Y5aatYjY

1[general]
2# Log level
3#
4# debug=5, info=4, warning=3, error=2, fatal=1, panic=0
5log_level=4
6
7# The number of times passwords must be hashed. A higher number is safer as
8# an attack takes more time to perform.
9password_hash_iterations=100000
10
11
12# PostgreSQL settings.
13#
14# Please note that PostgreSQL 9.5+ is required.
15[postgresql]
16# PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable).
17#
18# Besides using an URL (e.g. 'postgres://user:password@hostname/database?sslmode=disable')
19# it is also possible to use the following format:
20# 'user=chirpstack_as dbname=chirpstack_as sslmode=disable'.
21#
22# The following connection parameters are supported:
23#
24# * dbname - The name of the database to connect to
25# * user - The user to sign in as
26# * password - The user's password
27# * host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)
28# * port - The port to bind to. (default is 5432)
29# * sslmode - Whether or not to use SSL (default is require, this is not the default for libpq)
30# * fallback_application_name - An application_name to fall back to if one isn't provided.
31# * connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
32# * sslcert - Cert file location. The file must contain PEM encoded data.
33# * sslkey - Key file location. The file must contain PEM encoded data.
34# * sslrootcert - The location of the root certificate file. The file must contain PEM encoded data.
35#
36# Valid values for sslmode are:
37#
38# * disable - No SSL
39# * require - Always SSL (skip verification)
40# * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
41# * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
42dsn="postgres://localhost/chirpstack_as?sslmode=disable"
43
44# Automatically apply database migrations.
45#
46# It is possible to apply the database-migrations by hand
47# (see https://github.com/brocaar/chirpstack-application-server/tree/master/migrations)
48# or let ChirpStack Application Server migrate to the latest state automatically, by using
49# this setting. Make sure that you always make a backup when upgrading Lora
50# App Server and / or applying migrations.
51automigrate=true
52
53# Max open connections.
54#
55# This sets the max. number of open connections that are allowed in the
56# PostgreSQL connection pool (0 = unlimited).
57max_open_connections=0
58
59# Max idle connections.
60#
61# This sets the max. number of idle connections in the PostgreSQL connection
62# pool (0 = no idle connections are retained).
63max_idle_connections=2
64
65
66# Redis settings
67#
68# Please note that Redis 2.6.0+ is required.
69[redis]
70# Redis url (e.g. redis://user:password@hostname/0)
71#
72# For more information about the Redis URL format, see:
73# https://www.iana.org/assignments/uri-schemes/prov/redis
74url="redis://localhost:6379"
75
76# Max idle connections in the pool.
77max_idle=10
78
79# Idle timeout.
80#
81# Close connections after remaining idle for this duration. If the value
82# is zero, then idle connections are not closed. You should set
83# the timeout to a value less than the server's timeout.
84idle_timeout="5m0s"
85
86
87# Application-server settings.
88[application_server]
89# Application-server identifier.
90#
91# Random UUID defining the id of the application-server installation (used by
92# ChirpStack Network Server as routing-profile id).
93# For now it is recommended to not change this id.
94id="6d5db27e-4ce2-4b2b-b5d7-91f069397978"
95
96
97  # JavaScript codec settings.
98  [application_server.codec.js]
99  # Maximum execution time.
100  max_execution_time="100ms"
101
102
103  # Integration configures the data integration.
104  #
105  # This is the data integration which is available for all applications,
106  # besides the extra integrations that can be added on a per-application
107  # basis.
108  [application_server.integration]
109  # Payload marshaler.
110  #
111  # This defines how the MQTT payloads are encoded. Valid options are:
112  # * protobuf:  Protobuf encoding
113  # * json:      JSON encoding (easier for debugging, but less compact than 'protobuf')
114  # * json_v3:   v3 JSON (will be removed in the next major release)
115  marshaler="json_v3"
116
117
118  # Enabled integrations.
119  #
120  # Enabled integrations are enabled for all applications. Multiple
121  # integrations can be configured.
122  # Do not forget to configure the related configuration section below for
123  # the enabled integrations. Integrations that can be enabled are:
124  # * mqtt              - MQTT broker
125  # * aws_sns           - AWS Simple Notification Service (SNS)
126  # * azure_service_bus - Azure Service-Bus
127  # * gcp_pub_sub       - Google Cloud Pub/Sub
128  # * postgresql        - PostgreSQL database
129  enabled=["mqtt"]
130
131
132  # MQTT integration backend.
133  [application_server.integration.mqtt]
134  # MQTT topic templates for the different MQTT topics.
135  #
136  # The meaning of these topics are documented at:
137  # https://www.chirpstack.io/application-server/integrate/data/
138  #
139  # The following substitutions can be used:
140  # * "{{ .ApplicationID }}" for the application id.
141  # * "{{ .DevEUI }}" for the DevEUI of the device.
142  #
143  # Note: the downlink_topic_template must contain both the application id and
144  # DevEUI substitution!
145  uplink_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/rx"
146  downlink_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/tx"
147  join_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/join"
148  ack_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/ack"
149  error_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/error"
150  status_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/status"
151  location_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/location"
152
153  # Retained messages configuration.
154  #
155  # The MQTT broker will store the last publised message, when retained message is set
156  # to true. When a client subscribes to a topic with retained message set to true, it will
157  # always receive the last published message.
158  uplink_retained_message=false
159  join_retained_message=false
160  ack_retained_message=false
161  error_retained_message=false
162  status_retained_message=false
163  location_retained_message=false
164
165  # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
166  server="tcp://localhost:1883"
167
168  # Connect with the given username (optional)
169  username=""
170
171  # Connect with the given password (optional)
172  password=""
173
174  # Quality of service level
175  #
176  # 0: at most once
177  # 1: at least once
178  # 2: exactly once
179  #
180  # Note: an increase of this value will decrease the performance.
181  # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels
182  qos=0
183
184  # Clean session
185  #
186  # Set the "clean session" flag in the connect message when this client
187  # connects to an MQTT broker. By setting this flag you are indicating
188  # that no messages saved by the broker for this client should be delivered.
189  clean_session=true
190
191  # Client ID
192  #
193  # Set the client id to be used by this client when connecting to the MQTT
194  # broker. A client id must be no longer than 23 characters. When left blank,
195  # a random id will be generated. This requires clean_session=true.
196  client_id=""
197
198  # CA certificate file (optional)
199  #
200  # Use this when setting up a secure connection (when server uses ssl://...)
201  # but the certificate used by the server is not trusted by any CA certificate
202  # on the server (e.g. when self generated).
203  ca_cert=""
204
205  # TLS certificate file (optional)
206  tls_cert=""
207
208  # TLS key file (optional)
209  tls_key=""
210
211
212  # AWS Simple Notification Service (SNS)
213  [application_server.integration.aws_sns]
214  # AWS region.
215  #
216  # Example: "eu-west-1".
217  # See also: https://docs.aws.amazon.com/general/latest/gr/rande.html.
218  aws_region=""
219
220  # AWS Access Key ID.
221  aws_access_key_id=""
222
223  # AWS Secret Access Key.
224  aws_secret_access_key=""
225
226  # Topic ARN (SNS).
227  topic_arn=""
228
229
230  # Azure Service-Bus integration.
231  [application_server.integration.azure_service_bus]
232  # Connection string.
233  #
234  # The connection string can be found / created in the Azure console under
235  # Settings -> Shared access policies. The policy must contain Manage & Send.
236  connection_string=""
237
238  # Publish mode.
239  #
240  # Select either "topic", or "queue".
241  publish_mode=""
242
243  # Publish name.
244  #
245  # The name of the topic or queue.
246  publish_name=""
247
248
249  # Google Cloud Pub/Sub integration.
250  [application_server.integration.gcp_pub_sub]
251  # Path to the IAM service-account credentials file.
252  #
253  # Note: this service-account must have the following Pub/Sub roles:
254  #  * Pub/Sub Editor
255  credentials_file=""
256
257  # Google Cloud project id.
258  project_id=""
259
260  # Pub/Sub topic name.
261  topic_name=""
262
263
264  # PostgreSQL database integration.
265  [application_server.integration.postgresql]
266  # PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable).
267  dsn=""
268
269
270  # Settings for the "internal api"
271  #
272  # This is the API used by ChirpStack Network Server to communicate with ChirpStack Application Server
273  # and should not be exposed to the end-user.
274  [application_server.api]
275  # ip:port to bind the api server
276  bind="0.0.0.0:8001"
277
278  # ca certificate used by the api server (optional)
279  ca_cert=""
280
281  # tls certificate used by the api server (optional)
282  tls_cert=""
283
284  # tls key used by the api server (optional)
285  tls_key=""
286
287  # Public ip:port of the application-server API.
288  #
289  # This is used by ChirpStack Network Server to connect to ChirpStack Application Server. When running
290  # ChirpStack Application Server on a different host than ChirpStack Network Server, make sure to set
291  # this to the host:ip on which ChirpStack Network Server can reach ChirpStack Application Server.
292  # The port must be equal to the port configured by the 'bind' flag
293  # above.
294  public_host="localhost:8001"
295
296
297  # Settings for the "external api"
298  #
299  # This is the API and web-interface exposed to the end-user.
300  [application_server.external_api]
301  # ip:port to bind the (user facing) http server to (web-interface and REST / gRPC api)
302  bind="0.0.0.0:8080"
303
304  # http server TLS certificate (optional)
305  tls_cert=""
306
307  # http server TLS key (optional)
308  tls_key=""
309
310  # JWT secret used for api authentication / authorization
311  # You could generate this by executing 'openssl rand -base64 32' for example
312  jwt_secret=""
313
314  # Allow origin header (CORS).
315  #
316  # Set this to allows cross-domain communication from the browser (CORS).
317  # Example value: https://example.com.
318  # When left blank (default), CORS will not be used.
319  cors_allow_origin=""
320
321  # when set, existing users can't be re-assigned (to avoid exposure of all users to an organization admin)"
322  disable_assign_existing_users=false
323
324
325  # Settings for the remote multicast setup.
326  [application_server.remote_multicast_setup]
327  # Synchronization interval.
328  sync_interval="1s"
329
330  # Synchronization retries.
331  sync_retries=3
332
333  # Synchronization batch-size.
334  sync_batch_size=100
335
336
337  # Settings for the fragmentation-session setup.
338  [application_server.fragmentation_session]
339  # Synchronization interval.
340  sync_interval="1s"
341
342  # Synchronization retries.
343  sync_retries=3
344
345  # Synchronization batch-size.
346  sync_batch_size=100
347
348
349
350# Join-server configuration.
351#
352# ChirpStack Application Server implements a (subset) of the join-api specified by the
353# LoRaWAN Backend Interfaces specification. This API is used by ChirpStack Network Server
354# to handle join-requests.
355[join_server]
356# ip:port to bind the join-server api interface to
357bind="0.0.0.0:8003"
358
359# CA certificate (optional).
360#
361# When set, the server requires a client-certificate and will validate this
362# certificate on incoming requests.
363ca_cert=""
364
365# TLS server-certificate (optional).
366#
367# Set this to enable TLS.
368tls_cert=""
369
370# TLS server-certificate key (optional).
371#
372# Set this to enable TLS.
373tls_key=""
374
375
376# Key Encryption Key (KEK) configuration.
377#
378# The KEK mechanism is used to encrypt the session-keys sent from the
379# join-server to the network-server.
380#
381# The ChirpStack Application Server join-server will use the NetID of the requesting
382# network-server as the KEK label. When no such label exists in the set,
383# the session-keys will be sent unencrypted (which can be fine for
384# private networks).
385#
386# Please refer to the LoRaWAN Backend Interface specification
387# 'Key Transport Security' section for more information.
388[join_server.kek]
389
390  # Application-server KEK label.
391  #
392  # This defines the KEK label used to encrypt the AppSKey (note that the
393  # AppSKey is signaled to the NS and on the first received uplink from the
394  # NS to the AS).
395  #
396  # When left blank, the AppSKey will be sent unencrypted (which can be fine
397  # for private networks).
398  as_kek_label=""
399
400  # KEK set.
401  #
402  # Example (the [[join_server.kek.set]] can be repeated):
403  # [[join_server.kek.set]]
404  # # KEK label.
405  # label="000000"
406
407  # # Key Encryption Key.
408  # kek="01020304050607080102030405060708"
409
410
411# Metrics collection settings.
412[metrics]
413# Timezone
414#
415# The timezone is used for correctly aggregating the metrics (e.g. per hour,
416# day or month).
417# Example: "Europe/Amsterdam" or "Local" for the the system's local time zone.
418timezone="Local"
419
420  # Metrics stored in Redis.
421  #
422  # The following metrics are stored in Redis:
423  # * gateway statistics
424  [metrics.redis]
425  # Aggregation intervals
426  #
427  # The intervals on which to aggregate. Available options are:
428  # 'MINUTE', 'HOUR', 'DAY', 'MONTH'.
429  aggregation_intervals=["MINUTE", "HOUR", "DAY", "MONTH"]
430
431  # Aggregated statistics storage duration.
432  minute_aggregation_ttl="2h0m0s"
433  hour_aggregation_ttl="48h0m0s"
434  day_aggregation_ttl="2160h0m0s"
435  month_aggregation_ttl="17520h0m0s"
436
437
438  # Metrics stored in Prometheus.
439  #
440  # These metrics expose information about the state of the ChirpStack Network Server
441  # instance.
442  [metrics.prometheus]
443  # Enable Prometheus metrics endpoint.
444  endpoint_enabled=false
445
446  # The ip:port to bind the Prometheus metrics server to for serving the
447  # metrics endpoint.
448  bind=""
449
450  # API timing histogram.
451  #
452  # By setting this to true, the API request timing histogram will be enabled.
453  # See also: https://github.com/grpc-ecosystem/go-grpc-prometheus#histograms
454  api_timing_histogram=false