diff --git a/.workflow/pipeline-docker.yml b/.workflow/pipeline-docker.yml deleted file mode 100644 index 464ef6c6..00000000 --- a/.workflow/pipeline-docker.yml +++ /dev/null @@ -1,95 +0,0 @@ -version: '1.0' -name: pipeline-docker -displayName: 构建镜像 -triggers: - trigger: auto - push: - branches: - precise: - - master - commitMessages: - include: - - ^deploy-docker -stages: - - name: stage-5ecf171c - displayName: 项目打包 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: build@maven - name: build_maven - displayName: Maven 构建后端 - jdkVersion: '8' - mavenVersion: 3.6.1 - commands: - - cd ./springboot - - mvn -B clean package -Dmaven.test.skip=true - artifacts: - - name: BUILD_JAVA - path: - - ./springboot/wumei-admin/target/wumei-admin.jar - settings: [] - strategy: - retry: '0' - - step: build@nodejs - name: build_nodejs - displayName: Nodejs 构建前端 - nodeVersion: 14.16.0 - commands: - - cd ./vue - - npm install --registry=https://registry.npm.taobao.org \ - - '&& rm -rf ./dist && npm run build:prod' - artifacts: - - name: BUILD_VUE - path: - - ./vue/dist - strategy: - retry: '0' - - name: stage-f5631c9e - displayName: 上传打包文件 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: publish@general_artifacts - name: publish_general_artifacts_java - displayName: 上传后端制品 - dependArtifact: BUILD_JAVA - artifactName: springboot - strategy: - retry: '0' - - step: publish@general_artifacts - name: publish_general_artifacts_vue - displayName: 上传前端制品 - dependArtifact: BUILD_VUE - artifactName: vue - strategy: - retry: '0' - - name: stage-59a550ac - displayName: 构建镜像 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: build@docker - name: build_docker - displayName: 镜像构建 - type: cert - certificate: kerwincui-docker - tag: kerwincui/wumei-smart:1.01 - dockerfile: ./docker/Dockerfile - context: ./docker - artifacts: - - ${BUILD_JAVA} - - ${BUILD_VUE} - isCache: true - strategy: - retry: '0' -permissions: - - role: admin - members: - - kerwincui diff --git a/.workflow/pipeline-java.yml b/.workflow/pipeline-java.yml deleted file mode 100644 index 05b2229b..00000000 --- a/.workflow/pipeline-java.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: '1.0' -name: pipeline-java -displayName: 部署后端 -triggers: - trigger: auto - push: - branches: - precise: - - master - commitMessages: - include: - - ^deploy-server -stages: - - name: stage-2c3f9607 - displayName: 构建后端 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: build@maven - name: build_maven - displayName: Maven 构建 - jdkVersion: '8' - mavenVersion: 3.6.3 - commands: - - cd ./springboot - - mvn -B clean package -Dmaven.test.skip=true - artifacts: - - name: BUILD_JAVA - path: - - ./springboot/wumei-admin/target/wumei-admin.jar - settings: [] - strategy: - retry: '0' - - name: stage-b6625c4a - displayName: 部署后端 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: deploy@agent - name: deploy_agent - displayName: 主机部署 - hostGroupID: alicloud - deployArtifact: - - source: build - name: springboot - target: ~/gitee_go/deploy - dependArtifact: BUILD_JAVA - script: - - '# 请在此输入部署脚本,如启动Java应用如下' - - '# nohup java -jar test.jar > nohup.out &' - - ' echo ''Hello Gitee!''' - - ' touch springboot' - strategy: - retry: '0' -strategy: - blocking: true diff --git a/.workflow/pipeline-vue.yml b/.workflow/pipeline-vue.yml deleted file mode 100644 index 12ee7505..00000000 --- a/.workflow/pipeline-vue.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: '1.0' -name: pipeline-vue -displayName: 部署前端 -triggers: - trigger: auto - push: - branches: - precise: - - master - commitMessages: - include: - - ^deploy-vue -stages: - - name: stage-3761fd9a - displayName: 构建前端 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: build@nodejs - name: build_nodejs - displayName: Nodejs 构建 - nodeVersion: 14.16.0 - commands: - - cd ./vue - - npm install --registry=https://registry.npm.taobao.org \ - - '&& rm -rf ./dist && npm run build:prod' - artifacts: - - name: BUILD_VUE - path: - - ./vue/dist - strategy: - retry: '0' - - name: stage-79a96375 - displayName: 部署前端 - strategy: naturally - trigger: auto - executor: - - kerwincui - steps: - - step: deploy@agent - name: deploy_agent - displayName: 主机部署 - hostGroupID: alicloud - deployArtifact: - - source: build - name: vue - target: ~/gitee_go/deploy - dependArtifact: BUILD_VUE - script: |- - # 请在此输入部署脚本,如启动Java应用如下 - # nohup java -jar test.jar > nohup.out & - echo 'Hello Gitee!' && touch vuetest - touch vue - strategy: - retry: '0' -permissions: - - role: admin - members: [] diff --git a/docker/Dockerfile b/docker/Dockerfile index 830f828b..39caa472 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -12,56 +12,45 @@ ENV DB_USER root ENV DB_PASSWORD admin RUN apt-get update && \ - echo "1. 安装网络工具和设置时区 =====================" && \ + # 安装网络工具和设置时区 apt-get install wget -y --no-install-recommends && \ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ - - echo "2. 更换国内源 =============================" && \ + # 更换国内源 wget http://qiniu.xiwen.online/Debian10.list && \ mv Debian10.list /etc/apt/sources.list && \ apt update && apt upgrade -y && \ - - echo "3. 安装压缩工具 ============================" && \ - apt install zip -y && \ - - echo "4. 安装nginx ==============================" && \ + # 安装压缩工具 + apt install zip -y && \ + # 安装nginx和redis apt-get install nginx -y --no-install-recommends && \ - - echo "5. 安装redis ===============================" && \ apt-get install redis-server -y --no-install-recommends && \ - - echo "6. 修改redis配置 =============================" && \ + # 安装 emqx + apt update && apt install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg-agent \ + software-properties-common && \ + curl -fsSL https://repos.emqx.io/gpg.pub | apt-key add - && \ + add-apt-repository \ + "deb [arch=amd64] https://repos.emqx.io/emqx-ce/deb/ubuntu/ \ + ./bionic \ + stable" && \ + apt update && \ + apt install emqx=4.0.0 -y --no-install-recommends && \ + # 修改redis配置 sed -i "s/# requirepass foobared/requirepass wumei-smart/g" /etc/redis/redis.conf && \ sed -i "s/bind 127.0.0.1/# bind 127.0.0.1/g" /etc/redis/redis.conf - # echo "6. 安装 emqx =============================" && \ - # apt update && apt install -y \ - # apt-transport-https \ - # ca-certificates \ - # curl \ - # gnupg-agent \ - # software-properties-common && \ - # echo "6.2 添加EMQX官方GPG秘钥 =============================" && \ - # curl -fsSL https://repos.emqx.io/gpg.pub | apt-key add - && \ - # echo "6.3 设置存储库 =============================" && \ - # add-apt-repository \ - # "deb [arch=amd64] https://repos.emqx.io/emqx-ce/deb/ubuntu/ \ - # ./bionic \ - # stable" && \ - # echo "6.4 更新apt包索引 =============================" && \ - # apt update && \ - # echo "6.5 安装4.0版本 =============================" && \ - # apt install emqx=4.0.0 -y --no-install-recommends - # 复制emqx和Nginx的配置文件 -# COPY ./emqx4.0/emqx.conf /etc/emqx/emqx.conf -# COPY ./emqx4.0/emqx_auth_http.conf /etc/emqx/plugins/emqx_auth_http.conf -# COPY ./emqx4.0/emqx_web_hook.conf /etc/emqx/plugins/emqx_web_hook.conf -# COPY ./emqx4.0/loaded_plugins /var/lib/emqx/loaded_plugins +COPY ./emqx4.0/emqx.conf /etc/emqx/emqx.conf +COPY ./emqx4.0/emqx_auth_http.conf /etc/emqx/plugins/emqx_auth_http.conf +COPY ./emqx4.0/emqx_web_hook.conf /etc/emqx/plugins/emqx_web_hook.conf +COPY ./emqx4.0/loaded_plugins /var/lib/emqx/loaded_plugins COPY ./nginx.conf /etc/nginx/nginx.conf - - -# 解压前端和后端文件并放置到对应位置 +# 拷贝前后端压缩文件到容器,容器内解压后删除 +COPY ./wumei-smart.tar /var/ +RUN cd /var && tar -xvf wumei-smart.tar && rm wumei-smart.tar # 启动脚本 COPY docker-entrypoint.sh / diff --git a/docker/local_build/Dockerfile b/docker/local_build/Dockerfile deleted file mode 100644 index 39caa472..00000000 --- a/docker/local_build/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -FROM openjdk:8u322-jre-slim-buster - -ENV VERSION 1.1 -ENV AUTHOR kerwincui -ENV INFO wumei smart open source living iot platform -ENV SERVERS nginx:1.14.2, redis-server:5.0.14, emqx:4.0, openjdk:8u322-jre-slim-buster - -# mysql环境变量 -ENV DB_HOST localhost -ENV DB_NAME wumei -ENV DB_USER root -ENV DB_PASSWORD admin - -RUN apt-get update && \ - # 安装网络工具和设置时区 - apt-get install wget -y --no-install-recommends && \ - ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ - # 更换国内源 - wget http://qiniu.xiwen.online/Debian10.list && \ - mv Debian10.list /etc/apt/sources.list && \ - apt update && apt upgrade -y && \ - # 安装压缩工具 - apt install zip -y && \ - # 安装nginx和redis - apt-get install nginx -y --no-install-recommends && \ - apt-get install redis-server -y --no-install-recommends && \ - # 安装 emqx - apt update && apt install -y \ - apt-transport-https \ - ca-certificates \ - curl \ - gnupg-agent \ - software-properties-common && \ - curl -fsSL https://repos.emqx.io/gpg.pub | apt-key add - && \ - add-apt-repository \ - "deb [arch=amd64] https://repos.emqx.io/emqx-ce/deb/ubuntu/ \ - ./bionic \ - stable" && \ - apt update && \ - apt install emqx=4.0.0 -y --no-install-recommends && \ - # 修改redis配置 - sed -i "s/# requirepass foobared/requirepass wumei-smart/g" /etc/redis/redis.conf && \ - sed -i "s/bind 127.0.0.1/# bind 127.0.0.1/g" /etc/redis/redis.conf - -# 复制emqx和Nginx的配置文件 -COPY ./emqx4.0/emqx.conf /etc/emqx/emqx.conf -COPY ./emqx4.0/emqx_auth_http.conf /etc/emqx/plugins/emqx_auth_http.conf -COPY ./emqx4.0/emqx_web_hook.conf /etc/emqx/plugins/emqx_web_hook.conf -COPY ./emqx4.0/loaded_plugins /var/lib/emqx/loaded_plugins -COPY ./nginx.conf /etc/nginx/nginx.conf -# 拷贝前后端压缩文件到容器,容器内解压后删除 -COPY ./wumei-smart.tar /var/ -RUN cd /var && tar -xvf wumei-smart.tar && rm wumei-smart.tar - -# 启动脚本 -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] - -# 映射端口 -EXPOSE 80 1883 8083 - diff --git a/docker/local_build/description.txt b/docker/local_build/description.txt deleted file mode 100644 index 715608d8..00000000 --- a/docker/local_build/description.txt +++ /dev/null @@ -1,48 +0,0 @@ -# 服务启动 -service nginx start -service redis-server start -service mysql start -emqx start -java -jar /var/wumei-smart/app.jar - -# 镜像构建 -docker build -t wumei-smart:1.0 . -# 复制文件到容器 -docker cp wumei-smart/* container:/var/wumei-smart/ -# 镜像导出导入 -docker export container| docker import - kerwincui/wumei-smart:1.0 -# 镜像推送 -阿里云镜像:registry.cn-chengdu.aliyuncs.com/kerwincui/wumei-smart:1.0 -docker tag wumei-smart kerwincui/wumei-smart:1.0 -docker push kerwinci/wumei-smart:1.0 - -# 容器运行 -docker run \ ---name wumei-smart \ ---env DB_HOST=wumei.live:3306 \ ---env DB_NAME=wumei-smart \ ---env DB_USER=root \ ---env DB_PASSWORD=wumei-smart \ ---publish 80:80 \ ---publish 1883:1883 \ ---publish 8083:8083 \ ---volume /var/wumei-smart/java/uploadPath:/var/wumei-smart/java/uploadPath \ ---restart unless-stopped \ ---detach \ -kerwincui/wumei-smart:1.1 - ---publish 18083:18083 \ ---publish 8084:8084 \ ---publish 8883:8883 \ ---publish 8081:8081 \ ---publish 6379:6379 \ ---publish 8080:8080 \ - ---volume /var/wumei-smart/java/logs:/var/wumei-smart/java/logs \ ---volume /var/wumei-smart/nginx/nginx.conf:/etc/nginx/nginx.conf \ ---volume /var/wumei-smart/nginx/error.log:/var/log/nginx/error.log \ ---volume /var/wumei-smart/redis/redis.conf:/etc/redis/redis.conf \ ---volume /var/wumei-smart/redis/redis-server.log:/var/log/redis/redis-server.log \ ---volume /var/wumei-smart/emqx/emqx.conf:/etc/emqx/emqx.conf \ ---volume /var/wumei-smart/emqx/log:/var/log/emqx \ - diff --git a/docker/local_build/docker-entrypoint.sh b/docker/local_build/docker-entrypoint.sh deleted file mode 100644 index a3628120..00000000 --- a/docker/local_build/docker-entrypoint.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# start service -startTime=$(date "+%Y-%m-%d %H:%M:%S") -echo $startTime : wumei-smart is starting, please waiting ... - -# 提取jar包配置文件 -cd /var/wumei-smart/java -unzip app.jar BOOT-INF/classes/application-druid.yml -# 修改mysql配置 -sed -i "s/{DB_HOST}/$DB_HOST/g" BOOT-INF/classes/application-druid.yml -sed -i "s/{DB_NAME}/$DB_NAME/g" BOOT-INF/classes/application-druid.yml -sed -i "s/{DB_USER}/$DB_USER/g" BOOT-INF/classes/application-druid.yml -sed -i "s/{DB_PASSWORD}/$DB_PASSWORD/g" BOOT-INF/classes/application-druid.yml -# 配置文件写入jar包,并删除提取的配置 -zip app.jar BOOT-INF/classes/application-druid.yml -rm -rf BOOT-INF - -service nginx start -service redis-server start -emqx start -java -jar /var/wumei-smart/java/app.jar - - -while true -do - time=$(date "+%Y-%m-%d %H:%M:%S") - echo $time : wumei-smart is running... - sleep 3600 -done - - diff --git a/docker/local_build/emqx4.0/emqx.conf b/docker/local_build/emqx4.0/emqx.conf deleted file mode 100644 index c277a165..00000000 --- a/docker/local_build/emqx4.0/emqx.conf +++ /dev/null @@ -1,2061 +0,0 @@ -##==================================================================== -## EMQ X Configuration R4.0 -##==================================================================== - -##-------------------------------------------------------------------- -## Cluster -##-------------------------------------------------------------------- - -## Cluster name. -## -## Value: String -cluster.name = emqxcl - -## Specify the erlang distributed protocol. -## -## Value: Enum -## - inet_tcp: the default; handles TCP streams with IPv4 addressing. -## - inet6_tcp: handles TCP with IPv6 addressing. -## - inet_tls: using TLS for Erlang Distribution. -## -## vm.args: -proto_dist inet_tcp -cluster.proto_dist = inet_tcp - -## Cluster auto-discovery strategy. -## -## Value: Enum -## - manual: Manual join command -## - static: Static node list -## - mcast: IP Multicast -## - dns: DNS A Record -## - etcd: etcd -## - k8s: Kubernates -## -## Default: manual -cluster.discovery = manual - -## Enable cluster autoheal from network partition. -## -## Value: on | off -## -## Default: on -cluster.autoheal = on - -## Autoclean down node. A down node will be removed from the cluster -## if this value > 0. -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 5m -cluster.autoclean = 5m - -##-------------------------------------------------------------------- -## Cluster using static node list - -## Node list of the cluster. -## -## Value: String -## cluster.static.seeds = emqx1@127.0.0.1,emqx2@127.0.0.1 - -##-------------------------------------------------------------------- -## Cluster using IP Multicast. - -## IP Multicast Address. -## -## Value: IP Address -## cluster.mcast.addr = 239.192.0.1 - -## Multicast Ports. -## -## Value: Port List -## cluster.mcast.ports = 4369,4370 - -## Multicast Iface. -## -## Value: Iface Address -## -## Default: 0.0.0.0 -## cluster.mcast.iface = 0.0.0.0 - -## Multicast Ttl. -## -## Value: 0-255 -## cluster.mcast.ttl = 255 - -## Multicast loop. -## -## Value: on | off -## cluster.mcast.loop = on - -##-------------------------------------------------------------------- -## Cluster using DNS A records. - -## DNS name. -## -## Value: String -## cluster.dns.name = localhost - -## The App name is used to build 'node.name' with IP address. -## -## Value: String -## cluster.dns.app = emqx - -##-------------------------------------------------------------------- -## Cluster using etcd - -## Etcd server list, seperated by ','. -## -## Value: String -## cluster.etcd.server = http://127.0.0.1:2379 - -## The prefix helps build nodes path in etcd. Each node in the cluster -## will create a path in etcd: v2/keys/// -## -## Value: String -## cluster.etcd.prefix = emqxcl - -## The TTL for node's path in etcd. -## -## Value: Duration -## -## Default: 1m, 1 minute -## cluster.etcd.node_ttl = 1m - -## Path to a file containing the client's private PEM-encoded key. -## -## Value: File -## cluster.etcd.ssl.keyfile = /etc/emqx/certs/client-key.pem - -## The path to a file containing the client's certificate. -## -## Value: File -## cluster.etcd.ssl.certfile = /etc/emqx/certs/client.pem - -## Path to the file containing PEM-encoded CA certificates. The CA certificates -## are used during server authentication and when building the client certificate chain. -## -## Value: File -## cluster.etcd.ssl.cacertfile = /etc/emqx/certs/ca.pem - -##-------------------------------------------------------------------- -## Cluster using Kubernates - -## Kubernates API server list, seperated by ','. -## -## Value: String -## cluster.k8s.apiserver = http://10.110.111.204:8080 - -## The service name helps lookup EMQ nodes in the cluster. -## -## Value: String -## cluster.k8s.service_name = emqx - -## The address type is used to extract host from k8s service. -## -## Value: ip | dns | hostname -## cluster.k8s.address_type = ip - -## The app name helps build 'node.name'. -## -## Value: String -## cluster.k8s.app_name = emqx - -## The suffix added to dns and hostname get from k8s service -## -## Value: String -## cluster.k8s.suffix = pod.cluster.local - -## Kubernates Namespace -## -## Value: String -## cluster.k8s.namespace = default - -##-------------------------------------------------------------------- -## Node -##-------------------------------------------------------------------- - -## Node name. -## -## See: http://erlang.org/doc/reference_manual/distributed.html -## -## Value: @ -## -## Default: emqx@127.0.0.1 -node.name = emqx@127.0.0.1 - -## Cookie for distributed node communication. -## -## Value: String -node.cookie = emqxsecretcookie - -## Data dir for the node -## -## Value: Folder -node.data_dir = /var/lib/emqx - -## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable -## heartbeat, or set the value as 'on' -## -## Value: on -## -## vm.args: -heart -## node.heartbeat = on - -## Sets the number of threads in async thread pool. Valid range is 0-1024. -## -## See: http://erlang.org/doc/man/erl.html -## -## Value: 0-1024 -## -## vm.args: +A Number -node.async_threads = 32 - -## Sets the maximum number of simultaneously existing processes for this -## system if a Number is passed as value. -## -## See: http://erlang.org/doc/man/erl.html -## -## Value: Number [1024-134217727] -## -## vm.args: +P Number -node.process_limit = 2048000 - -## Sets the maximum number of simultaneously existing ports for this system. -## -## See: http://erlang.org/doc/man/erl.html -## -## Value: Number [1024-134217727] -## -## vm.args: +Q Number -node.max_ports = 1024000 - -## Set the distribution buffer busy limit (dist_buf_busy_limit). -## -## See: http://erlang.org/doc/man/erl.html -## -## Value: Number [1KB-2GB] -## -## vm.args: +zdbbl size -node.dist_buffer_size = 8MB - -## Sets the maximum number of ETS tables. Note that mnesia and SSL will -## create temporary ETS tables. -## -## Value: Number -## -## vm.args: +e Number -node.max_ets_tables = 256000 - -## Tweak GC to run more often. -## -## Value: Number [0-65535] -## -## vm.args: -env ERL_FULLSWEEP_AFTER Number -node.fullsweep_after = 1000 - -## Crash dump log file. -## -## Value: Log file -node.crash_dump = /var/log/emqx/crash.dump - -## Specify SSL Options in the file if using SSL for Erlang Distribution. -## -## Value: File -## -## vm.args: -ssl_dist_optfile -## node.ssl_dist_optfile = /etc/emqx/ssl_dist.conf - -## Sets the net_kernel tick time. TickTime is specified in seconds. -## Notice that all communicating nodes are to have the same TickTime -## value specified. -## -## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime -## -## Value: Number -## -## vm.args: -kernel net_ticktime Number -node.dist_net_ticktime = 60 - -## Sets the port range for the listener socket of a distributed Erlang node. -## Note that if there are firewalls between clustered nodes, this port segment -## for nodes’ communication should be allowed. -## -## See: http://www.erlang.org/doc/man/kernel_app.html -## -## Value: Port [1024-65535] -node.dist_listen_min = 6369 -node.dist_listen_max = 6369 - -##-------------------------------------------------------------------- -## RPC -##-------------------------------------------------------------------- -## RPC Mode. -## -## Value: sync | async -rpc.mode = async - -## Max batch size of async RPC requests. -## -## Value: Integer -## Zero or negative value disables rpc batching. -## -## NOTE: RPC batch won't work when rpc.mode = sync -rpc.async_batch_size = 256 - -## TCP server port for RPC. -## -## Value: Port [1024-65535] -rpc.tcp_server_port = 5369 - -## TCP port for outgoing RPC connections. -## -## Value: Port [1024-65535] -rpc.tcp_client_port = 5369 - -## Number of utgoing RPC connections. -## -## Value: Interger [1-256] -rpc.tcp_client_num = 32 - -## RCP Client connect timeout. -## -## Value: Seconds -rpc.connect_timeout = 5s - -## TCP send timeout of RPC client and server. -## -## Value: Seconds -rpc.send_timeout = 5s - -## Authentication timeout -## -## Value: Seconds -rpc.authentication_timeout = 5s - -## Default receive timeout for call() functions -## -## Value: Seconds -rpc.call_receive_timeout = 15s - -## Socket idle keepalive. -## -## Value: Seconds -rpc.socket_keepalive_idle = 900s - -## TCP Keepalive probes interval. -## -## Value: Seconds -rpc.socket_keepalive_interval = 75s - -## Probes lost to close the connection -## -## Value: Integer -rpc.socket_keepalive_count = 9 - -## Size of TCP send buffer. -## -## Value: Bytes -rpc.socket_sndbuf = 1MB - -## Size of TCP receive buffer. -## -## Value: Seconds -rpc.socket_recbuf = 1MB - -## Size of user-level software socket buffer. -## -## Value: Seconds -rpc.socket_buffer = 1MB - -##-------------------------------------------------------------------- -## Log -##-------------------------------------------------------------------- - -## Where to emit the logs. -## Enable the console (standard output) logs. -## -## Value: off | file | console | both -## - off: disable logs entirely -## - file: write logs only to file -## - console: write logs only to standard I/O -## - both: write logs both to file and standard I/O -log.to = both - -## The log severity level. -## -## Value: debug | info | notice | warning | error | critical | alert | emergency -## -## Note: Only the messages with severity level higher than or equal to -## this level will be logged. -## -## Default: warning -log.level = warning - -## The dir for log files. -## -## Value: Folder -log.dir = /var/log/emqx - -## The log filename for logs of level specified in "log.level". -## -## Value: String -## Default: emqx.log -log.file = emqx.log - -## Limits the total number of characters printed for each log event. -## -## Value: Integer -## Default: No Limit -#log.chars_limit = 8192 - -## Maximum size of each log file. -## -## Value: Number -## Default: 10M -## Supported Unit: KB | MB | GB -log.rotation.size = 10MB - -## Maximum rotation count of log files. -## -## Value: Number -## Default: 5 -log.rotation.count = 5 - -## To create additional log files for specific log levels. -## -## Value: File Name -## Format: log.$level.file = $filename, -## where "$level" can be one of: debug, info, notice, warning, -## error, critical, alert, emergency -## Note: Log files for a specific log level will only contain all the logs -## that higher than or equal to that level -## -#log.info.file = info.log -#log.error.file = error.log - -##-------------------------------------------------------------------- -## Authentication/Access Control -##-------------------------------------------------------------------- - -## Allow anonymous authentication by default if no auth plugins loaded. -## Notice: Disable the option in production deployment! -## -## Value: true | false -allow_anonymous = false - -## Allow or deny if no ACL rules matched. -## -## Value: allow | deny -acl_nomatch = allow - -## Default ACL File. -## -## Value: File Name -acl_file = /etc/emqx/acl.conf - -## Whether to enable ACL cache. -## -## If enabled, ACLs roles for each client will be cached in the memory -## -## Value: on | off -enable_acl_cache = on - -## The maximum count of ACL entries can be cached for a client. -## -## Value: Integer greater than 0 -## Default: 32 -acl_cache_max_size = 32 - -## The time after which an ACL cache entry will be deleted -## -## Value: Duration -## Default: 1 minute -acl_cache_ttl = 1m - -## The action when acl check reject current operation -## -## Value: ignore | disconnect -## Default: ignore -acl_deny_action = ignore - -## Specify the global flapping detect policy. -## The value is a string composed of flapping threshold, duration and banned interval. -## 1. threshold: an integer to specfify the disconnected times of a MQTT Client; -## 2. duration: the time window for flapping detect; -## 3. banned interval: the banned interval if a flapping is detected. -## -## Value: Integer,Duration,Duration -flapping_detect_policy = 30, 1m, 5m - -##-------------------------------------------------------------------- -## MQTT Protocol -##-------------------------------------------------------------------- - -## Maximum MQTT packet size allowed. -## -## Value: Bytes -## Default: 1MB -mqtt.max_packet_size = 1MB - -## Maximum length of MQTT clientId allowed. -## -## Value: Number [23-65535] -mqtt.max_clientid_len = 65535 - -## Maximum topic levels allowed. 0 means no limit. -## -## Value: Number -mqtt.max_topic_levels = 0 - -## Maximum QoS allowed. -## -## Value: 0 | 1 | 2 -mqtt.max_qos_allowed = 2 - -## Maximum Topic Alias, 0 means no topic alias supported. -## -## Value: 0-65535 -mqtt.max_topic_alias = 65535 - -## Whether the Server supports MQTT retained messages. -## -## Value: boolean -mqtt.retain_available = true - -## Whether the Server supports MQTT Wildcard Subscriptions -## -## Value: boolean -mqtt.wildcard_subscription = true - -## Whether the Server supports MQTT Shared Subscriptions. -## -## Value: boolean -mqtt.shared_subscription = true - -## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) -## -## Value: true | false -mqtt.ignore_loop_deliver = false - -## Whether to parse the MQTT frame in strict mode -## -## Value: true | false -mqtt.strict_mode = false - -##-------------------------------------------------------------------- -## Zones -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## External Zone - -## Idle timeout of the external MQTT connections. -## -## Value: duration -zone.external.idle_timeout = 15s - -## Hibernate after a duration of idle state. -## -## Value: duration -zone.external.hibernate_after = 60s - -## Publish limit for the external MQTT connections. -## -## Value: Number,Duration -## Example: 100 messages per 10 seconds. -## zone.external.publish_limit = 100,10s - -## Enable ACL check. -## -## Value: Flag -zone.external.enable_acl = on - -## Enable ban check. -## -## Value: Flag -zone.external.enable_ban = on - -## Enable per connection statistics. -## -## Value: on | off -zone.external.enable_stats = on - -## The action when acl check reject current operation -## -## Value: ignore | disconnect -## Default: ignore -zone.external.acl_deny_action = ignore - -## Force MQTT connection/session process GC after this number of -## messages | bytes passed through. -## -## Numbers delimited by `|'. Zero or negative is to disable. -zone.external.force_gc_policy = 1000|1MB - -## Max message queue length and total heap size to force shutdown -## connection/session process. -## Message queue here is the Erlang process mailbox, but not the number -## of queued MQTT messages of QoS 1 and 2. -## -## Numbers delimited by `|'. Zero or negative is to disable. -## -## Default: -## - 10000|32MB on ARCH_64 system -## - 10000|16MB on ARCH_32 sytem -## zone.external.force_shutdown_policy = 10000|32MB - -## Maximum MQTT packet size allowed. -## -## Value: Bytes -## Default: 1MB -## zone.external.max_packet_size = 64KB - -## Maximum length of MQTT clientId allowed. -## -## Value: Number [23-65535] -## zone.external.max_clientid_len = 1024 - -## Maximum topic levels allowed. 0 means no limit. -## -## Value: Number -## zone.external.max_topic_levels = 7 - -## Maximum QoS allowed. -## -## Value: 0 | 1 | 2 -## zone.external.max_qos_allowed = 2 - -## Maximum Topic Alias, 0 means no limit. -## -## Value: 0-65535 -## zone.external.max_topic_alias = 65535 - -## Whether the Server supports retained messages. -## -## Value: boolean -## zone.external.retain_available = true - -## Whether the Server supports Wildcard Subscriptions -## -## Value: boolean -## zone.external.wildcard_subscription = false - -## Whether the Server supports Shared Subscriptions -## -## Value: boolean -## zone.external.shared_subscription = false - -## Server Keep Alive -## -## Value: Number -## zone.external.server_keepalive = 0 - -## The backoff for MQTT keepalive timeout. The broker will kick a connection out -## until 'Keepalive * backoff * 2' timeout. -## -## Value: Float > 0.5 -zone.external.keepalive_backoff = 0.75 - -## Maximum number of subscriptions allowed, 0 means no limit. -## -## Value: Number -zone.external.max_subscriptions = 0 - -## Force to upgrade QoS according to subscription. -## -## Value: on | off -zone.external.upgrade_qos = off - -## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked. -## -## Value: Number -zone.external.max_inflight = 32 - -## Retry interval for QoS1/2 message delivering. -## -## Value: Duration -zone.external.retry_interval = 30s - -## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit. -## -## Value: Number -zone.external.max_awaiting_rel = 100 - -## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout. -## -## Value: Duration -zone.external.await_rel_timeout = 300s - -## Default session expiry interval for MQTT V3.1.1 connections. -## -## Value: Duration -## -d: day -## -h: hour -## -m: minute -## -s: second -## -## Default: 2h, 2 hours -zone.external.session_expiry_interval = 2h - -## Maximum queue length. Enqueued messages when persistent client disconnected, -## or inflight window is full. 0 means no limit. -## -## Value: Number >= 0 -zone.external.max_mqueue_len = 1000 - -## Topic priorities. -## 'none' to indicate no priority table (by default), hence all messages -## are treated equal -## -## Priority number [1-255] -## Example: topic/1=10,topic/2=8 -## NOTE: comma and equal signs are not allowed for priority topic names -## NOTE: messages for topics not in the priority table are treated as -## either highest or lowest priority depending on the configured -## value for mqueue_default_priority -## -zone.external.mqueue_priorities = none - -## Default to highest priority for topics not matching priority table -## -## Value: highest | lowest -zone.external.mqueue_default_priority = highest - -## Whether to enqueue QoS0 messages. -## -## Value: false | true -zone.external.mqueue_store_qos0 = true - -## Whether to turn on flapping detect -## -## Value: on | off -zone.external.enable_flapping_detect = off - -## All the topics will be prefixed with the mountpoint path if this option is enabled. -## -## Variables in mountpoint path: -## - %c: clientid -## - %u: username -## -## Value: String -## zone.external.mountpoint = devicebound/ - -## Whether use username replace client id -## -## Value: boolean -## Default: false -zone.external.use_username_as_clientid = false - -## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) -## -## Value: true | false -zone.external.ignore_loop_deliver = false - -## Whether to parse the MQTT frame in strict mode -## -## Value: true | false -zone.external.strict_mode = false - -##-------------------------------------------------------------------- -## Internal Zone - -zone.internal.allow_anonymous = true - -## Enable per connection stats. -## -## Value: Flag -zone.internal.enable_stats = on - -## Enable ACL check. -## -## Value: Flag -zone.internal.enable_acl = off - -## The action when acl check reject current operation -## -## Value: ignore | disconnect -## Default: ignore -zone.internal.acl_deny_action = ignore - -## See zone.$name.wildcard_subscription. -## -## Value: boolean -## zone.internal.wildcard_subscription = true - -## See zone.$name.shared_subscription. -## -## Value: boolean -## zone.internal.shared_subscription = true - -## See zone.$name.max_subscriptions. -## -## Value: Integer -zone.internal.max_subscriptions = 0 - -## See zone.$name.max_inflight -## -## Value: Number -zone.internal.max_inflight = 128 - -## See zone.$name.max_awaiting_rel -## -## Value: Number -zone.internal.max_awaiting_rel = 1000 - -## See zone.$name.max_mqueue_len -## -## Value: Number >= 0 -zone.internal.max_mqueue_len = 10000 - -## Whether to enqueue Qos0 messages. -## -## Value: false | true -zone.internal.mqueue_store_qos0 = true - -## Whether to turn on flapping detect -## -## Value: on | off -zone.internal.enable_flapping_detect = off - -## See zone.$name.force_shutdown_policy -## -## Default: -## - 10000|32MB on ARCH_64 system -## - 10000|16MB on ARCH_32 sytem -zone.internal.force_shutdown_policy = 100000|64MB - -## All the topics will be prefixed with the mountpoint path if this option is enabled. -## -## Variables in mountpoint path: -## - %c: clientid -## - %u: username -## -## Value: String -## zone.internal.mountpoint = cloudbound/ - -## Whether to ignore loop delivery of messages.(for mqtt v3.1.1) -## -## Value: true | false -zone.internal.ignore_loop_deliver = false - -## Whether to parse the MQTT frame in strict mode -## -## Value: true | false -zone.internal.strict_mode = false - -##-------------------------------------------------------------------- -## Listeners -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## MQTT/TCP - External TCP Listener for MQTT Protocol - -## listener.tcp.$name is the IP address and port that the MQTT/TCP -## listener will bind. -## -## Value: IP:Port | Port -## -## Examples: 1883, 127.0.0.1:1883, ::1:1883 -listener.tcp.external = 0.0.0.0:1883 - -## The acceptor pool for external MQTT/TCP listener. -## -## Value: Number -listener.tcp.external.acceptors = 8 - -## Maximum number of concurrent MQTT/TCP connections. -## -## Value: Number -listener.tcp.external.max_connections = 1024000 - -## Maximum external connections per second. -## -## Value: Number -listener.tcp.external.max_conn_rate = 1000 - -## Specify the {active, N} option for the external MQTT/TCP Socket. -## -## Value: Number -listener.tcp.external.active_n = 100 - -## Zone of the external MQTT/TCP listener belonged to. -## -## See: zone.$name.* -## -## Value: String -listener.tcp.external.zone = external - -## Rate limit for the external MQTT/TCP connections. Format is 'limit,duration'. -## -## Value: limit,duration -## Default: 100KB incoming per 10 seconds. -## listener.tcp.external.rate_limit = 100KB,10s - -## The access control rules for the MQTT/TCP listener. -## -## See: https://github.com/emqtt/esockd#allowdeny -## -## Value: ACL Rule -## -## Example: allow 192.168.0.0/24 -listener.tcp.external.access.1 = allow all - -## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed -## behind HAProxy or Nginx. -## -## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/ -## -## Value: on | off -## listener.tcp.external.proxy_protocol = on - -## Sets the timeout for proxy protocol. EMQ X will close the TCP connection -## if no proxy protocol packet recevied within the timeout. -## -## Value: Duration -## listener.tcp.external.proxy_protocol_timeout = 3s - -## Enable the option for X.509 certificate based authentication. -## EMQX will use the common name of certificate as MQTT username. -## -## Value: cn | dn | crt -## listener.tcp.external.peer_cert_as_username = cn - -## The TCP backlog defines the maximum length that the queue of pending -## connections can grow to. -## -## Value: Number >= 0 -listener.tcp.external.backlog = 1024 - -## The TCP send timeout for external MQTT connections. -## -## Value: Duration -listener.tcp.external.send_timeout = 15s - -## Close the TCP connection if send timeout. -## -## Value: on | off -listener.tcp.external.send_timeout_close = on - -## The TCP receive buffer(os kernel) for MQTT connections. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -## listener.tcp.external.recbuf = 2KB - -## The TCP send buffer(os kernel) for MQTT connections. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -## listener.tcp.external.sndbuf = 2KB - -## The size of the user-level software buffer used by the driver. -## Not to be confused with options sndbuf and recbuf, which correspond -## to the Kernel socket buffers. It is recommended to have val(buffer) -## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because -## of unnecessary copying. val(buffer) is automatically set to the above -## maximum when values sndbuf or recbuf are set. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -## listener.tcp.external.buffer = 2KB - -## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. -## -## Value: on | off -## listener.tcp.external.tune_buffer = off - -## The TCP_NODELAY flag for MQTT connections. Small amounts of data are -## sent immediately if the option is enabled. -## -## Value: true | false -listener.tcp.external.nodelay = true - -## The SO_REUSEADDR flag for TCP listener. -## -## Value: true | false -listener.tcp.external.reuseaddr = true - -##-------------------------------------------------------------------- -## Internal TCP Listener for MQTT Protocol - -## The IP address and port that the internal MQTT/TCP protocol listener -## will bind. -## -## Value: IP:Port, Port -## -## Examples: 11883, 127.0.0.1:11883, ::1:11883 -listener.tcp.internal = 127.0.0.1:11883 - -## The acceptor pool for internal MQTT/TCP listener. -## -## Value: Number -listener.tcp.internal.acceptors = 4 - -## Maximum number of concurrent MQTT/TCP connections. -## -## Value: Number -listener.tcp.internal.max_connections = 1024000 - -## Maximum internal connections per second. -## -## Value: Number -listener.tcp.internal.max_conn_rate = 1000 - -## Specify the {active, N} option for the internal MQTT/TCP Socket. -## -## Value: Number -listener.tcp.internal.active_n = 1000 - -## Zone of the internal MQTT/TCP listener belonged to. -## -## Value: String -listener.tcp.internal.zone = internal - -## Rate limit for the internal MQTT/TCP connections. -## -## See: listener.tcp.$name.rate_limit -## -## Value: limit,duration -## Default: 1MB incoming per second. -## listener.tcp.internal.rate_limit = 1MB,1s - -## The TCP backlog of internal MQTT/TCP Listener. -## -## See: listener.tcp.$name.backlog -## -## Value: Number >= 0 -listener.tcp.internal.backlog = 512 - -## The TCP send timeout for internal MQTT connections. -## -## See: listener.tcp.$name.send_timeout -## -## Value: Duration -listener.tcp.internal.send_timeout = 5s - -## Close the MQTT/TCP connection if send timeout. -## -## See: listener.tcp.$name.send_timeout_close -## -## Value: on | off -listener.tcp.internal.send_timeout_close = on - -## The TCP receive buffer(os kernel) for internal MQTT connections. -## -## See: listener.tcp.$name.recbuf -## -## Value: Bytes -listener.tcp.internal.recbuf = 64KB - -## The TCP send buffer(os kernel) for internal MQTT connections. -## -## See: http://erlang.org/doc/man/inet.html -## -## Value: Bytes -listener.tcp.internal.sndbuf = 64KB - -## The size of the user-level software buffer used by the driver. -## -## See: listener.tcp.$name.buffer -## -## Value: Bytes -## listener.tcp.internal.buffer = 16KB - -## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. -## -## See: listener.tcp.$name.tune_buffer -## -## Value: on | off -## listener.tcp.internal.tune_buffer = off - -## The TCP_NODELAY flag for internal MQTT connections. -## -## See: listener.tcp.$name.nodelay -## -## Value: true | false -listener.tcp.internal.nodelay = false - -## The SO_REUSEADDR flag for MQTT/TCP Listener. -## -## Value: true | false -listener.tcp.internal.reuseaddr = true - -##-------------------------------------------------------------------- -## MQTT/SSL - External SSL Listener for MQTT Protocol - -## listener.ssl.$name is the IP address and port that the MQTT/SSL -## listener will bind. -## -## Value: IP:Port | Port -## -## Examples: 8883, 127.0.0.1:8883, ::1:8883 -listener.ssl.external = 8883 - -## The acceptor pool for external MQTT/SSL listener. -## -## Value: Number -listener.ssl.external.acceptors = 16 - -## Maximum number of concurrent MQTT/SSL connections. -## -## Value: Number -listener.ssl.external.max_connections = 102400 - -## Maximum MQTT/SSL connections per second. -## -## Value: Number -listener.ssl.external.max_conn_rate = 500 - -## Specify the {active, N} option for the internal MQTT/SSL Socket. -## -## Value: Number -listener.ssl.external.active_n = 100 - -## Zone of the external MQTT/SSL listener belonged to. -## -## Value: String -listener.ssl.external.zone = external - -## The access control rules for the MQTT/SSL listener. -## -## See: listener.tcp.$name.access -## -## Value: ACL Rule -listener.ssl.external.access.1 = allow all - -## Rate limit for the external MQTT/SSL connections. -## -## Value: limit,duration -## Default: 100KB incoming per 10 seconds. -## listener.ssl.external.rate_limit = 100KB,10s - -## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind -## HAProxy or Nginx. -## -## See: listener.tcp.$name.proxy_protocol -## -## Value: on | off -## listener.ssl.external.proxy_protocol = on - -## Sets the timeout for proxy protocol. -## -## See: listener.tcp.$name.proxy_protocol_timeout -## -## Value: Duration -## listener.ssl.external.proxy_protocol_timeout = 3s - -## TLS versions only to protect from POODLE attack. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: String, seperated by ',' -## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 - -## TLS Handshake timeout. -## -## Value: Duration -listener.ssl.external.handshake_timeout = 15s - -## Path to the file containing the user's private PEM-encoded key. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: File -listener.ssl.external.keyfile = /etc/emqx/certs/key.pem - -## Path to a file containing the user certificate. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: File -listener.ssl.external.certfile = /etc/emqx/certs/cert.pem - -## Path to the file containing PEM-encoded CA certificates. The CA certificates -## are used during server authentication and when building the client certificate chain. -## -## Value: File -## listener.ssl.external.cacertfile = /etc/emqx/certs/cacert.pem - -## The Ephemeral Diffie-Helman key exchange is a very effective way of -## ensuring Forward Secrecy by exchanging a set of keys that never hit -## the wire. Since the DH key is effectively signed by the private key, -## it needs to be at least as strong as the private key. In addition, -## the default DH groups that most of the OpenSSL installations have -## are only a handful (since they are distributed with the OpenSSL -## package that has been built for the operating system it’s running on) -## and hence predictable (not to mention, 1024 bits only). -## In order to escape this situation, first we need to generate a fresh, -## strong DH group, store it in a file and then use the option above, -## to force our SSL application to use the new DH group. Fortunately, -## OpenSSL provides us with a tool to do that. Simply run: -## openssl dhparam -out dh-params.pem 2048 -## -## Value: File -## listener.ssl.external.dhfile = /etc/emqx/certs/dh-params.pem - -## A server only does x509-path validation in mode verify_peer, -## as it then sends a certificate request to the client (this -## message is not sent if the verify option is verify_none). -## You can then also want to specify option fail_if_no_peer_cert. -## More information at: http://erlang.org/doc/man/ssl.html -## -## Value: verify_peer | verify_none -## listener.ssl.external.verify = verify_peer - -## Used together with {verify, verify_peer} by an SSL server. If set to true, -## the server fails if the client does not have a certificate to send, that is, -## sends an empty certificate. -## -## Value: true | false -## listener.ssl.external.fail_if_no_peer_cert = true - -## This is the single most important configuration option of an Erlang SSL -## application. Ciphers (and their ordering) define the way the client and -## server encrypt information over the wire, from the initial Diffie-Helman -## key exchange, the session key encryption ## algorithm and the message -## digest algorithm. Selecting a good cipher suite is critical for the -## application’s data security, confidentiality and performance. -## -## The cipher list above offers: -## -## A good balance between compatibility with older browsers. -## It can get stricter for Machine-To-Machine scenarios. -## Perfect Forward Secrecy. -## No old/insecure encryption and HMAC algorithms -## -## Most of it was copied from Mozilla’s Server Side TLS article -## -## Value: Ciphers -listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## Ciphers for TLS PSK. -## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot -## be configured at the same time. -## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA - -## SSL parameter renegotiation is a feature that allows a client and a server -## to renegotiate the parameters of the SSL connection on the fly. -## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, -## you drop support for the insecure renegotiation, prone to MitM attacks. -## -## Value: on | off -## listener.ssl.external.secure_renegotiate = off - -## A performance optimization setting, it allows clients to reuse -## pre-existing sessions, instead of initializing new ones. -## Read more about it here. -## -## See: http://erlang.org/doc/man/ssl.html -## -## Value: on | off -## listener.ssl.external.reuse_sessions = on - -## An important security setting, it forces the cipher to be set based -## on the server-specified order instead of the client-specified order, -## hence enforcing the (usually more properly configured) security -## ordering of the server administrator. -## -## Value: on | off -## listener.ssl.external.honor_cipher_order = on - -## Use the CN, DN or CRT field from the client certificate as a username. -## Notice that 'verify' should be set as 'verify_peer'. -## -## Value: cn | dn | crt -## listener.ssl.external.peer_cert_as_username = cn - -## TCP backlog for the SSL connection. -## -## See listener.tcp.$name.backlog -## -## Value: Number >= 0 -## listener.ssl.external.backlog = 1024 - -## The TCP send timeout for the SSL connection. -## -## See listener.tcp.$name.send_timeout -## -## Value: Duration -## listener.ssl.external.send_timeout = 15s - -## Close the SSL connection if send timeout. -## -## See: listener.tcp.$name.send_timeout_close -## -## Value: on | off -## listener.ssl.external.send_timeout_close = on - -## The TCP receive buffer(os kernel) for the SSL connections. -## -## See: listener.tcp.$name.recbuf -## -## Value: Bytes -## listener.ssl.external.recbuf = 4KB - -## The TCP send buffer(os kernel) for internal MQTT connections. -## -## See: listener.tcp.$name.sndbuf -## -## Value: Bytes -## listener.ssl.external.sndbuf = 4KB - -## The size of the user-level software buffer used by the driver. -## -## See: listener.tcp.$name.buffer -## -## Value: Bytes -## listener.ssl.external.buffer = 4KB - -## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. -## -## See: listener.tcp.$name.tune_buffer -## -## Value: on | off -## listener.ssl.external.tune_buffer = off - -## The TCP_NODELAY flag for SSL connections. -## -## See: listener.tcp.$name.nodelay -## -## Value: true | false -## listener.ssl.external.nodelay = true - -## The SO_REUSEADDR flag for MQTT/SSL Listener. -## -## Value: true | false -listener.ssl.external.reuseaddr = true - -##-------------------------------------------------------------------- -## External WebSocket listener for MQTT protocol - -## listener.ws.$name is the IP address and port that the MQTT/WebSocket -## listener will bind. -## -## Value: IP:Port | Port -## -## Examples: 8083, 127.0.0.1:8083, ::1:8083 -listener.ws.external = 8083 - -## The path of WebSocket MQTT endpoint -## -## Value: URL Path -listener.ws.external.mqtt_path = /mqtt - -## The acceptor pool for external MQTT/WebSocket listener. -## -## Value: Number -listener.ws.external.acceptors = 4 - -## Maximum number of concurrent MQTT/WebSocket connections. -## -## Value: Number -listener.ws.external.max_connections = 102400 - -## Maximum MQTT/WebSocket connections per second. -## -## Value: Number -listener.ws.external.max_conn_rate = 1000 - -## Simulate the {active, N} option for the MQTT/WebSocket connections. -## -## Value: Number -listener.ws.external.active_n = 100 - -## Rate limit for the MQTT/WebSocket connections. -## -## Value: Limit,Duration -## Default: 100KB incoming per 10 seconds. -## listener.ws.external.rate_limit = 100KB,10s - -## Zone of the external MQTT/WebSocket listener belonged to. -## -## Value: String -listener.ws.external.zone = external - -## The access control for the MQTT/WebSocket listener. -## -## See: listener.ws.$name.access -## -## Value: ACL Rule -listener.ws.external.access.1 = allow all - -## Verify if the protocol header is valid. Turn off for WeChat MiniApp. -## -## Value: on | off -listener.ws.external.verify_protocol_header = on - -## Use X-Forwarded-For header for real source IP if the EMQ X cluster is -## deployed behind NGINX or HAProxy. -## -## Value: String -## listener.ws.external.proxy_address_header = X-Forwarded-For - -## Use X-Forwarded-Port header for real source port if the EMQ X cluster is -## deployed behind NGINX or HAProxy. -## -## Value: String -## listener.ws.external.proxy_port_header = X-Forwarded-Port - -## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind -## HAProxy or Nginx. -## -## See: listener.ws.$name.proxy_protocol -## -## Value: on | off -## listener.ws.external.proxy_protocol = on - -## Sets the timeout for proxy protocol. -## -## See: listener.ws.$name.proxy_protocol_timeout -## -## Value: Duration -## listener.ws.external.proxy_protocol_timeout = 3s - -## The TCP backlog of external MQTT/WebSocket Listener. -## -## See: listener.ws.$name.backlog -## -## Value: Number >= 0 -listener.ws.external.backlog = 1024 - -## The TCP send timeout for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.send_timeout -## -## Value: Duration -listener.ws.external.send_timeout = 15s - -## Close the MQTT/WebSocket connection if send timeout. -## -## See: listener.ws.$name.send_timeout_close -## -## Value: on | off -listener.ws.external.send_timeout_close = on - -## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.recbuf -## -## Value: Bytes -## listener.ws.external.recbuf = 2KB - -## The TCP send buffer(os kernel) for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.sndbuf -## -## Value: Bytes -## listener.ws.external.sndbuf = 2KB - -## The size of the user-level software buffer used by the driver. -## -## See: listener.ws.$name.buffer -## -## Value: Bytes -## listener.ws.external.buffer = 2KB - -## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled. -## -## See: listener.ws.$name.tune_buffer -## -## Value: on | off -## listener.ws.external.tune_buffer = off - -## The TCP_NODELAY flag for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.nodelay -## -## Value: true | false -listener.ws.external.nodelay = true - -## The compress flag for external MQTT/WebSocket connections. -## -## If this Value is set true,the websocket message would be compressed -## -## Value: true | false -## listener.ws.external.compress = true - -## The level of deflate options for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.level -## -## Value: none | default | best_compression | best_speed -## listener.ws.external.deflate_opts.level = default - -## The mem_level of deflate options for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.mem_level -## -## Valid range is 1-9 -## listener.ws.external.deflate_opts.mem_level = 8 - -## The strategy of deflate options for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.strategy -## -## Value: default | filtered | huffman_only | rle -## listener.ws.external.deflate_opts.strategy = default - -## The deflate option for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.server_context_takeover -## -## Value: takeover | no_takeover -## listener.ws.external.deflate_opts.server_context_takeover = takeover - -## The deflate option for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.client_context_takeover -## -## Value: takeover | no_takeover -## listener.ws.external.deflate_opts.client_context_takeover = takeover - -## The deflate options for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.server_max_window_bits -## -## Valid range is 8-15 -## listener.ws.external.deflate_opts.server_max_window_bits = 15 - -## The deflate options for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.deflate_opts.client_max_window_bits -## -## Valid range is 8-15 -## listener.ws.external.deflate_opts.client_max_window_bits = 15 - -## The idle timeout for external MQTT/WebSocket connections. -## -## See: listener.ws.$name.idle_timeout -## -## Value: Duration -## listener.ws.external.idle_timeout = 60s - -## The max frame size for external MQTT/WebSocket connections. -## -## -## Value: Number -## listener.ws.external.max_frame_size = 0 - -##-------------------------------------------------------------------- -## External WebSocket/SSL listener for MQTT Protocol - -## listener.wss.$name is the IP address and port that the MQTT/WebSocket/SSL -## listener will bind. -## -## Value: IP:Port | Port -## -## Examples: 8084, 127.0.0.1:8084, ::1:8084 -listener.wss.external = 8084 - -## The path of WebSocket MQTT endpoint -## -## Value: URL Path -listener.wss.external.mqtt_path = /mqtt - -## The acceptor pool for external MQTT/WebSocket/SSL listener. -## -## Value: Number -listener.wss.external.acceptors = 4 - -## Maximum number of concurrent MQTT/Webwocket/SSL connections. -## -## Value: Number -listener.wss.external.max_connections = 16 - -## Maximum MQTT/WebSocket/SSL connections per second. -## -## See: listener.tcp.$name.max_conn_rate -## -## Value: Number -listener.wss.external.max_conn_rate = 1000 - -## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections. -## -## Value: Number -listener.wss.external.active_n = 100 - -## Rate limit for the MQTT/WebSocket/SSL connections. -## -## Value: Limit,Duration -## Default: 100KB incoming per 10 seconds. -## listener.wss.external.rate_limit = 100KB,10s - -## Zone of the external MQTT/WebSocket/SSL listener belonged to. -## -## Value: String -listener.wss.external.zone = external - -## The access control rules for the MQTT/WebSocket/SSL listener. -## -## See: listener.tcp.$name.access. -## -## Value: ACL Rule -listener.wss.external.access.1 = allow all - -## See: listener.ws.external.verify_protocol_header -## -## Value: on | off -listener.wss.external.verify_protocol_header = on - -## See: listener.ws.external.proxy_address_header -## -## Value: String -## listener.wss.external.proxy_address_header = X-Forwarded-For - -## See: listener.ws.external.proxy_port_header -## -## Value: String -## listener.wss.external.proxy_port_header = X-Forwarded-Port - -## Enable the Proxy Protocol V1/2 support. -## -## See: listener.tcp.$name.proxy_protocol -## -## Value: on | off -## listener.wss.external.proxy_protocol = on - -## Sets the timeout for proxy protocol. -## -## See: listener.tcp.$name.proxy_protocol_timeout -## -## Value: Duration -## listener.wss.external.proxy_protocol_timeout = 3s - -## TLS versions only to protect from POODLE attack. -## -## See: listener.ssl.$name.tls_versions -## -## Value: String, seperated by ',' -## listener.wss.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1 - -## Path to the file containing the user's private PEM-encoded key. -## -## See: listener.ssl.$name.keyfile -## -## Value: File -listener.wss.external.keyfile = /etc/emqx/certs/key.pem - -## Path to a file containing the user certificate. -## -## See: listener.ssl.$name.certfile -## -## Value: File -listener.wss.external.certfile = /etc/emqx/certs/cert.pem - -## Path to the file containing PEM-encoded CA certificates. -## -## See: listener.ssl.$name.cacert -## -## Value: File -## listener.wss.external.cacertfile = /etc/emqx/certs/cacert.pem - -## See: listener.ssl.$name.dhfile -## -## Value: File -## listener.ssl.external.dhfile = /etc/emqx/certs/dh-params.pem - -## See: listener.ssl.$name.vefify -## -## Value: vefify_peer | verify_none -## listener.wss.external.verify = verify_peer - -## See: listener.ssl.$name.fail_if_no_peer_cert -## -## Value: false | true -## listener.wss.external.fail_if_no_peer_cert = true - -## See: listener.ssl.$name.ciphers -## -## Value: Ciphers -listener.wss.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA - -## Ciphers for TLS PSK. -## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot -## be configured at the same time. -## See 'https://tools.ietf.org/html/rfc4279#section-2'. -## listener.wss.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA - -## See: listener.ssl.$name.secure_renegotiate -## -## Value: on | off -## listener.wss.external.secure_renegotiate = off - -## See: listener.ssl.$name.reuse_sessions -## -## Value: on | off -## listener.wss.external.reuse_sessions = on - -## See: listener.ssl.$name.honor_cipher_order -## -## Value: on | off -## listener.wss.external.honor_cipher_order = on - -## See: listener.ssl.$name.peer_cert_as_username -## -## Value: cn | dn | crt -## listener.wss.external.peer_cert_as_username = cn - -## TCP backlog for the WebSocket/SSL connection. -## -## See: listener.tcp.$name.backlog -## -## Value: Number >= 0 -listener.wss.external.backlog = 1024 - -## The TCP send timeout for the WebSocket/SSL connection. -## -## See: listener.tcp.$name.send_timeout -## -## Value: Duration -listener.wss.external.send_timeout = 15s - -## Close the WebSocket/SSL connection if send timeout. -## -## See: listener.tcp.$name.send_timeout_close -## -## Value: on | off -listener.wss.external.send_timeout_close = on - -## The TCP receive buffer(os kernel) for the WebSocket/SSL connections. -## -## See: listener.tcp.$name.recbuf -## -## Value: Bytes -## listener.wss.external.recbuf = 4KB - -## The TCP send buffer(os kernel) for the WebSocket/SSL connections. -## -## See: listener.tcp.$name.sndbuf -## -## Value: Bytes -## listener.wss.external.sndbuf = 4KB - -## The size of the user-level software buffer used by the driver. -## -## See: listener.tcp.$name.buffer -## -## Value: Bytes -## listener.wss.external.buffer = 4KB - -## The TCP_NODELAY flag for WebSocket/SSL connections. -## -## See: listener.tcp.$name.nodelay -## -## Value: true | false -## listener.wss.external.nodelay = true - -## The compress flag for external WebSocket/SSL connections. -## -## If this Value is set true,the websocket message would be compressed -## -## Value: true | false -## listener.wss.external.compress = true - -## The level of deflate options for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.level -## -## Value: none | default | best_compression | best_speed -## listener.wss.external.deflate_opts.level = default - -## The mem_level of deflate options for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.mem_level -## -## Valid range is 1-9 -## listener.wss.external.deflate_opts.mem_level = 8 - -## The strategy of deflate options for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.strategy -## -## Value: default | filtered | huffman_only | rle -## listener.wss.external.deflate_opts.strategy = default - -## The deflate option for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.server_context_takeover -## -## Value: takeover | no_takeover -## listener.wss.external.deflate_opts.server_context_takeover = takeover - -## The deflate option for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.client_context_takeover -## -## Value: takeover | no_takeover -## listener.wss.external.deflate_opts.client_context_takeover = takeover - -## The deflate options for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.server_max_window_bits -## -## Valid range is 8-15 -## listener.wss.external.deflate_opts.server_max_window_bits = 15 - -## The deflate options for external WebSocket/SSL connections. -## -## See: listener.wss.$name.deflate_opts.client_max_window_bits -## -## Valid range is 8-15 -## listener.wss.external.deflate_opts.client_max_window_bits = 15 - -## The idle timeout for external WebSocket/SSL connections. -## -## See: listener.wss.$name.idle_timeout -## -## Value: Duration -## listener.wss.external.idle_timeout = 60s - -## The max frame size for external WebSocket/SSL connections. -## -## Value: Number -## listener.wss.external.max_frame_size = 0 - -##-------------------------------------------------------------------- -## Modules -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## Presence Module - -## Enable Presence Module. -## -## Value: on | off -module.presence = on - -## Sets the QoS for presence MQTT message. -## -## Value: 0 | 1 | 2 -module.presence.qos = 1 - -##-------------------------------------------------------------------- -## Subscription Module - -## Enable Subscription Module. -## -## Value: on | off -module.subscription = off - -## Subscribe the Topics automatically when client connected. -## module.subscription.1.topic = $client/%c -## Qos of the subscription: 0 | 1 | 2 -## module.subscription.1.qos = 1 - -## module.subscription.2.topic = $user/%u -## module.subscription.2.qos = 1 - -##-------------------------------------------------------------------- -## Rewrite Module - -## Enable Rewrite Module. -## -## Value: on | off -module.rewrite = off - -## {rewrite, Topic, Re, Dest} -## module.rewrite.rule.1 = x/# ^x/y/(.+)$ z/y/$1 -## module.rewrite.rule.2 = y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2 - -##------------------------------------------------------------------- -## Plugins -##------------------------------------------------------------------- - -## The etc dir for plugins' config. -## -## Value: Folder -plugins.etc_dir = /etc/emqx/plugins/ - -## The file to store loaded plugin names. -## -## Value: File -plugins.loaded_file = /var/lib/emqx/loaded_plugins - -## File to store loaded plugin names. -plugins.expand_plugins_dir = /var/lib/emqx/plugins/ - -##-------------------------------------------------------------------- -## Broker -##-------------------------------------------------------------------- - -## System interval of publishing $SYS messages. -## -## Value: Duration -## Default: 1m, 1 minute -broker.sys_interval = 1m - -## System heartbeat interval of publishing following heart beat message: -## - "$SYS/brokers//uptime" -## - "$SYS/brokers//datetime" -## -## Value: Duration -## Default: 30s -broker.sys_heartbeat = 30s - -## Enable global session registry. -## -## Value: on | off -broker.enable_session_registry = on - -## Session locking strategy in a cluster. -## -## Value: Enum -## - local -## - one -## - quorum -## - all -broker.session_locking_strategy = quorum - -## Dispatch strategy for shared subscription -## -## Value: Enum -## - random -## - round_robin -## - sticky -## - hash -broker.shared_subscription_strategy = random - -## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages -## This should allow messages to be dispatched to a different subscriber in -## the group in case the picked (based on shared_subscription_strategy) one # is offline -## -## Value: Enum -## - true -## - false -broker.shared_dispatch_ack_enabled = false - -## Enable batch clean for deleted routes. -## -## Value: Flag -broker.route_batch_clean = off - -##-------------------------------------------------------------------- -## System Monitor -##-------------------------------------------------------------------- - -## Enable Long GC monitoring. Disable if the value is 0. -## Notice: don't enable the monitor in production for: -## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421 -## -## Value: Duration -## - h: hour -## - m: minute -## - s: second -## - ms: milliseconds -## -## Examples: -## - 2h: 2 hours -## - 30m: 30 minutes -## - 0.1s: 0.1 seconds -## - 100ms : 100 milliseconds -## -## Default: 0ms -sysmon.long_gc = 0 - -## Enable Long Schedule(ms) monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: Duration -## - h: hour -## - m: minute -## - s: second -## - ms: milliseconds -## -## Examples: -## - 2h: 2 hours -## - 30m: 30 minutes -## - 0.1s: 0.1 seconds -## - 100ms: 100 milliseconds -## -## Default: 0ms -sysmon.long_schedule = 240ms - -## Enable Large Heap monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: bytes -## -## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM. -sysmon.large_heap = 8MB - -## Enable Busy Port monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: true | false -sysmon.busy_port = false - -## Enable Busy Dist Port monitoring. -## -## See: http://erlang.org/doc/man/erlang.html#system_monitor-2 -## -## Value: true | false -sysmon.busy_dist_port = true - -## The time interval for the periodic cpu check -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 60s -os_mon.cpu_check_interval = 60s - -## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set. -## -## Default: 80% -os_mon.cpu_high_watermark = 80% - -## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear. -## -## Default: 60% -os_mon.cpu_low_watermark = 60% - -## The time interval for the periodic memory check -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 60s -os_mon.mem_check_interval = 60s - -## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set. -## -## Default: 70% -os_mon.sysmem_high_watermark = 70% - -## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set. -## -## Default: 5% -os_mon.procmem_high_watermark = 5% - -## The time interval for the periodic process limit check -## -## Value: Duration -## -## Default: 30s -vm_mon.check_interval = 30s - -## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set. -## -## Default: 80% -vm_mon.process_high_watermark = 80% - -## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear. -## -## Default: 60% -vm_mon.process_low_watermark = 60% - - diff --git a/docker/local_build/emqx4.0/emqx_auth_http.conf b/docker/local_build/emqx4.0/emqx_auth_http.conf deleted file mode 100644 index ca54b13b..00000000 --- a/docker/local_build/emqx4.0/emqx_auth_http.conf +++ /dev/null @@ -1,133 +0,0 @@ -##-------------------------------------------------------------------- -## HTTP Auth/ACL Plugin -##-------------------------------------------------------------------- - - -##------------------------------------------------------------------------------ -## SSL options - -## Path to the file containing PEM-encoded CA certificates. The CA certificates -## are used during server authentication and when building the client certificate chain. -## -## Value: File -## auth.http.ssl.cacertfile = /etc/emqx/certs/ca.pem - -## The path to a file containing the client's certificate. -## -## Value: File -## auth.http.ssl.certfile = /etc/emqx/certs/client-cert.pem - -## Path to a file containing the client's private PEM-encoded key. -## -## Value: File -## auth.http.ssl.keyfile = /etc/emqx/certs/client-key.pem - -##-------------------------------------------------------------------- -## HTTP Request Headers -## -## Example: auth.http.header.Accept-Encoding = * -## -## Value: String -## auth.http.header.Accept = */* - -##-------------------------------------------------------------------- -## Authentication request. -## -## Variables: -## - %u: username -## - %c: clientid -## - %a: ipaddress -## - %r: protocol -## - %P: password -## - %p: sockport of server accepted -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -## Value: URL -auth.http.auth_req = http://localhost:8080/iot/tool/mqtt/auth -## Value: post | get | put -auth.http.auth_req.method = post -## Value: Params -auth.http.auth_req.params = clientid=%c,username=%u,password=%P - -##-------------------------------------------------------------------- -## Superuser request. -## -## Variables: -## - %u: username -## - %c: clientid -## - %a: ipaddress -## - %r: protocol -## - %P: password -## - %p: sockport of server accepted -## - %C: common name of client TLS cert -## - %d: subject of client TLS cert -## -## Value: URL -# auth.http.super_req = http://127.0.0.1:8991/mqtt/superuser -## Value: post | get | put -# auth.http.super_req.method = post -## Value: Params -# auth.http.super_req.params = clientid=%c,username=%u - -##-------------------------------------------------------------------- -## ACL request. -## -## Variables: -## - %A: 1 | 2, 1 = sub, 2 = pub -## - %u: username -## - %c: clientid -## - %a: ipaddress -## - %r: protocol -## - %m: mountpoint -## - %t: topic -## -## Value: URL -# auth.http.acl_req = http://127.0.0.1:8991/mqtt/acl -## Value: post | get | put -# auth.http.acl_req.method = get -## Value: Params -# auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m - -##------------------------------------------------------------------------------ -## Http Reqeust options - -## Time-out time for the http request, 0 is never timeout. -## -## Value: Duration -## -h: hour, e.g. '2h' for 2 hours -## -m: minute, e.g. '5m' for 5 minutes -## -s: second, e.g. '30s' for 30 seconds -## -## Default: 0 -## auth.http.request.timeout = 0 - -## Connection time-out time, used during the initial request -## when the client is connecting to the server -## -## Value: Duration -## -## Default is same with the timeout option -## auth.http.request.connect_timout = 0 - -## Re-send http reuqest times -## -## Value: integer -## -## Default: 3 -auth.http.request.retry_times = 3 - -## The interval for re-sending the http request -## -## Value: Duration -## -## Default: 1s -auth.http.request.retry_interval = 1s - -## The 'Exponential Backoff' mechanism for re-sending request. The actually -## re-send time interval is `interval * backoff ^ times` -## -## Value: float -## -## Default: 2.0 -auth.http.request.retry_backoff = 2.0 diff --git a/docker/local_build/emqx4.0/emqx_web_hook.conf b/docker/local_build/emqx4.0/emqx_web_hook.conf deleted file mode 100644 index 5fe157dc..00000000 --- a/docker/local_build/emqx4.0/emqx_web_hook.conf +++ /dev/null @@ -1,22 +0,0 @@ - -web.hook.api.url = http://localhost:8080/iot/tool/mqtt/webhook - -## Encode message payload field -## -## Value: base64 | base62 -## -## Default: undefined -## web.hook.encode_payload = base64 - -# web.hook.rule.client.connect.1 = {"action": "on_client_connect"} -# web.hook.rule.client.connack.1 = {"action": "on_client_connack"} -web.hook.rule.client.connected.1 = {"action": "on_client_connected"} -web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"} -# web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"} -# web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"} -# web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"} -# web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"} -# web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"} -# web.hook.rule.message.publish.1 = {"action": "on_message_publish"} -# web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"} -# web.hook.rule.message.acked.1 = {"action": "on_message_acked"} diff --git a/docker/local_build/emqx4.0/loaded_plugins b/docker/local_build/emqx4.0/loaded_plugins deleted file mode 100644 index 91b5ed86..00000000 --- a/docker/local_build/emqx4.0/loaded_plugins +++ /dev/null @@ -1,8 +0,0 @@ -{emqx_management,true}. -{emqx_recon,true}. -{emqx_retainer,true}. -{emqx_dashboard,true}. -{emqx_rule_engine,true}. -{emqx_bridge_mqtt,false}. -{emqx_auth_http,true}. -{emqx_web_hook,true}. diff --git a/docker/local_build/nginx-ssl.conf b/docker/local_build/nginx-ssl.conf deleted file mode 100644 index b7587d83..00000000 --- a/docker/local_build/nginx-ssl.conf +++ /dev/null @@ -1,97 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - - gzip on; - gzip_min_length 1k; - gzip_buffers 16 64K; - gzip_http_version 1.1; - gzip_comp_level 5; - gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml; - gzip_vary on; - gzip_proxied expired no-cache no-store private auth; - gzip_disable "MSIE [1-6]\."; - - server { - listen 80; - server_name localhost; - location / { - rewrite ^(.*) https://$server_name$1 permanent; - } - } - -server { - # 侦听443端口 - listen 443 ssl; - # 定义访问域名 - server_name localhost; - #证书文件名称 - ssl_certificate domain_bundle.crt; - #私钥文件名称 - ssl_certificate_key domain.key; - - #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则 - #error_page 404/404.html; - #HTTP_TO_HTTPS_START - if ($server_port !~ 443){ - rewrite ^(/.*)$ https://$host$1 permanent; - } - ssl_session_timeout 10m; - #请按照以下协议配置 - ssl_protocols TLSv1.2 TLSv1.3; - #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。 - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; - ssl_prefer_server_ciphers on; - - # web端 - location / { - root /var/wumei-smart/vue; - try_files $uri $uri/ /index.html; - index index.html index.htm; - } - - # 服务端接口 - location /prod-api/{ - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:8080/; - } - - # emqx接口 - location /api/v4/{ - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:8081/api/v4/; - } - - # wss连接 - location /mqtt { - proxy_pass http://localhost:8083/mqtt; - proxy_read_timeout 90s; - proxy_set_header Host $host; - proxy_set_header X-Real_IP $remote_addr; - proxy_set_header X-Forwarded-for $remote_addr; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'Upgrade'; - } - - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } -} -} \ No newline at end of file diff --git a/docker/local_build/nginx.conf b/docker/local_build/nginx.conf deleted file mode 100644 index 202372e3..00000000 --- a/docker/local_build/nginx.conf +++ /dev/null @@ -1,55 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - - gzip on; - gzip_min_length 1k; - gzip_buffers 16 64K; - gzip_http_version 1.1; - gzip_comp_level 5; - gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml; - gzip_vary on; - gzip_proxied expired no-cache no-store private auth; - gzip_disable "MSIE [1-6]\."; - - server { - listen 80; - server_name localhost; - charset utf-8; - - location / { - root /var/wumei-smart/vue; - try_files $uri $uri/ /index.html; - index index.html index.htm; - } - - location /prod-api/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:8080/; - } - - location /api/v4/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:8081/api/v4/; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - } -} \ No newline at end of file diff --git a/docker/local_build/wumei-smart/java/放置后端jar包,改名为app.jar.txt b/docker/local_build/wumei-smart/java/放置后端jar包,改名为app.jar.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/docker/local_build/wumei-smart/vue/放置vue打包文件内容.txt b/docker/local_build/wumei-smart/vue/放置vue打包文件内容.txt deleted file mode 100644 index e69de29b..00000000