memcache.host = localhost
1054
1055
##
1056
## Default: 11211
1057
##
1058
## Acceptable values:
1059
## - an integer
1060
## vmq_diversity.memcache.port = 11211
1061
1062
## vmq_diversity.<name>.file = <file> loads a specific lua
1063
## script when `vmq_diversity` starts. The scripts are loaded in the
1064
## order defined by the names given, i.e., the script with <name>
1065
## 'script1' is started before the plugin with <name> 'script2'.
1066
## Scripts loaded like this are loaded after the scripts in the
1067
## default script dir.
1068
##
1069
## Acceptable values:
1070
## - the path to a file
1071
## vmq_diversity.script1.file = path/to/my/script.lua
1072
1073
## The pool_size specifies how many bcrypt operations that are
1074
## allowed concurrently. The value `auto` will try to detect all
1075
## logical cpus and set the pool size to that number. If the number of
1076
## logical cpus cannot be detected, a value of 1 is used.
1077
##
1078
## Default: 1
1079
##
1080
## Acceptable values:
1081
## - an integer
1082
## - one of: auto
1083
vmq_bcrypt.pool_size = 1
1084
1085
## To configure and register a webhook a hook and an endpoint
1086
## need to be configured and this is achieved by associating both with
1087
## a name. vmq_webhooks.<name>.hook = <hook> associates the hook
1088
## <hook> with the name <name>. Webhooks are registered in the order
1089
## of the name given to it. Therefore a webhook with name 'webhook1'
1090
## is regisered before a webhook with the name 'webhook2'.
1091
##
1092
## Acceptable values:
1093
## - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_session_expired, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5
1094
## vmq_webhooks.webhook1.hook = auth_on_register
1095
1096
## Associate an endpoint with a name.
1097
##
1098
## Acceptable values:
1099
## - text
1100
## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints
1101
1102
## Configure TLS version for HTTPS webhook calls
1103
## HTTPS webhooks.
1104
##
1105
## Default: tlsv1.2
1106
##
1107
## Acceptable values:
1108
## - text
1109
## vmq_webhooks.tls_version = tlsv1.2
1110
1111
## Specify the address and port of the bridge to connect to. Several
1112
## bridges can configured by using different bridge names (e.g. br0). If the
1113
## connection supports SSL encryption bridge.ssl.<name> can be used.
1114
##
1115
## Acceptable values:
1116
## - text
1117
## vmq_bridge.tcp.br0 = 127.0.0.1:1889
1118
1119
## Set the clean session option for the bridge. By default this is disabled,
1120
## which means that all subscriptions on the remote broker are kept in case of
1121
## the network connection dropping. If enabled, all subscriptions and messages
1122
## on the remote broker will be cleaned up if the connection drops.
1123
##
1124
## Default: off
1125
##
1126
## Acceptable values:
1127
## - on or off
1128
## vmq_bridge.tcp.br0.cleansession = off
1129
1130
## Set the client id for this bridge connection. If not defined, this
1131
## defaults to 'name.hostname', where name is the connection name and hostname
1132
## is the hostname of this computer.
1133
##
1134
## Default: auto
1135
##
1136
## Acceptable values:
1137
## - text
1138
## vmq_bridge.tcp.br0.client_id = auto
1139
1140
## Set the number of seconds after which the bridge should send a ping if
1141
## no other traffic has occurred.
1142
##
1143
## Default: 60
1144
##
1145
## Acceptable values:
1146
## - an integer
1147
## vmq_bridge.tcp.br0.keepalive_interval = 60
1148
1149
## Configure a username for the bridge. This is used for authentication
1150
## purposes when connecting to a broker that support MQTT v3.1 and requires a
1151
## username and/or password to connect. See also the password option.
1152
##
1153
## Acceptable values:
1154
## - text
1155
## vmq_bridge.tcp.br0.username = my_remote_user
1156
1157
## Configure a password for the bridge. This is used for authentication
1158
## purposes when connecting to a broker that support MQTT v3.1 and requires a
1159
## username and/or password to connect. This option is only valid if a username
1160
## is also supplied.
1161
##
1162
## Acceptable values:
1163
## - text
1164
## vmq_bridge.tcp.br0.password = my_remote_password
1165
1166
## Define one or more topic pattern to be shared between the two brokers.
1167
## Any topics matching the pattern (including wildcards) are shared.
1168
## The following format is used:
1169
## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]
1170
## [ out | in | both ]: specifies that this bridge exports messages (out), imports
1171
## messages (in) or shared in both directions (both). If undefined we default to
1172
## export (out).
1173
## qos-level: specifies the publish/subscribe QoS level used for this
1174
## toppic. If undefined we default to QoS 0.
1175
## local-prefix and remote-prefix: For incoming topics, the bridge
1176
## will prepend the pattern with the remote prefix and subscribe to
1177
## the resulting topic on the remote broker. When a matching
1178
## incoming message is received, the remote prefix will be removed
1179
## from the topic and then the local prefix added.
1180
## For outgoing topics, the bridge will prepend the pattern with the
1181
## local prefix and subscribe to the resulting topic on the local
1182
## broker. When an outgoing message is processed, the local prefix
1183
## will be removed from the topic then the remote prefix added.
1184
## For shared subscriptions topic prefixes are applied only to the
1185
## topic part of the subscription.
1186
##
1187
## Acceptable values:
1188
## - text
1189
## vmq_bridge.tcp.br0.topic.1 = topic
1190
1191
## Set the amount of time a bridge using the automatic start type will wait
1192
## until attempting to reconnect. Defaults to 30 seconds.
1193
##
1194
## Default: 10
1195
##
1196
## Acceptable values:
1197
## - an integer
1198
## vmq_bridge.tcp.br0.restart_timeout = 10
1199
1200
## If try_private is enabled, the bridge will attempt to indicate to the
1201
## remote broker that it is a bridge not an ordinary client.
1202
## Note that loop detection for bridges is not yet implemented.
1203
##
1204
## Default: on
1205
##
1206
## Acceptable values:
1207
## - on or off
1208
## vmq_bridge.tcp.br0.try_private = on
1209
1210
## Set the MQTT protocol version to be used by the bridge.
1211
##
1212
## Default: 3
1213
##
1214
## Acceptable values:
1215
## - one of: 3, 4
1216
## vmq_bridge.tcp.br0.mqtt_version = on
1217
1218
## Maximum number of outgoing messages the bridge will buffer
1219
## while not connected to the remote broker. Messages published while
1220
## the buffer is full are dropped. A value of 0 means buffering is
1221
## disabled.
1222
##
1223
## Default: 0
1224
##
1225
## Acceptable values:
1226
## - an integer
1227
## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0
1228
1229
## The cafile is used to define the path to a file containing
1230
## the PEM encoded CA certificates that are trusted.
1231
##
1232
## Default:
1233
##
1234
## Acceptable values:
1235
## - the path to a file
1236
## vmq_bridge.ssl.sbr0.cafile = ./etc/cacerts.pem
1237
1238
## Set the path to the PEM encoded server certificate.
1239
##
1240
## Default:
1241
##
1242
## Acceptable values:
1243
## - the path to a file
1244
## vmq_bridge.ssl.sbr0.certfile = ./etc/cert.pem
1245
1246
## Set the path to the PEM encoded key file.
1247
##
1248
## Default:
1249
##
1250
## Acceptable values:
1251
## - the path to a file
1252
## vmq_bridge.ssl.sbr0.keyfile = ./etc/key.pem
1253
1254
## When using certificate based TLS, the bridge will attempt to verify the
1255
## hostname provided in the remote certificate matches the host/address being
1256
## connected to. This may cause problems in testing scenarios, so this option
1257
## may be enabled to disable the hostname verification.
1258
## Setting this option to true means that a malicious third party could
1259
## potentially inpersonate your server, so it should always be disabled in
1260
## production environments.
1261
##
1262
## Default: off
1263
##
1264
## Acceptable values:
1265
## - on or off
1266
## vmq_bridge.ssl.sbr0.insecure = off
1267
1268
## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
1269
## used for this bridge.
1270
##
1271
## Default: tlsv1.2
1272
##
1273
## Acceptable values:
1274
## - text
1275
## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2
1276
1277
## Pre-shared-key encryption provides an alternative to certificate based
1278
## encryption. This option specifies the identity used.
1279
##
1280
## Default:
1281
##
1282
## Acceptable values:
1283
## - text
1284
## vmq_bridge.ssl.sbr0.identity =
1285
1286
## Pre-shared-key encryption provides an alternative to certificate based
1287
## encryption. This option specifies the shared secret used in hexadecimal
1288
## format without leading '0x'.
1289
##
1290
## Default:
1291
##
1292
## Acceptable values:
1293
## - text
1294
## vmq_bridge.ssl.sbr0.psk =
1295
1296
## Allow the bridge to open SSL connections to remote broker with wildcard certs
1297
##
1298
## Default: https
1299
##
1300
## Acceptable values:
1301
## - one of: https
1302
## vmq_bridge.ssl.name.customize_hostname_check = on
1303
1304
## Where to emit the default log messages (typically at 'info'
1305
## severity):
1306
## off: disabled
1307
## file: the file specified by log.console.file
1308
## console: to standard output (seen when using `vmq attach-direct`)
1309
## both: log.console.file and standard out.
1310
##
1311
## Default: file
1312
##
1313
## Acceptable values:
1314
## - one of: off, file, console, both
1315
log.console = file
1316
1317
## The severity level of the console log, default is 'info'.
1318
##
1319
## Default: info
1320
##
1321
## Acceptable values:
1322
## - one of: debug, info, warning, error
1323
log.console.level = info
1324
1325
## When 'log.console' is set to 'file' or 'both', the file where
1326
## console messages will be logged.
1327
##
1328
## Default: ./log/console.log
1329
##
1330
## Acceptable values:
1331
## - the path to a file
1332
log.console.file = ./log/console.log
1333
1334
## The file where error messages will be logged.
1335
##
1336
## Default: ./log/error.log
1337
##
1338
## Acceptable values:
1339
## - the path to a file
1340
log.error.file = ./log/error.log
1341
1342
## When set to 'on', enables log output to syslog.
1343
##
1344
## Default: off
1345
##
1346
## Acceptable values:
1347
## - on or off
1348
log.syslog = off
1349
1350
## Whether to enable the crash log.
1351
##
1352
## Default: on
1353
##
1354
## Acceptable values:
1355
## - on or off
1356
log.crash = on
1357
1358
## If the crash log is enabled, the file where its messages will
1359
## be written.
1360
##
1361
## Default: ./log/crash.log
1362
##
1363
## Acceptable values:
1364
## - the path to a file
1365
log.crash.file = ./log/crash.log
1366
1367
## Maximum size in bytes of individual messages in the crash log
1368
##
1369
## Default: 64KB
1370
##
1371
## Acceptable values:
1372
## - a byte size with units, e.g. 10GB
1373
log.crash.maximum_message_size = 64KB
1374
1375
## Maximum size of the crash log in bytes, before it is rotated
1376
##
1377
## Default: 10MB
1378
##
1379
## Acceptable values:
1380
## - a byte size with units, e.g. 10GB
1381
log.crash.size = 10MB
1382
1383
## The schedule on which to rotate the crash log. For more
1384
## information see:
1385