2s6y4vv8

· 5 years ago · Aug 07, 2020, 02:12 PM
1## To use this pre-packaged version of VerneMQ you must agree
2## to our end user license agreement (EULA).
3## The EULA can be found on https://vernemq.com/end-user-license-agreement.
4## 
5## Default: no
6## 
7## Acceptable values:
8##   - one of: yes, no
9accept_eula = yes #set yes to accept EULA
10
11## Allow anonymous users to connect, default is 'off'. !!NOTE!!
12## Enabling this completely disables authentication of the clients and
13## should only be used for testing/development purposes or in case
14## clients are authenticated by some other means.
15## 
16## Default: off
17## 
18## Acceptable values:
19##   - on or off
20allow_anonymous = off
21
22## Allow new client connections even when a VerneMQ cluster is inconsistent.
23## 
24## Default: off
25## 
26## Acceptable values:
27##   - on or off
28allow_register_during_netsplit = off
29
30## Allow message publishs even when a VerneMQ cluster is inconsistent.
31## 
32## Default: off
33## 
34## Acceptable values:
35##   - on or off
36allow_publish_during_netsplit = off
37
38## Allow new subscriptions even when a VerneMQ cluster is inconsistent.
39## 
40## Default: off
41## 
42## Acceptable values:
43##   - on or off
44allow_subscribe_during_netsplit = off
45
46## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.
47## 
48## Default: off
49## 
50## Acceptable values:
51##   - on or off
52allow_unsubscribe_during_netsplit = off
53
54## Allows a client to logon multiple times using the same client
55## id (non-standard behaviour!). This feature is DEPRECATED and will
56## be removed in VerneMQ 2.0.
57## 
58## Default: off
59## 
60## Acceptable values:
61##   - on or off
62allow_multiple_sessions = off
63
64## Client registrations can be either happen in a coordinated or
65## uncoordinated fashion. Uncoordinated registrations are faster and
66## will cause other clients with the same client-id to be eventually
67## disconnected, while coordinated ensures that any other client with
68## the same client-id will be immediately disconnected.
69## 
70## Default: on
71## 
72## Acceptable values:
73##   - on or off
74coordinate_registrations = on
75
76## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message
77## delivery gets no answer.
78## 
79## Default: 20
80## 
81## Acceptable values:
82##   - an integer
83## retry_interval = 20
84
85## Set the maximum size for client IDs. MQTT v3.1 specifies a
86## limit of 23 characters
87## 
88## Default: 100
89## 
90## Acceptable values:
91##   - an integer
92## max_client_id_size = 100
93
94## This option allows persistent clients ( = clean session set to
95## false) to be removed if they do not reconnect within 'persistent_client_expiration'.
96## This is a non-standard option. As far as the MQTT specification is concerned,
97## persistent clients persist forever.
98## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for
99## day, week, month, and year.
100## 
101## Default: never
102## 
103## Acceptable values:
104##   - text
105## persistent_client_expiration = 1w
106
107## The maximum delay for a last will message. This setting
108## applies only to MQTTv5 sessions and can be used to override the
109## value provided by the client.
110## The delay can be either 'client' which means the value specified by
111## the client is used, or an integer followed by one of 's', 'h' 'd',
112## 'w', 'm', 'y' for day, week, month, and year used to cap the value
113## provided by the client..
114## 
115## Default: client
116## 
117## Acceptable values:
118##   - text
119## max_last_will_delay = client
120
121## The maximum number of QoS 1 or 2 messages that can be in the process of being
122## transmitted simultaneously. This includes messages currently going through handshakes
123## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set
124## to 1, this will guarantee in-order delivery of messages.
125## 
126## Default: 20
127## 
128## Acceptable values:
129##   - an integer
130max_inflight_messages = 20
131
132## The maximum number of messages to hold in the queue above
133## those messages that are currently in flight. Defaults to 1000. This affects
134## messages of any QoS. Set to -1 for no maximum (not recommended).
135## This option allows to control how a specific client session can deal
136## with message bursts. As a general rule of thumb set
137## this number a bit higher than the expected message rate a single consumer is
138## required to process. Note that setting this value to 0 will totally block
139## delivery from any queue.
140## 
141## Default: 1000
142## 
143## Acceptable values:
144##   - an integer
145max_online_messages = 1000
146
147## The maximum number of QoS 1 or 2 messages to hold in the offline queue.
148## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0
149## if no messages should be stored offline.
150## 
151## Default: 1000
152## 
153## Acceptable values:
154##   - an integer
155max_offline_messages = 1000
156
157## This option sets the maximum MQTT size that VerneMQ will
158## allow.  Messages that exceed this size will not be accepted by
159## VerneMQ. The default value is 0, which means that all valid MQTT
160## messages are accepted. MQTT imposes a maximum payload size of
161## 268435455 bytes.
162## 
163## Default: 0
164## 
165## Acceptable values:
166##   - an integer
167max_message_size = 0
168
169## If a message is published with a QoS lower than the QoS of the subscription it is
170## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.
171## 
172## Default: off
173## 
174## Acceptable values:
175##   - on or off
176upgrade_outgoing_qos = off
177
178## listener.tcp.buffer_sizes is an list of three integers
179## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send
180## buffer, the kernel TCP receive buffer and the user-level buffer
181## size in the erlang driver.
182## It is recommended to have val(user-level buffer) >= val(receive
183## buffer) to avoid performance issues because of unnecessary copying.
184## If not set, the operating system defaults are used.
185## This option can be set on the protocol level by:
186## - listener.tcp.buffer_sizes
187## - listener.ssl.buffer_sizes
188## or on the listener level by:
189## - listener.tcp.my_tcp_listener.buffer_sizes
190## - listener.ssl.my_ssl_listener.buffer_sizes
191## 
192## Acceptable values:
193##   - text
194## listener.tcp.buffer_sizes = 4096,16384,32768
195
196## listener.max_connections is an integer or 'infinity' defining
197## the maximum number of concurrent connections. This option can be overridden
198## on the protocol level by:
199## - listener.tcp.max_connections
200## - listener.ssl.max_connections
201## - listener.ws.max_connections
202## - listener.wss.max_connections
203## or on the listener level by:
204## - listener.tcp.my_tcp_listener.max_connections
205## - listener.ssl.my_ssl_listener.max_connections
206## - listener.ws.my_ws_listener.max_connections
207## - listener.wss.my_wss_listener.max_connections
208## 
209## Default: 10000
210## 
211## Acceptable values:
212##   - an integer
213##   - the text "infinity"
214listener.max_connections = 10000
215
216## Set the nr of acceptors waiting to concurrently accept new connections.
217## This can be specified either on the protocol level:
218## - listener.tcp.nr_of_acceptors
219## - listener.ssl.nr_of_acceptors
220## - listener.ws.nr_of_acceptors
221## - listener.wss.nr_of_acceptors
222## or on the listener level:
223## - listener.tcp.my_tcp_listener.nr_of_acceptors
224## - listener.ssl.my_ssl_listener.nr_of_acceptors
225## - listener.ws.my_ws_listener.nr_of_acceptors
226## - listener.wss.my_wss_listener.nr_of_acceptors
227## 
228## Default: 10
229## 
230## Acceptable values:
231##   - an integer
232listener.nr_of_acceptors = 10
233
234## listener.tcp.<name> is an IP address and TCP port that
235## the broker will bind to. You can define multiple listeners e.g:
236## - listener.tcp.default = 127.0.0.1:1883
237## - listener.tcp.internal = 127.0.0.1:10883
238## - listener.tcp.my_other_listener = 127.0.0.1:10884
239## This also works for SSL listeners and WebSocket handlers:
240## listener.ssl.default = 127.0.0.1:8883
241## - listener.ws.default = 127.0.0.1:800
242## - listener.wss.default = 127.0.0.1:880
243## 
244## Default: 127.0.0.1:1883
245## 
246## Acceptable values:
247##   - an IP/port pair, e.g. 127.0.0.1:10011
248listener.tcp.default = 0.0.0.0:1883
249listener.ws.default = 0.0.0.0:7001
250
251listener.wss.cafile = /etc/vernemq/fullchain2.pem
252listener.wss.certfile = /etc/vernemq/cert2.pem
253listener.wss.keyfile = /etc/vernemq/privkey2.pem
254
255listener.wss.default = 0.0.0.0:7000
256
257## 'listener.tcp.allowed_protocol_versions' configures which
258## protocol versions are allowed for an MQTT listener. The allowed
259## protocol versions can be specified the tcp, websocket or ssl level:
260## - listener.tcp.allowed_protocol_versions
261## - listener.ws.allowed_protocol_versions
262## - listener.wss.allowed_protocol_versions
263## - listener.ssl.allowed_protocol_versions
264## or for a specific listener:
265## - listener.tcp.my_tcp_listener.allowed_protocol_versions
266## - listener.ws.my_ws_listener.allowed_protocol_versions
267## - listener.wss.my_ws_listener.allowed_protocol_versions
268## - listener.ssl.my_ws_listener.allowed_protocol_versions
269## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131
270## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).
271## 
272## Default: 3,4,131
273## 
274## Acceptable values:
275##   - text
276## listener.tcp.allowed_protocol_versions = 3,4
277
278## listener.vmq.clustering is the IP address and TCP port that
279## the broker will bind to accept connections from other cluster
280## nodes e.g:
281## - listener.vmq.clustering = 0.0.0.0:18883
282## This also works for SSL listeners:
283## - listener.vmqs.clustering = 0.0.0.0:18884
284## 
285## Default: 0.0.0.0:44053
286## 
287## Acceptable values:
288##   - an IP/port pair, e.g. 127.0.0.1:10011
289listener.vmq.clustering = 0.0.0.0:44053
290
291## listener.http.default is the IP address and TCP port that
292## the broker will bind to accept HTTP connections
293## - listener.http.default = 0.0.0.0:8888
294## This also works for SSL listeners:
295## - listener.https.default= 0.0.0.0:8889
296## 
297## Default: 127.0.0.1:8888
298## 
299## Acceptable values:
300##   - an IP/port pair, e.g. 127.0.0.1:10011
301listener.http.default = 127.0.0.1:8888
302
303## The cafile is used to define the path to a file containing
304## the PEM encoded CA certificates that are trusted. Set the cafile
305## on the protocol level or on the listener level:
306## - listener.ssl.cafile
307## - listener.wss.cafile
308## or on the listener level:
309## - listener.ssl.my_ssl_listener.cafile
310## - listener.wss.my_wss_listener.cafile
311## 
312## Default: 
313## 
314## Acceptable values:
315##   - the path to a file
316## listener.ssl.cafile = /etc/vernemq/cacerts.pem
317
318## 
319## Default: 
320## 
321## Acceptable values:
322##   - the path to a file
323## listener.https.cafile = /etc/vernemq/cacerts.pem
324
325## Set the path to the PEM encoded server certificate
326## on the protocol level or on the listener level:
327## - listener.ssl.certfile
328## - listener.wss.certfile
329## or on the listener level:
330## - listener.ssl.my_ssl_listener.certfile
331## - listener.wss.my_wss_listener.certfile
332## 
333## Default: 
334## 
335## Acceptable values:
336##   - the path to a file
337## listener.ssl.certfile = /etc/vernemq/cert.pem
338
339## 
340## Default: 
341## 
342## Acceptable values:
343##   - the path to a file
344## listener.https.certfile = /etc/vernemq/cert.pem
345
346## Set the path to the PEM encoded key file on the protocol
347## level or on the listener level:
348## - listener.ssl.keyfile
349## - listener.wss.keyfile
350## or on the listener level:
351## - listener.ssl.my_ssl_listener.keyfile
352## - listener.wss.my_wss_listener.keyfile
353## 
354## Default: 
355## 
356## Acceptable values:
357##   - the path to a file
358## listener.ssl.keyfile = /etc/vernemq/key.pem
359
360## 
361## Default: 
362## 
363## Acceptable values:
364##   - the path to a file
365## listener.vmqs.keyfile = /etc/vernemq/key.pem
366
367## 
368## Default: 
369## 
370## Acceptable values:
371##   - the path to a file
372## listener.https.keyfile = /etc/vernemq/key.pem
373
374## Set the list of allowed ciphers (each separated with a colon,
375## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),
376## on the protocol level or on the listener level. Reasonable defaults
377## are used if nothing is specified:
378## - listener.ssl.ciphers
379## - listener.wss.ciphers
380## or on the listener level:
381## - listener.ssl.my_ssl_listener.ciphers
382## - listener.wss.my_wss_listener.ciphers
383## 
384## Default: 
385## 
386## Acceptable values:
387##   - text
388## listener.ssl.ciphers = 
389
390## 
391## Default: 
392## 
393## Acceptable values:
394##   - text
395## listener.vmqs.ciphers = 
396
397## 
398## Default: 
399## 
400## Acceptable values:
401##   - text
402## listener.https.ciphers = 
403
404## If you have 'listener.ssl.require_certificate' set to true,
405## you can create a certificate revocation list file to revoke access
406## to particular client certificates. If you have done this, use crlfile
407## to point to the PEM encoded revocation file. This can be done on the
408## protocol level or on the listener level.
409## - listener.ssl.crlfile
410## - listener.wss.crlfile
411## or on the listener level:
412## - listener.ssl.my_ssl_listener.crlfile
413## - listener.wss.my_wss_listener.crlfile
414## 
415## Default: 
416## 
417## Acceptable values:
418##   - the path to a file
419## listener.ssl.crlfile = 
420
421## Enable this option if you want to use SSL client certificates
422## to authenticate your clients. This can be done on the protocol level
423## or on the listener level.
424## - listener.ssl.require_certificate
425## - listener.wss.require_certificate
426## or on the listener level:
427## - listener.ssl.my_ssl_listener.require_certificate
428## - listener.wss.my_wss_listener.require_certificate
429## 
430## Default: off
431## 
432## Acceptable values:
433##   - on or off
434## listener.ssl.require_certificate = off
435
436## 
437## Default: off
438## 
439## Acceptable values:
440##   - on or off
441## listener.vmqs.require_certificate = off
442
443## 
444## Default: off
445## 
446## Acceptable values:
447##   - on or off
448## listener.https.require_certificate = off
449
450## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
451## 
452## Default: tlsv1.2
453## 
454## Acceptable values:
455##   - text
456## listener.ssl.tls_version = tlsv1.2
457
458## 
459## Default: tlsv1.2
460## 
461## Acceptable values:
462##   - text
463## listener.vmqs.tls_version = tlsv1.2
464
465## 
466## Default: tlsv1.2
467## 
468## Acceptable values:
469##   - text
470## listener.https.tls_version = tlsv1.2
471
472## If 'listener.ssl.require_certificate' is enabled, you may enable
473## 'listener.ssl.use_identity_as_username' to use the CN value from the client
474## certificate as a username. If enabled other authentication plugins are not
475## considered. The option can be specified either for all SSL listeners or for
476## a specific listener:
477## - listener.ssl.use_identity_as_username
478## - listener.wss.use_identity_as_username
479## or on the listener level:
480## - listener.ssl.my_ssl_listener.use_identity_as_username
481## - listener.wss.my_wss_listener.use_identity_as_username
482## 
483## Default: off
484## 
485## Acceptable values:
486##   - on or off
487## listener.ssl.use_identity_as_username = off
488
489## Enable the $SYSTree Reporter.
490## 
491## Default: on
492## 
493## Acceptable values:
494##   - on or off
495systree_enabled = on
496
497## The integer number of milliseconds between updates of the $SYS subscription hierarchy,
498## which provides status information about the broker. If unset, defaults to 20 seconds.
499## Set to 0 to disable publishing the $SYS hierarchy completely.
500## 
501## Default: 20000
502## 
503## Acceptable values:
504##   - an integer
505systree_interval = 20000
506
507## Enable the Graphite Reporter. Ensure to also configure a
508## proper graphite.host
509## 
510## Default: off
511## 
512## Acceptable values:
513##   - on or off
514graphite_enabled = off
515
516## the graphite server host name
517## 
518## Default: localhost
519## 
520## Acceptable values:
521##   - text
522graphite_host = localhost
523
524## the tcp port of the graphite server
525## 
526## Default: 2003
527## 
528## Acceptable values:
529##   - an integer
530graphite_port = 2003
531
532## the interval we push metrics to the graphite server in ms
533## 
534## Default: 20000
535## 
536## Acceptable values:
537##   - an integer
538graphite_interval = 20000
539
540## set the prefix that is applied to all metrics reported to graphite
541## 
542## Default: 
543## 
544## Acceptable values:
545##   - text
546## graphite_prefix = my-prefix
547
548## the graphite server api key, e.g. used by hostedgraphite.com
549## 
550## Default: 
551## 
552## Acceptable values:
553##   - text
554## graphite_api_key = My-Api-Key
555
556## Distribution policy for shared subscriptions. Default is
557## 'prefer_local' which will ensure that local subscribers will be
558## used if any are available. 'local_only' will select a random local
559## subscriber if any are available. 'random' will randomly choose
560## between all available subscribers.
561## 
562## Default: prefer_local
563## 
564## Acceptable values:
565##   - text
566shared_subscription_policy = prefer_local
567
568## plugins.<plugin> enables/disables a plugin.
569## Plugin specific settings are set via the plugin itself, i.e., to
570## set the 'file' setting for the myplugin plugin, add a line like:
571## myplugin.file = /path/to/file
572## 
573## Acceptable values:
574##   - on or off
575## plugins.name = on
576
577## plugins.<name>.path defines the location of the plugin
578## associated with <name>. This is needed for plugins that are not
579## shipped with VerneMQ.
580## 
581## Acceptable values:
582##   - the path to a directory
583## plugins.mypluginname.path = /path/to/myplugin
584
585## plugins.<name>.priority defines the load order of the
586## plugins. Plugins are loaded by priority. If no priority is given
587## the load order is undefined. Prioritized plugins will always be
588## loaded before plugins with no defined priority.
589## 
590## Acceptable values:
591##   - an integer
592## plugins.mypluginname.priority = 5
593
594## File based authentication plugin.
595## 
596## Default: on
597## 
598## Acceptable values:
599##   - on or off
600plugins.vmq_passwd = off
601
602## File based authorization plugin.
603## 
604## Default: on
605## 
606## Acceptable values:
607##   - on or off
608plugins.vmq_acl = off
609
610## Lua based plugins.
611## 
612## Default: off
613## 
614## Acceptable values:
615##   - on or off
616plugins.vmq_diversity = on
617
618## Webhook based plugins.
619## 
620## Default: off
621## 
622## Acceptable values:
623##   - on or off
624plugins.vmq_webhooks = off
625
626## The VerneMQ bridge plugin.
627## 
628## Default: off
629## 
630## Acceptable values:
631##   - on or off
632plugins.vmq_bridge = off
633
634## Specifies the metadata plugin that is used for storing and replicating
635## VerneMQ metadata objects such as MQTT subscriptions and retained messages.
636## The default is `vmq_plumtree` which is stable and shows good performance
637## results for most use cases.
638## `vmq_swc` is still in Beta, but will likely deprecate `vmq_plumtree` in the
639## next major version (2.0). `vmq_swc` aims to overcome multiple scalability
640## limitations that can be observed with `vmq_plumtree`.
641## 
642## Default: vmq_plumtree
643## 
644## Acceptable values:
645##   - one of: vmq_plumtree, vmq_swc
646metadata_plugin = vmq_plumtree
647
648## Set the path to an access control list file.
649## 
650## Default: /etc/vernemq/vmq.acl
651## 
652## Acceptable values:
653##   - the path to a file
654vmq_acl.acl_file = /etc/vernemq/vmq.acl
655
656## set the acl reload interval in seconds, the value 0 disables
657## the automatic reloading of the acl file.
658## 
659## Default: 10
660## 
661## Acceptable values:
662##   - an integer
663vmq_acl.acl_reload_interval = 10
664
665## Set the path to a password file.
666## 
667## Default: /etc/vernemq/vmq.passwd
668## 
669## Acceptable values:
670##   - the path to a file
671vmq_passwd.password_file = /etc/vernemq/vmq.passwd
672
673## set the password reload interval in seconds, the value 0
674## disables the automatic reloading of the password file.
675## 
676## Default: 10
677## 
678## Acceptable values:
679##   - an integer
680vmq_passwd.password_reload_interval = 10
681
682## Configure the vmq_diversity plugin script dir. The script dir
683## is searched for Lua scripts which are automatically loaded when the
684## plugin is enabled.
685## 
686## Default: /usr/share/vernemq/lua
687## 
688## Acceptable values:
689##   - the path to a directory
690vmq_diversity.script_dir = /usr/share/vernemq/lua
691
692## 
693## Default: off
694## 
695## Acceptable values:
696##   - on or off
697vmq_diversity.auth_postgres.enabled = off
698
699## 
700## Default: localhost
701## 
702## Acceptable values:
703##   - text
704## vmq_diversity.postgres.host = localhost
705
706## 
707## Default: 5432
708## 
709## Acceptable values:
710##   - an integer
711## vmq_diversity.postgres.port = 5432
712
713## 
714## Default: root
715## 
716## Acceptable values:
717##   - text
718## vmq_diversity.postgres.user = root
719
720## 
721## Default: password
722## 
723## Acceptable values:
724##   - text
725## vmq_diversity.postgres.password = password
726
727## 
728## Default: vernemq_db
729## 
730## Acceptable values:
731##   - text
732## vmq_diversity.postgres.database = vernemq_db
733
734## Specify if the postgresql driver should use TLS or not.
735## 
736## Default: off
737## 
738## Acceptable values:
739##   - on or off
740vmq_diversity.postgres.ssl = off
741
742## The cafile is used to define the path to a file containing
743## the PEM encoded CA certificates that are trusted.
744## 
745## Default: 
746## 
747## Acceptable values:
748##   - the path to a file
749## vmq_diversity.postgres.cafile = /etc/vernemq/cafile.pem
750
751## Set the path to the PEM encoded server certificate.
752## 
753## Default: 
754## 
755## Acceptable values:
756##   - the path to a file
757## vmq_diversity.postgres.certfile = /etc/vernemq/cert.pem
758
759## Set the path to the PEM encoded key file.
760## 
761## Default: 
762## 
763## Acceptable values:
764##   - the path to a file
765## vmq_diversity.postgres.keyfile = /etc/vernemq/keyfile.pem
766
767## The password hashing method to use in PostgreSQL:
768## 
769## Default: crypt
770## 
771## Acceptable values:
772##   - one of: crypt, bcrypt
773vmq_diversity.postgres.password_hash_method = crypt
774
775## 
776## Default: off
777## 
778## Acceptable values:
779##   - on or off
780vmq_diversity.auth_cockroachdb.enabled = off
781
782## 
783## Default: localhost
784## 
785## Acceptable values:
786##   - text
787## vmq_diversity.cockroachdb.host = localhost
788
789## 
790## Default: 5432
791## 
792## Acceptable values:
793##   - an integer
794## vmq_diversity.cockroachdb.port = 5432
795
796## 
797## Default: root
798## 
799## Acceptable values:
800##   - text
801## vmq_diversity.cockroachdb.user = root
802
803## 
804## Default: password
805## 
806## Acceptable values:
807##   - text
808## vmq_diversity.cockroachdb.password = password
809
810## 
811## Default: vernemq_db
812## 
813## Acceptable values:
814##   - text
815## vmq_diversity.cockroachdb.database = vernemq_db
816
817## Specify if the cockroachdb driver should use TLS or not.
818## 
819## Default: on
820## 
821## Acceptable values:
822##   - on or off
823vmq_diversity.cockroachdb.ssl = on
824
825## The cafile is used to define the path to a file containing
826## the PEM encoded CA certificates that are trusted.
827## 
828## Default: 
829## 
830## Acceptable values:
831##   - the path to a file
832## vmq_diversity.cockroachdb.cafile = /etc/vernemq/cafile.pem
833
834## Set the path to the PEM encoded server certificate.
835## 
836## Default: 
837## 
838## Acceptable values:
839##   - the path to a file
840## vmq_diversity.cockroachdb.certfile = /etc/vernemq/cert.pem
841
842## Set the path to the PEM encoded key file.
843## 
844## Default: 
845## 
846## Acceptable values:
847##   - the path to a file
848## vmq_diversity.cockroachdb.keyfile = /etc/vernemq/keyfile.pem
849
850## The password hashing method to use in CockroachDB:
851## 
852## Default: bcrypt
853## 
854## Acceptable values:
855##   - one of: sha256, bcrypt
856vmq_diversity.cockroachdb.password_hash_method = bcrypt
857
858## 
859## Default: off
860## 
861## Acceptable values:
862##   - on or off
863vmq_diversity.auth_mysql.enabled = off
864
865## 
866## Default: localhost
867## 
868## Acceptable values:
869##   - text
870## vmq_diversity.mysql.host = localhost
871
872## 
873## Default: 3306
874## 
875## Acceptable values:
876##   - an integer
877## vmq_diversity.mysql.port = 3306
878
879## 
880## Default: root
881## 
882## Acceptable values:
883##   - text
884## vmq_diversity.mysql.user = root
885
886## 
887## Default: password
888## 
889## Acceptable values:
890##   - text
891## vmq_diversity.mysql.password = password
892
893## 
894## Default: vernemq_db
895## 
896## Acceptable values:
897##   - text
898## vmq_diversity.mysql.database = vernemq_db
899
900## The password hashing method to use in MySQL:
901## password: Default for compatibility, deprecated since MySQL 5.7.6 and not
902## usable with MySQL 8.0.11+.
903## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password
904## md5: Calculates an MD5 128-bit checksum of the password.
905## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5
906## sha1: Calculates the SHA-1 160-bit checksum for the password.
907## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1
908## sha256: Calculates the SHA-2 hash of the password, using 256 bits.
909## Works only if MySQL has been configured with SSL support.
910## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
911## 
912## Default: password
913## 
914## Acceptable values:
915##   - one of: password, md5, sha1, sha256
916vmq_diversity.mysql.password_hash_method = password
917
918## 
919## Default: off
920## 
921## Acceptable values:
922##   - on or off
923vmq_diversity.auth_mongodb.enabled = off
924
925## 
926## Default: localhost
927## 
928## Acceptable values:
929##   - text
930## vmq_diversity.mongodb.host = localhost
931
932## 
933## Default: 27017
934## 
935## Acceptable values:
936##   - an integer
937## vmq_diversity.mongodb.port = 27017
938
939## 
940## Acceptable values:
941##   - text
942## vmq_diversity.mongodb.login = 
943
944## 
945## Acceptable values:
946##   - text
947## vmq_diversity.mongodb.password = 
948
949## 
950## Acceptable values:
951##   - text
952## vmq_diversity.mongodb.database = 
953
954## Specify if the mongodb driver should use TLS or not.
955## 
956## Default: off
957## 
958## Acceptable values:
959##   - on or off
960vmq_diversity.mongodb.ssl = off
961
962## The cafile is used to define the path to a file containing
963## the PEM encoded CA certificates that are trusted.
964## 
965## Default: 
966## 
967## Acceptable values:
968##   - the path to a file
969## vmq_diversity.mongodb.cafile = /etc/vernemq/cafile.pem
970
971## Set the path to the PEM encoded server certificate.
972## 
973## Default: 
974## 
975## Acceptable values:
976##   - the path to a file
977## vmq_diversity.mongodb.certfile = /etc/vernemq/cert.pem
978
979## Set the path to the PEM encoded key file.
980## 
981## Default: 
982## 
983## Acceptable values:
984##   - the path to a file
985## vmq_diversity.mongodb.keyfile = /etc/vernemq/keyfile.pem
986
987## 
988## Default: off
989## 
990## Acceptable values:
991##   - on or off
992vmq_diversity.auth_redis.enabled = on
993
994## 
995## Default: localhost
996## 
997## Acceptable values:
998##   - text
999vmq_diversity.redis.host = 127.0.0.1
1000
1001## 
1002## Default: 6379
1003## 
1004## Acceptable values:
1005##   - an integer
1006vmq_diversity.redis.port = 6379
1007
1008## 
1009## Default: 
1010## 
1011## Acceptable values:
1012##   - text
1013vmq_diversity.redis.password = MJvS6kHtqB
1014
1015## 
1016## Default: 0
1017## 
1018## Acceptable values:
1019##   - an integer
1020## vmq_diversity.redis.database = 0
1021
1022## 
1023## Default: localhost
1024## 
1025## Acceptable values:
1026##   - text
1027## vmq_diversity.memcache.host = localhost
1028
1029## 
1030## Default: 11211
1031## 
1032## Acceptable values:
1033##   - an integer
1034## vmq_diversity.memcache.port = 11211
1035
1036## vmq_diversity.<name>.plugin = <file> loads a specific lua
1037## script when `vmq_diversity` starts. The scripts are loaded in the
1038## order defined by the names given, i.e., the script with <name>
1039## 'script1' is started before the plugin with <name> 'script2'.
1040## 
1041## Acceptable values:
1042##   - the path to a file
1043## vmq_diversity.script1.file = path/to/my/script.lua
1044
1045## The pool_size specifies how many bcrypt operations that are
1046## allowed concurrently. The value `auto` will try to detect all
1047## logical cpus and set the pool size to that number. If the number of
1048## logical cpus cannot be detected, a value of 1 is used.
1049## 
1050## Default: 1
1051## 
1052## Acceptable values:
1053##   - an integer
1054##   - one of: auto
1055vmq_bcrypt.pool_size = 1
1056
1057## To configure and register a webhook a hook and an endpoint
1058## need to be configured and this is achieved by associating both with
1059## a name. vmq_webhooks.<name>.hook = <hook> associates the hook
1060## <hook> with the name <name>. Webhooks are registered in the order
1061## of the name given to it. Therefore a webhook with name 'webhook1'
1062## is regisered before a webhook with the name 'webhook2'.
1063## 
1064## Acceptable values:
1065##   - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5
1066## vmq_webhooks.webhook1.hook = auth_on_register
1067
1068## Associate an endpoint with a name.
1069## 
1070## Acceptable values:
1071##   - text
1072## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints
1073
1074## Specify the address and port of the bridge to connect to. Several
1075## bridges can configured by using different bridge names (e.g. br0). If the
1076## connection supports SSL encryption bridge.ssl.<name> can be used.
1077## 
1078## Acceptable values:
1079##   - text
1080## vmq_bridge.tcp.br0 = 127.0.0.1:1889
1081
1082## Set the clean session option for the bridge. By default this is disabled,
1083## which means that all subscriptions on the remote broker are kept in case of
1084## the network connection dropping. If enabled, all subscriptions and messages
1085## on the remote broker will be cleaned up if the connection drops.
1086## 
1087## Default: off
1088## 
1089## Acceptable values:
1090##   - on or off
1091## vmq_bridge.tcp.br0.cleansession = off
1092
1093## Set the client id for this bridge connection. If not defined, this
1094## defaults to 'name.hostname', where name is the connection name and hostname
1095## is the hostname of this computer.
1096## 
1097## Default: auto
1098## 
1099## Acceptable values:
1100##   - text
1101## vmq_bridge.tcp.br0.client_id = auto
1102
1103## Set the number of seconds after which the bridge should send a ping if
1104## no other traffic has occurred.
1105## 
1106## Default: 60
1107## 
1108## Acceptable values:
1109##   - an integer
1110## vmq_bridge.tcp.br0.keepalive_interval = 60
1111
1112## Configure a username for the bridge. This is used for authentication
1113## purposes when connecting to a broker that support MQTT v3.1 and requires a
1114## username and/or password to connect. See also the password option.
1115## 
1116## Acceptable values:
1117##   - text
1118## vmq_bridge.tcp.br0.username = my_remote_user
1119
1120## Configure a password for the bridge. This is used for authentication
1121## purposes when connecting to a broker that support MQTT v3.1 and requires a
1122## username and/or password to connect. This option is only valid if a username
1123## is also supplied.
1124## 
1125## Acceptable values:
1126##   - text
1127## vmq_bridge.tcp.br0.password = my_remote_password
1128
1129## Define one or more topic pattern to be shared between the two brokers.
1130## Any topics matching the pattern (including wildcards) are shared.
1131## The following format is used:
1132## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]
1133## [ out | in | both ]: specifies that this bridge exports messages (out), imports
1134## messages (in) or shared in both directions (both). If undefined we default to
1135## export (out).
1136## qos-level: specifies the publish/subscribe QoS level used for this
1137## toppic. If undefined we default to QoS 0.
1138## local-prefix and remote-prefix: For incoming topics, the bridge
1139## will prepend the pattern with the remote prefix and subscribe to
1140## the resulting topic on the remote broker.  When a matching
1141## incoming message is received, the remote prefix will be removed
1142## from the topic and then the local prefix added.
1143## For outgoing topics, the bridge will prepend the pattern with the
1144## local prefix and subscribe to the resulting topic on the local
1145## broker. When an outgoing message is processed, the local prefix
1146## will be removed from the topic then the remote prefix added.
1147## For shared subscriptions topic prefixes are applied only to the
1148## topic part of the subscription.
1149## 
1150## Acceptable values:
1151##   - text
1152## vmq_bridge.tcp.br0.topic.1 = topic
1153
1154## Set the amount of time a bridge using the automatic start type will wait
1155## until attempting to reconnect. Defaults to 30 seconds.
1156## 
1157## Default: 10
1158## 
1159## Acceptable values:
1160##   - an integer
1161## vmq_bridge.tcp.br0.restart_timeout = 10
1162
1163## If try_private is enabled, the bridge will attempt to indicate to the
1164## remote broker that it is a bridge not an ordinary client.
1165## Note that loop detection for bridges is not yet implemented.
1166## 
1167## Default: on
1168## 
1169## Acceptable values:
1170##   - on or off
1171## vmq_bridge.tcp.br0.try_private = on
1172
1173## Set the MQTT protocol version to be used by the bridge.
1174## 
1175## Default: 3
1176## 
1177## Acceptable values:
1178##   - one of: 3, 4
1179## vmq_bridge.tcp.br0.mqtt_version = on
1180
1181## Maximum number of outgoing messages the bridge will buffer
1182## while not connected to the remote broker. Messages published while
1183## the buffer is full are dropped. A value of 0 means buffering is
1184## disabled.
1185## 
1186## Default: 0
1187## 
1188## Acceptable values:
1189##   - an integer
1190## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0
1191
1192## The cafile is used to define the path to a file containing
1193## the PEM encoded CA certificates that are trusted.
1194## 
1195## Default: 
1196## 
1197## Acceptable values:
1198##   - the path to a file
1199## vmq_bridge.ssl.sbr0.cafile = /etc/vernemq/cacerts.pem
1200
1201## Set the path to the PEM encoded server certificate.
1202## 
1203## Default: 
1204## 
1205## Acceptable values:
1206##   - the path to a file
1207## vmq_bridge.ssl.sbr0.certfile = /etc/vernemq/cert.pem
1208
1209## Set the path to the PEM encoded key file.
1210## 
1211## Default: 
1212## 
1213## Acceptable values:
1214##   - the path to a file
1215## vmq_bridge.ssl.sbr0.keyfile = /etc/vernemq/key.pem
1216
1217## When using certificate based TLS, the bridge will attempt to verify the
1218## hostname provided in the remote certificate matches the host/address being
1219## connected to. This may cause problems in testing scenarios, so this option
1220## may be enabled to disable the hostname verification.
1221## Setting this option to true means that a malicious third party could
1222## potentially inpersonate your server, so it should always be disabled in
1223## production environments.
1224## 
1225## Default: off
1226## 
1227## Acceptable values:
1228##   - on or off
1229## vmq_bridge.ssl.sbr0.insecure = off
1230
1231## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
1232## used for this bridge.
1233## 
1234## Default: tlsv1.2
1235## 
1236## Acceptable values:
1237##   - text
1238## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2
1239
1240## Pre-shared-key encryption provides an alternative to certificate based
1241## encryption. This option specifies the identity used.
1242## 
1243## Default: 
1244## 
1245## Acceptable values:
1246##   - text
1247## vmq_bridge.ssl.sbr0.identity = 
1248
1249## Pre-shared-key encryption provides an alternative to certificate based
1250## encryption. This option specifies the shared secret used in hexadecimal
1251## format without leading '0x'.
1252## 
1253## Default: 
1254## 
1255## Acceptable values:
1256##   - text
1257## vmq_bridge.ssl.sbr0.psk = 
1258
1259## Where to emit the default log messages (typically at 'info'
1260## severity):
1261## off: disabled
1262## file: the file specified by log.console.file
1263## console: to standard output (seen when using `vmq attach-direct`)
1264## both: log.console.file and standard out.
1265## 
1266## Default: file
1267## 
1268## Acceptable values:
1269##   - one of: off, file, console, both
1270log.console = file
1271
1272## The severity level of the console log, default is 'info'.
1273## 
1274## Default: info
1275## 
1276## Acceptable values:
1277##   - one of: debug, info, warning, error
1278log.console.level = info
1279
1280## When 'log.console' is set to 'file' or 'both', the file where
1281## console messages will be logged.
1282## 
1283## Default: /var/log/vernemq/console.log
1284## 
1285## Acceptable values:
1286##   - the path to a file
1287log.console.file = /var/log/vernemq/console.log
1288
1289## The file where error messages will be logged.
1290## 
1291## Default: /var/log/vernemq/error.log
1292## 
1293## Acceptable values:
1294##   - the path to a file
1295log.error.file = /var/log/vernemq/error.log
1296
1297## When set to 'on', enables log output to syslog.
1298## 
1299## Default: off
1300## 
1301## Acceptable values:
1302##   - on or off
1303log.syslog = off
1304
1305## Whether to enable the crash log.
1306## 
1307## Default: on
1308## 
1309## Acceptable values:
1310##   - on or off
1311log.crash = on
1312
1313## If the crash log is enabled, the file where its messages will
1314## be written.
1315## 
1316## Default: /var/log/vernemq/crash.log
1317## 
1318## Acceptable values:
1319##   - the path to a file
1320log.crash.file = /var/log/vernemq/crash.log
1321
1322## Maximum size in bytes of individual messages in the crash log
1323## 
1324## Default: 64KB
1325## 
1326## Acceptable values:
1327##   - a byte size with units, e.g. 10GB
1328log.crash.maximum_message_size = 64KB
1329
1330## Maximum size of the crash log in bytes, before it is rotated
1331## 
1332## Default: 10MB
1333## 
1334## Acceptable values:
1335##   - a byte size with units, e.g. 10GB
1336log.crash.size = 10MB
1337
1338## The schedule on which to rotate the crash log. For more
1339## information see:
1340## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
1341## 
1342## Default: $D0
1343## 
1344## Acceptable values:
1345##   - text
1346log.crash.rotation = $D0
1347
1348## The number of rotated crash logs to keep. When set to
1349## 'current', only the current open log file is kept.
1350## 
1351## Default: 5
1352## 
1353## Acceptable values:
1354##   - an integer
1355##   - the text "current"
1356log.crash.rotation.keep = 5
1357
1358## Name of the Erlang node
1359## 
1360## Default: VerneMQ@127.0.0.1
1361## 
1362## Acceptable values:
1363##   - text
1364nodename = VerneMQ@127.0.0.1
1365
1366## Cookie for distributed node communication.  All nodes in the
1367## same cluster should use the same cookie or they will not be able to
1368## communicate.
1369## IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT!
1370## 
1371## Default: vmq
1372## 
1373## Acceptable values:
1374##   - text
1375distributed_cookie = vmq
1376
1377## Sets the number of threads in async thread pool, valid range
1378## is 0-1024. If thread support is available, the default is 64.
1379## More information at: http://erlang.org/doc/man/erl.html
1380## 
1381## Default: 64
1382## 
1383## Acceptable values:
1384##   - an integer
1385erlang.async_threads = 64
1386
1387## The number of concurrent ports/sockets
1388## Valid range is 1024-134217727
1389## 
1390## Default: 262144
1391## 
1392## Acceptable values:
1393##   - an integer
1394erlang.max_ports = 262144
1395
1396## Set scheduler forced wakeup interval. All run queues will be
1397## scanned each Interval milliseconds. While there are sleeping
1398## schedulers in the system, one scheduler will be woken for each
1399## non-empty run queue found. An Interval of zero disables this
1400## feature, which also is the default.
1401## This feature is a workaround for lengthy executing native code, and
1402## native code that do not bump reductions properly.
1403## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
1404## 
1405## Acceptable values:
1406##   - an integer
1407## erlang.schedulers.force_wakeup_interval = 500
1408
1409## Enable or disable scheduler compaction of load. By default
1410## scheduler compaction of load is enabled. When enabled, load
1411## balancing will strive for a load distribution which causes as many
1412## scheduler threads as possible to be fully loaded (i.e., not run out
1413## of work). This is accomplished by migrating load (e.g. runnable
1414## processes) into a smaller set of schedulers when schedulers
1415## frequently run out of work. When disabled, the frequency with which
1416## schedulers run out of work will not be taken into account by the
1417## load balancing logic.
1418## More information: http://www.erlang.org/doc/man/erl.html#+scl
1419## 
1420## Acceptable values:
1421##   - one of: true, false
1422## erlang.schedulers.compaction_of_load = false
1423
1424## Enable or disable scheduler utilization balancing of load. By
1425## default scheduler utilization balancing is disabled and instead
1426## scheduler compaction of load is enabled which will strive for a
1427## load distribution which causes as many scheduler threads as
1428## possible to be fully loaded (i.e., not run out of work). When
1429## scheduler utilization balancing is enabled the system will instead
1430## try to balance scheduler utilization between schedulers. That is,
1431## strive for equal scheduler utilization on all schedulers.
1432## More information: http://www.erlang.org/doc/man/erl.html#+sub
1433## 
1434## Acceptable values:
1435##   - one of: true, false
1436## erlang.schedulers.utilization_balancing = true
1437
1438## This parameter defines the percentage of total server memory
1439## to assign to LevelDB. LevelDB will dynamically adjust its internal
1440## cache sizes to stay within this size.  The memory size can
1441## alternately be assigned as a byte count via leveldb.maximum_memory
1442## instead.
1443## 
1444## Default: 70
1445## 
1446## Acceptable values:
1447##   - an integer
1448leveldb.maximum_memory.percent = 70
1449
1450