diff --git a/.workflow/pipeline-docker.yml b/.workflow/pipeline-docker.yml
new file mode 100644
index 00000000..464ef6c6
--- /dev/null
+++ b/.workflow/pipeline-docker.yml
@@ -0,0 +1,95 @@
+version: '1.0'
+name: pipeline-docker
+displayName: 构建镜像
+triggers:
+ trigger: auto
+ push:
+ branches:
+ precise:
+ - master
+ commitMessages:
+ include:
+ - ^deploy-docker
+stages:
+ - name: stage-5ecf171c
+ displayName: 项目打包
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: build@maven
+ name: build_maven
+ displayName: Maven 构建后端
+ jdkVersion: '8'
+ mavenVersion: 3.6.1
+ commands:
+ - cd ./springboot
+ - mvn -B clean package -Dmaven.test.skip=true
+ artifacts:
+ - name: BUILD_JAVA
+ path:
+ - ./springboot/wumei-admin/target/wumei-admin.jar
+ settings: []
+ strategy:
+ retry: '0'
+ - step: build@nodejs
+ name: build_nodejs
+ displayName: Nodejs 构建前端
+ nodeVersion: 14.16.0
+ commands:
+ - cd ./vue
+ - npm install --registry=https://registry.npm.taobao.org \
+ - '&& rm -rf ./dist && npm run build:prod'
+ artifacts:
+ - name: BUILD_VUE
+ path:
+ - ./vue/dist
+ strategy:
+ retry: '0'
+ - name: stage-f5631c9e
+ displayName: 上传打包文件
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: publish@general_artifacts
+ name: publish_general_artifacts_java
+ displayName: 上传后端制品
+ dependArtifact: BUILD_JAVA
+ artifactName: springboot
+ strategy:
+ retry: '0'
+ - step: publish@general_artifacts
+ name: publish_general_artifacts_vue
+ displayName: 上传前端制品
+ dependArtifact: BUILD_VUE
+ artifactName: vue
+ strategy:
+ retry: '0'
+ - name: stage-59a550ac
+ displayName: 构建镜像
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: build@docker
+ name: build_docker
+ displayName: 镜像构建
+ type: cert
+ certificate: kerwincui-docker
+ tag: kerwincui/wumei-smart:1.01
+ dockerfile: ./docker/Dockerfile
+ context: ./docker
+ artifacts:
+ - ${BUILD_JAVA}
+ - ${BUILD_VUE}
+ isCache: true
+ strategy:
+ retry: '0'
+permissions:
+ - role: admin
+ members:
+ - kerwincui
diff --git a/.workflow/pipeline-java.yml b/.workflow/pipeline-java.yml
new file mode 100644
index 00000000..ddae08af
--- /dev/null
+++ b/.workflow/pipeline-java.yml
@@ -0,0 +1,64 @@
+version: '1.0'
+name: pipeline-java
+displayName: 部署后端
+triggers:
+ trigger: auto
+ push:
+ branches:
+ precise:
+ - master
+ commitMessages:
+ include:
+ - ^deploy-server
+stages:
+ - name: stage-2c3f9607
+ displayName: 构建后端
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: build@maven
+ name: build_maven
+ displayName: Maven 构建
+ jdkVersion: '8'
+ mavenVersion: 3.6.1
+ commands:
+ - cd ./springboot
+ - mvn -B clean package -Dmaven.test.skip=true
+ artifacts:
+ - name: BUILD_JAVA
+ path:
+ - ./springboot/wumei-admin/target/wumei-admin.jar
+ settings: []
+ strategy:
+ retry: '0'
+ - name: stage-b6625c4a
+ displayName: 部署后端
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: deploy@agent
+ name: deploy_agent
+ displayName: 主机部署
+ hostGroupID: alicloud
+ deployArtifact:
+ - source: build
+ name: springboot
+ target: ~/gitee_go/deploy
+ dependArtifact: BUILD_JAVA
+ script: |-
+ # 请在此输入部署脚本,如启动Java应用如下
+ # nohup java -jar test.jar > nohup.out &
+ echo 'Hello Gitee!'
+ touch springboot
+ strategy:
+ retry: '0'
+strategy:
+ blocking: true
+permissions:
+ - role: admin
+ members:
+ - kerwincui
diff --git a/.workflow/pipeline-vue.yml b/.workflow/pipeline-vue.yml
new file mode 100644
index 00000000..12ee7505
--- /dev/null
+++ b/.workflow/pipeline-vue.yml
@@ -0,0 +1,60 @@
+version: '1.0'
+name: pipeline-vue
+displayName: 部署前端
+triggers:
+ trigger: auto
+ push:
+ branches:
+ precise:
+ - master
+ commitMessages:
+ include:
+ - ^deploy-vue
+stages:
+ - name: stage-3761fd9a
+ displayName: 构建前端
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: build@nodejs
+ name: build_nodejs
+ displayName: Nodejs 构建
+ nodeVersion: 14.16.0
+ commands:
+ - cd ./vue
+ - npm install --registry=https://registry.npm.taobao.org \
+ - '&& rm -rf ./dist && npm run build:prod'
+ artifacts:
+ - name: BUILD_VUE
+ path:
+ - ./vue/dist
+ strategy:
+ retry: '0'
+ - name: stage-79a96375
+ displayName: 部署前端
+ strategy: naturally
+ trigger: auto
+ executor:
+ - kerwincui
+ steps:
+ - step: deploy@agent
+ name: deploy_agent
+ displayName: 主机部署
+ hostGroupID: alicloud
+ deployArtifact:
+ - source: build
+ name: vue
+ target: ~/gitee_go/deploy
+ dependArtifact: BUILD_VUE
+ script: |-
+ # 请在此输入部署脚本,如启动Java应用如下
+ # nohup java -jar test.jar > nohup.out &
+ echo 'Hello Gitee!' && touch vuetest
+ touch vue
+ strategy:
+ retry: '0'
+permissions:
+ - role: admin
+ members: []
diff --git a/README.md b/README.md
index a889eed7..4f692297 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
#### 2. 设备接入使用EMQX消息服务器,加密认证;后端采用Spring boot;前端采用Vue;移动端采用Uniapp;数据库采用Mysql和Redis;设备端支持ESP32、ESP8266、树莓派等;系统架构图如下:
-#### 3. 项目可用于个人学习和使用,商业用途需要赞助项目,获得授权。[查看详情 >>](https://gitee.com/kerwincui/wumei-smart/blob/master/app/README.md)
+#### 3. 项目可用于个人学习和使用,商业用途需要赞助项目,获得授权。[查看详情 >>](https://wumei.live/doc/pages/sponsor/)
#### 4. 案例展示
| Wifi通断器 | 信息牌 | 桌面小电视 | 雾霾/粉尘/空气检测仪
@@ -59,7 +59,7 @@
vue ----------------------- 前端
docker -------------------- docker部署文件
sdk ----------------------- 硬件SDK
- app ----------------------- [获取App源码](https://gitee.com/kerwincui/wumei-smart/tree/master/app)
+ app ----------------------- 移动端打包文件
###### 移动端适配多端
|安卓/Android|苹果/IOS|微信小程序| 网页/H5|Vue2.0
@@ -69,7 +69,7 @@
### 七、相关文档
##### 权限管理基于ruoyi-vue系统,Mqtt消息服务器基于EMQX4.0开源版,SDK示例使用ESP8266 Core For Arduino开发
-* [项目文档](http://wumei.live/kerwincui/document/wiki/)
+* [项目文档](https://wumei.live/doc/)
* [物美智能官网](http://wumei.live/)
* [权限管理系统ruoyi-vue](https://gitee.com/y_project/RuoYi-Vue)
* [Mqtt消息服务器EMQX4.0](https://github.com/emqx/emqx)
diff --git a/app/README.md b/app/README.md
index b80f8980..79c2fcb3 100644
--- a/app/README.md
+++ b/app/README.md
@@ -1,33 +1,23 @@
-#### 一、物美智能项目是开源的,可用于个人学习;商业使用请赞助该项目,获得授权;同时还提供了小程序、APP源码和相关教程。
-
-#### 二、个人使用后面会提供免费线上托管;移动端开放接口,还可以对接自己使用系统搭建的平台。
-
-#### 三、获取移动端源码、教程和授权的方式
-1. 赞助项目,赞助费暂定1500元
-2. 参与项目,贡献代码(减免300-1500元)
-3. 推广项目(减免10-1500元)
-
-#### 四、通过赞助、贡献代码、推广可以加入项目内部,里面包含移动端源码和更多相关教程,并且获得一年的免费更新。目前项目还在完善,教程暂无,赞助费暂定1500元。可以通过官网[http://wumei.live/](http://wumei.live/) 注册账号,联系作者加入项目内部。
-
-##### 项目开发交流群:【946029159】,项目互助交流群:【1073236354】,作者QQ: 【164770707】
-
-#### 五、移动端介绍
+* 项目可用于个人学习;商业使用请赞助该项目,获得授权;
+* 赞助后还提供了小程序、APP源码和相关教程。[详情](https://wumei.live/doc/pages/sponsor/)
+
+
+#### 移动端介绍
|安卓/Android|苹果/IOS|微信小程序| 网页/H5|Vue2.0
| :---: | :---: | :---: | :---: |:---: |
| √ | √| √ | √ | √ |
-##### 介绍
1. 项目使用uniapp开发,适配小程序、安卓、苹果和H5,其他平台未测试。
2. UI框架使用uView2.0
3. 组件使用easycom模式,只要组件安装在项目的components目录下或uni_modules目录下,并符合components/组件名称/组件名称.vue目录结构。就可以不用引用、注册,直接在页面中使用。
4. 开发工具为Hbuilder3.3版本,版本不易过低。
-##### 项目结构
+###### 项目结构
```
├─apis // 接口管理
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 39caa472..830f828b 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -12,45 +12,56 @@ ENV DB_USER root
ENV DB_PASSWORD admin
RUN apt-get update && \
- # 安装网络工具和设置时区
+ echo "1. 安装网络工具和设置时区 =====================" && \
apt-get install wget -y --no-install-recommends && \
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
- # 更换国内源
+
+ echo "2. 更换国内源 =============================" && \
wget http://qiniu.xiwen.online/Debian10.list && \
mv Debian10.list /etc/apt/sources.list && \
apt update && apt upgrade -y && \
- # 安装压缩工具
- apt install zip -y && \
- # 安装nginx和redis
+
+ echo "3. 安装压缩工具 ============================" && \
+ apt install zip -y && \
+
+ echo "4. 安装nginx ==============================" && \
apt-get install nginx -y --no-install-recommends && \
+
+ echo "5. 安装redis ===============================" && \
apt-get install redis-server -y --no-install-recommends && \
- # 安装 emqx
- apt update && apt install -y \
- apt-transport-https \
- ca-certificates \
- curl \
- gnupg-agent \
- software-properties-common && \
- curl -fsSL https://repos.emqx.io/gpg.pub | apt-key add - && \
- add-apt-repository \
- "deb [arch=amd64] https://repos.emqx.io/emqx-ce/deb/ubuntu/ \
- ./bionic \
- stable" && \
- apt update && \
- apt install emqx=4.0.0 -y --no-install-recommends && \
- # 修改redis配置
+
+ echo "6. 修改redis配置 =============================" && \
sed -i "s/# requirepass foobared/requirepass wumei-smart/g" /etc/redis/redis.conf && \
sed -i "s/bind 127.0.0.1/# bind 127.0.0.1/g" /etc/redis/redis.conf
+ # echo "6. 安装 emqx =============================" && \
+ # apt update && apt install -y \
+ # apt-transport-https \
+ # ca-certificates \
+ # curl \
+ # gnupg-agent \
+ # software-properties-common && \
+ # echo "6.2 添加EMQX官方GPG秘钥 =============================" && \
+ # curl -fsSL https://repos.emqx.io/gpg.pub | apt-key add - && \
+ # echo "6.3 设置存储库 =============================" && \
+ # add-apt-repository \
+ # "deb [arch=amd64] https://repos.emqx.io/emqx-ce/deb/ubuntu/ \
+ # ./bionic \
+ # stable" && \
+ # echo "6.4 更新apt包索引 =============================" && \
+ # apt update && \
+ # echo "6.5 安装4.0版本 =============================" && \
+ # apt install emqx=4.0.0 -y --no-install-recommends
+
# 复制emqx和Nginx的配置文件
-COPY ./emqx4.0/emqx.conf /etc/emqx/emqx.conf
-COPY ./emqx4.0/emqx_auth_http.conf /etc/emqx/plugins/emqx_auth_http.conf
-COPY ./emqx4.0/emqx_web_hook.conf /etc/emqx/plugins/emqx_web_hook.conf
-COPY ./emqx4.0/loaded_plugins /var/lib/emqx/loaded_plugins
+# COPY ./emqx4.0/emqx.conf /etc/emqx/emqx.conf
+# COPY ./emqx4.0/emqx_auth_http.conf /etc/emqx/plugins/emqx_auth_http.conf
+# COPY ./emqx4.0/emqx_web_hook.conf /etc/emqx/plugins/emqx_web_hook.conf
+# COPY ./emqx4.0/loaded_plugins /var/lib/emqx/loaded_plugins
COPY ./nginx.conf /etc/nginx/nginx.conf
-# 拷贝前后端压缩文件到容器,容器内解压后删除
-COPY ./wumei-smart.tar /var/
-RUN cd /var && tar -xvf wumei-smart.tar && rm wumei-smart.tar
+
+
+# 解压前端和后端文件并放置到对应位置
# 启动脚本
COPY docker-entrypoint.sh /
diff --git a/docker/local_build/Dockerfile b/docker/local_build/Dockerfile
new file mode 100644
index 00000000..39caa472
--- /dev/null
+++ b/docker/local_build/Dockerfile
@@ -0,0 +1,61 @@
+FROM openjdk:8u322-jre-slim-buster
+
+ENV VERSION 1.1
+ENV AUTHOR kerwincui
+ENV INFO wumei smart open source living iot platform
+ENV SERVERS nginx:1.14.2, redis-server:5.0.14, emqx:4.0, openjdk:8u322-jre-slim-buster
+
+# mysql环境变量
+ENV DB_HOST localhost
+ENV DB_NAME wumei
+ENV DB_USER root
+ENV DB_PASSWORD admin
+
+RUN apt-get update && \
+ # 安装网络工具和设置时区
+ apt-get install wget -y --no-install-recommends && \
+ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
+ # 更换国内源
+ wget http://qiniu.xiwen.online/Debian10.list && \
+ mv Debian10.list /etc/apt/sources.list && \
+ apt update && apt upgrade -y && \
+ # 安装压缩工具
+ apt install zip -y && \
+ # 安装nginx和redis
+ apt-get install nginx -y --no-install-recommends && \
+ apt-get install redis-server -y --no-install-recommends && \
+ # 安装 emqx
+ apt update && apt install -y \
+ apt-transport-https \
+ ca-certificates \
+ curl \
+ gnupg-agent \
+ software-properties-common && \
+ curl -fsSL https://repos.emqx.io/gpg.pub | apt-key add - && \
+ add-apt-repository \
+ "deb [arch=amd64] https://repos.emqx.io/emqx-ce/deb/ubuntu/ \
+ ./bionic \
+ stable" && \
+ apt update && \
+ apt install emqx=4.0.0 -y --no-install-recommends && \
+ # 修改redis配置
+ sed -i "s/# requirepass foobared/requirepass wumei-smart/g" /etc/redis/redis.conf && \
+ sed -i "s/bind 127.0.0.1/# bind 127.0.0.1/g" /etc/redis/redis.conf
+
+# 复制emqx和Nginx的配置文件
+COPY ./emqx4.0/emqx.conf /etc/emqx/emqx.conf
+COPY ./emqx4.0/emqx_auth_http.conf /etc/emqx/plugins/emqx_auth_http.conf
+COPY ./emqx4.0/emqx_web_hook.conf /etc/emqx/plugins/emqx_web_hook.conf
+COPY ./emqx4.0/loaded_plugins /var/lib/emqx/loaded_plugins
+COPY ./nginx.conf /etc/nginx/nginx.conf
+# 拷贝前后端压缩文件到容器,容器内解压后删除
+COPY ./wumei-smart.tar /var/
+RUN cd /var && tar -xvf wumei-smart.tar && rm wumei-smart.tar
+
+# 启动脚本
+COPY docker-entrypoint.sh /
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+# 映射端口
+EXPOSE 80 1883 8083
+
diff --git a/docker/local_build/description.txt b/docker/local_build/description.txt
new file mode 100644
index 00000000..715608d8
--- /dev/null
+++ b/docker/local_build/description.txt
@@ -0,0 +1,48 @@
+# 服务启动
+service nginx start
+service redis-server start
+service mysql start
+emqx start
+java -jar /var/wumei-smart/app.jar
+
+# 镜像构建
+docker build -t wumei-smart:1.0 .
+# 复制文件到容器
+docker cp wumei-smart/* container:/var/wumei-smart/
+# 镜像导出导入
+docker export container| docker import - kerwincui/wumei-smart:1.0
+# 镜像推送
+阿里云镜像:registry.cn-chengdu.aliyuncs.com/kerwincui/wumei-smart:1.0
+docker tag wumei-smart kerwincui/wumei-smart:1.0
+docker push kerwinci/wumei-smart:1.0
+
+# 容器运行
+docker run \
+--name wumei-smart \
+--env DB_HOST=wumei.live:3306 \
+--env DB_NAME=wumei-smart \
+--env DB_USER=root \
+--env DB_PASSWORD=wumei-smart \
+--publish 80:80 \
+--publish 1883:1883 \
+--publish 8083:8083 \
+--volume /var/wumei-smart/java/uploadPath:/var/wumei-smart/java/uploadPath \
+--restart unless-stopped \
+--detach \
+kerwincui/wumei-smart:1.1
+
+--publish 18083:18083 \
+--publish 8084:8084 \
+--publish 8883:8883 \
+--publish 8081:8081 \
+--publish 6379:6379 \
+--publish 8080:8080 \
+
+--volume /var/wumei-smart/java/logs:/var/wumei-smart/java/logs \
+--volume /var/wumei-smart/nginx/nginx.conf:/etc/nginx/nginx.conf \
+--volume /var/wumei-smart/nginx/error.log:/var/log/nginx/error.log \
+--volume /var/wumei-smart/redis/redis.conf:/etc/redis/redis.conf \
+--volume /var/wumei-smart/redis/redis-server.log:/var/log/redis/redis-server.log \
+--volume /var/wumei-smart/emqx/emqx.conf:/etc/emqx/emqx.conf \
+--volume /var/wumei-smart/emqx/log:/var/log/emqx \
+
diff --git a/docker/local_build/docker-entrypoint.sh b/docker/local_build/docker-entrypoint.sh
new file mode 100644
index 00000000..a3628120
--- /dev/null
+++ b/docker/local_build/docker-entrypoint.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# start service
+startTime=$(date "+%Y-%m-%d %H:%M:%S")
+echo $startTime : wumei-smart is starting, please waiting ...
+
+# 提取jar包配置文件
+cd /var/wumei-smart/java
+unzip app.jar BOOT-INF/classes/application-druid.yml
+# 修改mysql配置
+sed -i "s/{DB_HOST}/$DB_HOST/g" BOOT-INF/classes/application-druid.yml
+sed -i "s/{DB_NAME}/$DB_NAME/g" BOOT-INF/classes/application-druid.yml
+sed -i "s/{DB_USER}/$DB_USER/g" BOOT-INF/classes/application-druid.yml
+sed -i "s/{DB_PASSWORD}/$DB_PASSWORD/g" BOOT-INF/classes/application-druid.yml
+# 配置文件写入jar包,并删除提取的配置
+zip app.jar BOOT-INF/classes/application-druid.yml
+rm -rf BOOT-INF
+
+service nginx start
+service redis-server start
+emqx start
+java -jar /var/wumei-smart/java/app.jar
+
+
+while true
+do
+ time=$(date "+%Y-%m-%d %H:%M:%S")
+ echo $time : wumei-smart is running...
+ sleep 3600
+done
+
+
diff --git a/docker/local_build/emqx4.0/emqx.conf b/docker/local_build/emqx4.0/emqx.conf
new file mode 100644
index 00000000..c277a165
--- /dev/null
+++ b/docker/local_build/emqx4.0/emqx.conf
@@ -0,0 +1,2061 @@
+##====================================================================
+## EMQ X Configuration R4.0
+##====================================================================
+
+##--------------------------------------------------------------------
+## Cluster
+##--------------------------------------------------------------------
+
+## Cluster name.
+##
+## Value: String
+cluster.name = emqxcl
+
+## Specify the erlang distributed protocol.
+##
+## Value: Enum
+## - inet_tcp: the default; handles TCP streams with IPv4 addressing.
+## - inet6_tcp: handles TCP with IPv6 addressing.
+## - inet_tls: using TLS for Erlang Distribution.
+##
+## vm.args: -proto_dist inet_tcp
+cluster.proto_dist = inet_tcp
+
+## Cluster auto-discovery strategy.
+##
+## Value: Enum
+## - manual: Manual join command
+## - static: Static node list
+## - mcast: IP Multicast
+## - dns: DNS A Record
+## - etcd: etcd
+## - k8s: Kubernates
+##
+## Default: manual
+cluster.discovery = manual
+
+## Enable cluster autoheal from network partition.
+##
+## Value: on | off
+##
+## Default: on
+cluster.autoheal = on
+
+## Autoclean down node. A down node will be removed from the cluster
+## if this value > 0.
+##
+## Value: Duration
+## -h: hour, e.g. '2h' for 2 hours
+## -m: minute, e.g. '5m' for 5 minutes
+## -s: second, e.g. '30s' for 30 seconds
+##
+## Default: 5m
+cluster.autoclean = 5m
+
+##--------------------------------------------------------------------
+## Cluster using static node list
+
+## Node list of the cluster.
+##
+## Value: String
+## cluster.static.seeds = emqx1@127.0.0.1,emqx2@127.0.0.1
+
+##--------------------------------------------------------------------
+## Cluster using IP Multicast.
+
+## IP Multicast Address.
+##
+## Value: IP Address
+## cluster.mcast.addr = 239.192.0.1
+
+## Multicast Ports.
+##
+## Value: Port List
+## cluster.mcast.ports = 4369,4370
+
+## Multicast Iface.
+##
+## Value: Iface Address
+##
+## Default: 0.0.0.0
+## cluster.mcast.iface = 0.0.0.0
+
+## Multicast Ttl.
+##
+## Value: 0-255
+## cluster.mcast.ttl = 255
+
+## Multicast loop.
+##
+## Value: on | off
+## cluster.mcast.loop = on
+
+##--------------------------------------------------------------------
+## Cluster using DNS A records.
+
+## DNS name.
+##
+## Value: String
+## cluster.dns.name = localhost
+
+## The App name is used to build 'node.name' with IP address.
+##
+## Value: String
+## cluster.dns.app = emqx
+
+##--------------------------------------------------------------------
+## Cluster using etcd
+
+## Etcd server list, seperated by ','.
+##
+## Value: String
+## cluster.etcd.server = http://127.0.0.1:2379
+
+## The prefix helps build nodes path in etcd. Each node in the cluster
+## will create a path in etcd: v2/keys///
+##
+## Value: String
+## cluster.etcd.prefix = emqxcl
+
+## The TTL for node's path in etcd.
+##
+## Value: Duration
+##
+## Default: 1m, 1 minute
+## cluster.etcd.node_ttl = 1m
+
+## Path to a file containing the client's private PEM-encoded key.
+##
+## Value: File
+## cluster.etcd.ssl.keyfile = /etc/emqx/certs/client-key.pem
+
+## The path to a file containing the client's certificate.
+##
+## Value: File
+## cluster.etcd.ssl.certfile = /etc/emqx/certs/client.pem
+
+## Path to the file containing PEM-encoded CA certificates. The CA certificates
+## are used during server authentication and when building the client certificate chain.
+##
+## Value: File
+## cluster.etcd.ssl.cacertfile = /etc/emqx/certs/ca.pem
+
+##--------------------------------------------------------------------
+## Cluster using Kubernates
+
+## Kubernates API server list, seperated by ','.
+##
+## Value: String
+## cluster.k8s.apiserver = http://10.110.111.204:8080
+
+## The service name helps lookup EMQ nodes in the cluster.
+##
+## Value: String
+## cluster.k8s.service_name = emqx
+
+## The address type is used to extract host from k8s service.
+##
+## Value: ip | dns | hostname
+## cluster.k8s.address_type = ip
+
+## The app name helps build 'node.name'.
+##
+## Value: String
+## cluster.k8s.app_name = emqx
+
+## The suffix added to dns and hostname get from k8s service
+##
+## Value: String
+## cluster.k8s.suffix = pod.cluster.local
+
+## Kubernates Namespace
+##
+## Value: String
+## cluster.k8s.namespace = default
+
+##--------------------------------------------------------------------
+## Node
+##--------------------------------------------------------------------
+
+## Node name.
+##
+## See: http://erlang.org/doc/reference_manual/distributed.html
+##
+## Value: @
+##
+## Default: emqx@127.0.0.1
+node.name = emqx@127.0.0.1
+
+## Cookie for distributed node communication.
+##
+## Value: String
+node.cookie = emqxsecretcookie
+
+## Data dir for the node
+##
+## Value: Folder
+node.data_dir = /var/lib/emqx
+
+## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
+## heartbeat, or set the value as 'on'
+##
+## Value: on
+##
+## vm.args: -heart
+## node.heartbeat = on
+
+## Sets the number of threads in async thread pool. Valid range is 0-1024.
+##
+## See: http://erlang.org/doc/man/erl.html
+##
+## Value: 0-1024
+##
+## vm.args: +A Number
+node.async_threads = 32
+
+## Sets the maximum number of simultaneously existing processes for this
+## system if a Number is passed as value.
+##
+## See: http://erlang.org/doc/man/erl.html
+##
+## Value: Number [1024-134217727]
+##
+## vm.args: +P Number
+node.process_limit = 2048000
+
+## Sets the maximum number of simultaneously existing ports for this system.
+##
+## See: http://erlang.org/doc/man/erl.html
+##
+## Value: Number [1024-134217727]
+##
+## vm.args: +Q Number
+node.max_ports = 1024000
+
+## Set the distribution buffer busy limit (dist_buf_busy_limit).
+##
+## See: http://erlang.org/doc/man/erl.html
+##
+## Value: Number [1KB-2GB]
+##
+## vm.args: +zdbbl size
+node.dist_buffer_size = 8MB
+
+## Sets the maximum number of ETS tables. Note that mnesia and SSL will
+## create temporary ETS tables.
+##
+## Value: Number
+##
+## vm.args: +e Number
+node.max_ets_tables = 256000
+
+## Tweak GC to run more often.
+##
+## Value: Number [0-65535]
+##
+## vm.args: -env ERL_FULLSWEEP_AFTER Number
+node.fullsweep_after = 1000
+
+## Crash dump log file.
+##
+## Value: Log file
+node.crash_dump = /var/log/emqx/crash.dump
+
+## Specify SSL Options in the file if using SSL for Erlang Distribution.
+##
+## Value: File
+##
+## vm.args: -ssl_dist_optfile
+## node.ssl_dist_optfile = /etc/emqx/ssl_dist.conf
+
+## Sets the net_kernel tick time. TickTime is specified in seconds.
+## Notice that all communicating nodes are to have the same TickTime
+## value specified.
+##
+## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
+##
+## Value: Number
+##
+## vm.args: -kernel net_ticktime Number
+node.dist_net_ticktime = 60
+
+## Sets the port range for the listener socket of a distributed Erlang node.
+## Note that if there are firewalls between clustered nodes, this port segment
+## for nodes’ communication should be allowed.
+##
+## See: http://www.erlang.org/doc/man/kernel_app.html
+##
+## Value: Port [1024-65535]
+node.dist_listen_min = 6369
+node.dist_listen_max = 6369
+
+##--------------------------------------------------------------------
+## RPC
+##--------------------------------------------------------------------
+## RPC Mode.
+##
+## Value: sync | async
+rpc.mode = async
+
+## Max batch size of async RPC requests.
+##
+## Value: Integer
+## Zero or negative value disables rpc batching.
+##
+## NOTE: RPC batch won't work when rpc.mode = sync
+rpc.async_batch_size = 256
+
+## TCP server port for RPC.
+##
+## Value: Port [1024-65535]
+rpc.tcp_server_port = 5369
+
+## TCP port for outgoing RPC connections.
+##
+## Value: Port [1024-65535]
+rpc.tcp_client_port = 5369
+
+## Number of utgoing RPC connections.
+##
+## Value: Interger [1-256]
+rpc.tcp_client_num = 32
+
+## RCP Client connect timeout.
+##
+## Value: Seconds
+rpc.connect_timeout = 5s
+
+## TCP send timeout of RPC client and server.
+##
+## Value: Seconds
+rpc.send_timeout = 5s
+
+## Authentication timeout
+##
+## Value: Seconds
+rpc.authentication_timeout = 5s
+
+## Default receive timeout for call() functions
+##
+## Value: Seconds
+rpc.call_receive_timeout = 15s
+
+## Socket idle keepalive.
+##
+## Value: Seconds
+rpc.socket_keepalive_idle = 900s
+
+## TCP Keepalive probes interval.
+##
+## Value: Seconds
+rpc.socket_keepalive_interval = 75s
+
+## Probes lost to close the connection
+##
+## Value: Integer
+rpc.socket_keepalive_count = 9
+
+## Size of TCP send buffer.
+##
+## Value: Bytes
+rpc.socket_sndbuf = 1MB
+
+## Size of TCP receive buffer.
+##
+## Value: Seconds
+rpc.socket_recbuf = 1MB
+
+## Size of user-level software socket buffer.
+##
+## Value: Seconds
+rpc.socket_buffer = 1MB
+
+##--------------------------------------------------------------------
+## Log
+##--------------------------------------------------------------------
+
+## Where to emit the logs.
+## Enable the console (standard output) logs.
+##
+## Value: off | file | console | both
+## - off: disable logs entirely
+## - file: write logs only to file
+## - console: write logs only to standard I/O
+## - both: write logs both to file and standard I/O
+log.to = both
+
+## The log severity level.
+##
+## Value: debug | info | notice | warning | error | critical | alert | emergency
+##
+## Note: Only the messages with severity level higher than or equal to
+## this level will be logged.
+##
+## Default: warning
+log.level = warning
+
+## The dir for log files.
+##
+## Value: Folder
+log.dir = /var/log/emqx
+
+## The log filename for logs of level specified in "log.level".
+##
+## Value: String
+## Default: emqx.log
+log.file = emqx.log
+
+## Limits the total number of characters printed for each log event.
+##
+## Value: Integer
+## Default: No Limit
+#log.chars_limit = 8192
+
+## Maximum size of each log file.
+##
+## Value: Number
+## Default: 10M
+## Supported Unit: KB | MB | GB
+log.rotation.size = 10MB
+
+## Maximum rotation count of log files.
+##
+## Value: Number
+## Default: 5
+log.rotation.count = 5
+
+## To create additional log files for specific log levels.
+##
+## Value: File Name
+## Format: log.$level.file = $filename,
+## where "$level" can be one of: debug, info, notice, warning,
+## error, critical, alert, emergency
+## Note: Log files for a specific log level will only contain all the logs
+## that higher than or equal to that level
+##
+#log.info.file = info.log
+#log.error.file = error.log
+
+##--------------------------------------------------------------------
+## Authentication/Access Control
+##--------------------------------------------------------------------
+
+## Allow anonymous authentication by default if no auth plugins loaded.
+## Notice: Disable the option in production deployment!
+##
+## Value: true | false
+allow_anonymous = false
+
+## Allow or deny if no ACL rules matched.
+##
+## Value: allow | deny
+acl_nomatch = allow
+
+## Default ACL File.
+##
+## Value: File Name
+acl_file = /etc/emqx/acl.conf
+
+## Whether to enable ACL cache.
+##
+## If enabled, ACLs roles for each client will be cached in the memory
+##
+## Value: on | off
+enable_acl_cache = on
+
+## The maximum count of ACL entries can be cached for a client.
+##
+## Value: Integer greater than 0
+## Default: 32
+acl_cache_max_size = 32
+
+## The time after which an ACL cache entry will be deleted
+##
+## Value: Duration
+## Default: 1 minute
+acl_cache_ttl = 1m
+
+## The action when acl check reject current operation
+##
+## Value: ignore | disconnect
+## Default: ignore
+acl_deny_action = ignore
+
+## Specify the global flapping detect policy.
+## The value is a string composed of flapping threshold, duration and banned interval.
+## 1. threshold: an integer to specfify the disconnected times of a MQTT Client;
+## 2. duration: the time window for flapping detect;
+## 3. banned interval: the banned interval if a flapping is detected.
+##
+## Value: Integer,Duration,Duration
+flapping_detect_policy = 30, 1m, 5m
+
+##--------------------------------------------------------------------
+## MQTT Protocol
+##--------------------------------------------------------------------
+
+## Maximum MQTT packet size allowed.
+##
+## Value: Bytes
+## Default: 1MB
+mqtt.max_packet_size = 1MB
+
+## Maximum length of MQTT clientId allowed.
+##
+## Value: Number [23-65535]
+mqtt.max_clientid_len = 65535
+
+## Maximum topic levels allowed. 0 means no limit.
+##
+## Value: Number
+mqtt.max_topic_levels = 0
+
+## Maximum QoS allowed.
+##
+## Value: 0 | 1 | 2
+mqtt.max_qos_allowed = 2
+
+## Maximum Topic Alias, 0 means no topic alias supported.
+##
+## Value: 0-65535
+mqtt.max_topic_alias = 65535
+
+## Whether the Server supports MQTT retained messages.
+##
+## Value: boolean
+mqtt.retain_available = true
+
+## Whether the Server supports MQTT Wildcard Subscriptions
+##
+## Value: boolean
+mqtt.wildcard_subscription = true
+
+## Whether the Server supports MQTT Shared Subscriptions.
+##
+## Value: boolean
+mqtt.shared_subscription = true
+
+## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+##
+## Value: true | false
+mqtt.ignore_loop_deliver = false
+
+## Whether to parse the MQTT frame in strict mode
+##
+## Value: true | false
+mqtt.strict_mode = false
+
+##--------------------------------------------------------------------
+## Zones
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## External Zone
+
+## Idle timeout of the external MQTT connections.
+##
+## Value: duration
+zone.external.idle_timeout = 15s
+
+## Hibernate after a duration of idle state.
+##
+## Value: duration
+zone.external.hibernate_after = 60s
+
+## Publish limit for the external MQTT connections.
+##
+## Value: Number,Duration
+## Example: 100 messages per 10 seconds.
+## zone.external.publish_limit = 100,10s
+
+## Enable ACL check.
+##
+## Value: Flag
+zone.external.enable_acl = on
+
+## Enable ban check.
+##
+## Value: Flag
+zone.external.enable_ban = on
+
+## Enable per connection statistics.
+##
+## Value: on | off
+zone.external.enable_stats = on
+
+## The action when acl check reject current operation
+##
+## Value: ignore | disconnect
+## Default: ignore
+zone.external.acl_deny_action = ignore
+
+## Force MQTT connection/session process GC after this number of
+## messages | bytes passed through.
+##
+## Numbers delimited by `|'. Zero or negative is to disable.
+zone.external.force_gc_policy = 1000|1MB
+
+## Max message queue length and total heap size to force shutdown
+## connection/session process.
+## Message queue here is the Erlang process mailbox, but not the number
+## of queued MQTT messages of QoS 1 and 2.
+##
+## Numbers delimited by `|'. Zero or negative is to disable.
+##
+## Default:
+## - 10000|32MB on ARCH_64 system
+## - 10000|16MB on ARCH_32 sytem
+## zone.external.force_shutdown_policy = 10000|32MB
+
+## Maximum MQTT packet size allowed.
+##
+## Value: Bytes
+## Default: 1MB
+## zone.external.max_packet_size = 64KB
+
+## Maximum length of MQTT clientId allowed.
+##
+## Value: Number [23-65535]
+## zone.external.max_clientid_len = 1024
+
+## Maximum topic levels allowed. 0 means no limit.
+##
+## Value: Number
+## zone.external.max_topic_levels = 7
+
+## Maximum QoS allowed.
+##
+## Value: 0 | 1 | 2
+## zone.external.max_qos_allowed = 2
+
+## Maximum Topic Alias, 0 means no limit.
+##
+## Value: 0-65535
+## zone.external.max_topic_alias = 65535
+
+## Whether the Server supports retained messages.
+##
+## Value: boolean
+## zone.external.retain_available = true
+
+## Whether the Server supports Wildcard Subscriptions
+##
+## Value: boolean
+## zone.external.wildcard_subscription = false
+
+## Whether the Server supports Shared Subscriptions
+##
+## Value: boolean
+## zone.external.shared_subscription = false
+
+## Server Keep Alive
+##
+## Value: Number
+## zone.external.server_keepalive = 0
+
+## The backoff for MQTT keepalive timeout. The broker will kick a connection out
+## until 'Keepalive * backoff * 2' timeout.
+##
+## Value: Float > 0.5
+zone.external.keepalive_backoff = 0.75
+
+## Maximum number of subscriptions allowed, 0 means no limit.
+##
+## Value: Number
+zone.external.max_subscriptions = 0
+
+## Force to upgrade QoS according to subscription.
+##
+## Value: on | off
+zone.external.upgrade_qos = off
+
+## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
+##
+## Value: Number
+zone.external.max_inflight = 32
+
+## Retry interval for QoS1/2 message delivering.
+##
+## Value: Duration
+zone.external.retry_interval = 30s
+
+## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit.
+##
+## Value: Number
+zone.external.max_awaiting_rel = 100
+
+## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.
+##
+## Value: Duration
+zone.external.await_rel_timeout = 300s
+
+## Default session expiry interval for MQTT V3.1.1 connections.
+##
+## Value: Duration
+## -d: day
+## -h: hour
+## -m: minute
+## -s: second
+##
+## Default: 2h, 2 hours
+zone.external.session_expiry_interval = 2h
+
+## Maximum queue length. Enqueued messages when persistent client disconnected,
+## or inflight window is full. 0 means no limit.
+##
+## Value: Number >= 0
+zone.external.max_mqueue_len = 1000
+
+## Topic priorities.
+## 'none' to indicate no priority table (by default), hence all messages
+## are treated equal
+##
+## Priority number [1-255]
+## Example: topic/1=10,topic/2=8
+## NOTE: comma and equal signs are not allowed for priority topic names
+## NOTE: messages for topics not in the priority table are treated as
+## either highest or lowest priority depending on the configured
+## value for mqueue_default_priority
+##
+zone.external.mqueue_priorities = none
+
+## Default to highest priority for topics not matching priority table
+##
+## Value: highest | lowest
+zone.external.mqueue_default_priority = highest
+
+## Whether to enqueue QoS0 messages.
+##
+## Value: false | true
+zone.external.mqueue_store_qos0 = true
+
+## Whether to turn on flapping detect
+##
+## Value: on | off
+zone.external.enable_flapping_detect = off
+
+## All the topics will be prefixed with the mountpoint path if this option is enabled.
+##
+## Variables in mountpoint path:
+## - %c: clientid
+## - %u: username
+##
+## Value: String
+## zone.external.mountpoint = devicebound/
+
+## Whether use username replace client id
+##
+## Value: boolean
+## Default: false
+zone.external.use_username_as_clientid = false
+
+## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+##
+## Value: true | false
+zone.external.ignore_loop_deliver = false
+
+## Whether to parse the MQTT frame in strict mode
+##
+## Value: true | false
+zone.external.strict_mode = false
+
+##--------------------------------------------------------------------
+## Internal Zone
+
+zone.internal.allow_anonymous = true
+
+## Enable per connection stats.
+##
+## Value: Flag
+zone.internal.enable_stats = on
+
+## Enable ACL check.
+##
+## Value: Flag
+zone.internal.enable_acl = off
+
+## The action when acl check reject current operation
+##
+## Value: ignore | disconnect
+## Default: ignore
+zone.internal.acl_deny_action = ignore
+
+## See zone.$name.wildcard_subscription.
+##
+## Value: boolean
+## zone.internal.wildcard_subscription = true
+
+## See zone.$name.shared_subscription.
+##
+## Value: boolean
+## zone.internal.shared_subscription = true
+
+## See zone.$name.max_subscriptions.
+##
+## Value: Integer
+zone.internal.max_subscriptions = 0
+
+## See zone.$name.max_inflight
+##
+## Value: Number
+zone.internal.max_inflight = 128
+
+## See zone.$name.max_awaiting_rel
+##
+## Value: Number
+zone.internal.max_awaiting_rel = 1000
+
+## See zone.$name.max_mqueue_len
+##
+## Value: Number >= 0
+zone.internal.max_mqueue_len = 10000
+
+## Whether to enqueue Qos0 messages.
+##
+## Value: false | true
+zone.internal.mqueue_store_qos0 = true
+
+## Whether to turn on flapping detect
+##
+## Value: on | off
+zone.internal.enable_flapping_detect = off
+
+## See zone.$name.force_shutdown_policy
+##
+## Default:
+## - 10000|32MB on ARCH_64 system
+## - 10000|16MB on ARCH_32 sytem
+zone.internal.force_shutdown_policy = 100000|64MB
+
+## All the topics will be prefixed with the mountpoint path if this option is enabled.
+##
+## Variables in mountpoint path:
+## - %c: clientid
+## - %u: username
+##
+## Value: String
+## zone.internal.mountpoint = cloudbound/
+
+## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+##
+## Value: true | false
+zone.internal.ignore_loop_deliver = false
+
+## Whether to parse the MQTT frame in strict mode
+##
+## Value: true | false
+zone.internal.strict_mode = false
+
+##--------------------------------------------------------------------
+## Listeners
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## MQTT/TCP - External TCP Listener for MQTT Protocol
+
+## listener.tcp.$name is the IP address and port that the MQTT/TCP
+## listener will bind.
+##
+## Value: IP:Port | Port
+##
+## Examples: 1883, 127.0.0.1:1883, ::1:1883
+listener.tcp.external = 0.0.0.0:1883
+
+## The acceptor pool for external MQTT/TCP listener.
+##
+## Value: Number
+listener.tcp.external.acceptors = 8
+
+## Maximum number of concurrent MQTT/TCP connections.
+##
+## Value: Number
+listener.tcp.external.max_connections = 1024000
+
+## Maximum external connections per second.
+##
+## Value: Number
+listener.tcp.external.max_conn_rate = 1000
+
+## Specify the {active, N} option for the external MQTT/TCP Socket.
+##
+## Value: Number
+listener.tcp.external.active_n = 100
+
+## Zone of the external MQTT/TCP listener belonged to.
+##
+## See: zone.$name.*
+##
+## Value: String
+listener.tcp.external.zone = external
+
+## Rate limit for the external MQTT/TCP connections. Format is 'limit,duration'.
+##
+## Value: limit,duration
+## Default: 100KB incoming per 10 seconds.
+## listener.tcp.external.rate_limit = 100KB,10s
+
+## The access control rules for the MQTT/TCP listener.
+##
+## See: https://github.com/emqtt/esockd#allowdeny
+##
+## Value: ACL Rule
+##
+## Example: allow 192.168.0.0/24
+listener.tcp.external.access.1 = allow all
+
+## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
+## behind HAProxy or Nginx.
+##
+## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
+##
+## Value: on | off
+## listener.tcp.external.proxy_protocol = on
+
+## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
+## if no proxy protocol packet recevied within the timeout.
+##
+## Value: Duration
+## listener.tcp.external.proxy_protocol_timeout = 3s
+
+## Enable the option for X.509 certificate based authentication.
+## EMQX will use the common name of certificate as MQTT username.
+##
+## Value: cn | dn | crt
+## listener.tcp.external.peer_cert_as_username = cn
+
+## The TCP backlog defines the maximum length that the queue of pending
+## connections can grow to.
+##
+## Value: Number >= 0
+listener.tcp.external.backlog = 1024
+
+## The TCP send timeout for external MQTT connections.
+##
+## Value: Duration
+listener.tcp.external.send_timeout = 15s
+
+## Close the TCP connection if send timeout.
+##
+## Value: on | off
+listener.tcp.external.send_timeout_close = on
+
+## The TCP receive buffer(os kernel) for MQTT connections.
+##
+## See: http://erlang.org/doc/man/inet.html
+##
+## Value: Bytes
+## listener.tcp.external.recbuf = 2KB
+
+## The TCP send buffer(os kernel) for MQTT connections.
+##
+## See: http://erlang.org/doc/man/inet.html
+##
+## Value: Bytes
+## listener.tcp.external.sndbuf = 2KB
+
+## The size of the user-level software buffer used by the driver.
+## Not to be confused with options sndbuf and recbuf, which correspond
+## to the Kernel socket buffers. It is recommended to have val(buffer)
+## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because
+## of unnecessary copying. val(buffer) is automatically set to the above
+## maximum when values sndbuf or recbuf are set.
+##
+## See: http://erlang.org/doc/man/inet.html
+##
+## Value: Bytes
+## listener.tcp.external.buffer = 2KB
+
+## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+##
+## Value: on | off
+## listener.tcp.external.tune_buffer = off
+
+## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
+## sent immediately if the option is enabled.
+##
+## Value: true | false
+listener.tcp.external.nodelay = true
+
+## The SO_REUSEADDR flag for TCP listener.
+##
+## Value: true | false
+listener.tcp.external.reuseaddr = true
+
+##--------------------------------------------------------------------
+## Internal TCP Listener for MQTT Protocol
+
+## The IP address and port that the internal MQTT/TCP protocol listener
+## will bind.
+##
+## Value: IP:Port, Port
+##
+## Examples: 11883, 127.0.0.1:11883, ::1:11883
+listener.tcp.internal = 127.0.0.1:11883
+
+## The acceptor pool for internal MQTT/TCP listener.
+##
+## Value: Number
+listener.tcp.internal.acceptors = 4
+
+## Maximum number of concurrent MQTT/TCP connections.
+##
+## Value: Number
+listener.tcp.internal.max_connections = 1024000
+
+## Maximum internal connections per second.
+##
+## Value: Number
+listener.tcp.internal.max_conn_rate = 1000
+
+## Specify the {active, N} option for the internal MQTT/TCP Socket.
+##
+## Value: Number
+listener.tcp.internal.active_n = 1000
+
+## Zone of the internal MQTT/TCP listener belonged to.
+##
+## Value: String
+listener.tcp.internal.zone = internal
+
+## Rate limit for the internal MQTT/TCP connections.
+##
+## See: listener.tcp.$name.rate_limit
+##
+## Value: limit,duration
+## Default: 1MB incoming per second.
+## listener.tcp.internal.rate_limit = 1MB,1s
+
+## The TCP backlog of internal MQTT/TCP Listener.
+##
+## See: listener.tcp.$name.backlog
+##
+## Value: Number >= 0
+listener.tcp.internal.backlog = 512
+
+## The TCP send timeout for internal MQTT connections.
+##
+## See: listener.tcp.$name.send_timeout
+##
+## Value: Duration
+listener.tcp.internal.send_timeout = 5s
+
+## Close the MQTT/TCP connection if send timeout.
+##
+## See: listener.tcp.$name.send_timeout_close
+##
+## Value: on | off
+listener.tcp.internal.send_timeout_close = on
+
+## The TCP receive buffer(os kernel) for internal MQTT connections.
+##
+## See: listener.tcp.$name.recbuf
+##
+## Value: Bytes
+listener.tcp.internal.recbuf = 64KB
+
+## The TCP send buffer(os kernel) for internal MQTT connections.
+##
+## See: http://erlang.org/doc/man/inet.html
+##
+## Value: Bytes
+listener.tcp.internal.sndbuf = 64KB
+
+## The size of the user-level software buffer used by the driver.
+##
+## See: listener.tcp.$name.buffer
+##
+## Value: Bytes
+## listener.tcp.internal.buffer = 16KB
+
+## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+##
+## See: listener.tcp.$name.tune_buffer
+##
+## Value: on | off
+## listener.tcp.internal.tune_buffer = off
+
+## The TCP_NODELAY flag for internal MQTT connections.
+##
+## See: listener.tcp.$name.nodelay
+##
+## Value: true | false
+listener.tcp.internal.nodelay = false
+
+## The SO_REUSEADDR flag for MQTT/TCP Listener.
+##
+## Value: true | false
+listener.tcp.internal.reuseaddr = true
+
+##--------------------------------------------------------------------
+## MQTT/SSL - External SSL Listener for MQTT Protocol
+
+## listener.ssl.$name is the IP address and port that the MQTT/SSL
+## listener will bind.
+##
+## Value: IP:Port | Port
+##
+## Examples: 8883, 127.0.0.1:8883, ::1:8883
+listener.ssl.external = 8883
+
+## The acceptor pool for external MQTT/SSL listener.
+##
+## Value: Number
+listener.ssl.external.acceptors = 16
+
+## Maximum number of concurrent MQTT/SSL connections.
+##
+## Value: Number
+listener.ssl.external.max_connections = 102400
+
+## Maximum MQTT/SSL connections per second.
+##
+## Value: Number
+listener.ssl.external.max_conn_rate = 500
+
+## Specify the {active, N} option for the internal MQTT/SSL Socket.
+##
+## Value: Number
+listener.ssl.external.active_n = 100
+
+## Zone of the external MQTT/SSL listener belonged to.
+##
+## Value: String
+listener.ssl.external.zone = external
+
+## The access control rules for the MQTT/SSL listener.
+##
+## See: listener.tcp.$name.access
+##
+## Value: ACL Rule
+listener.ssl.external.access.1 = allow all
+
+## Rate limit for the external MQTT/SSL connections.
+##
+## Value: limit,duration
+## Default: 100KB incoming per 10 seconds.
+## listener.ssl.external.rate_limit = 100KB,10s
+
+## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
+## HAProxy or Nginx.
+##
+## See: listener.tcp.$name.proxy_protocol
+##
+## Value: on | off
+## listener.ssl.external.proxy_protocol = on
+
+## Sets the timeout for proxy protocol.
+##
+## See: listener.tcp.$name.proxy_protocol_timeout
+##
+## Value: Duration
+## listener.ssl.external.proxy_protocol_timeout = 3s
+
+## TLS versions only to protect from POODLE attack.
+##
+## See: http://erlang.org/doc/man/ssl.html
+##
+## Value: String, seperated by ','
+## listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1
+
+## TLS Handshake timeout.
+##
+## Value: Duration
+listener.ssl.external.handshake_timeout = 15s
+
+## Path to the file containing the user's private PEM-encoded key.
+##
+## See: http://erlang.org/doc/man/ssl.html
+##
+## Value: File
+listener.ssl.external.keyfile = /etc/emqx/certs/key.pem
+
+## Path to a file containing the user certificate.
+##
+## See: http://erlang.org/doc/man/ssl.html
+##
+## Value: File
+listener.ssl.external.certfile = /etc/emqx/certs/cert.pem
+
+## Path to the file containing PEM-encoded CA certificates. The CA certificates
+## are used during server authentication and when building the client certificate chain.
+##
+## Value: File
+## listener.ssl.external.cacertfile = /etc/emqx/certs/cacert.pem
+
+## The Ephemeral Diffie-Helman key exchange is a very effective way of
+## ensuring Forward Secrecy by exchanging a set of keys that never hit
+## the wire. Since the DH key is effectively signed by the private key,
+## it needs to be at least as strong as the private key. In addition,
+## the default DH groups that most of the OpenSSL installations have
+## are only a handful (since they are distributed with the OpenSSL
+## package that has been built for the operating system it’s running on)
+## and hence predictable (not to mention, 1024 bits only).
+## In order to escape this situation, first we need to generate a fresh,
+## strong DH group, store it in a file and then use the option above,
+## to force our SSL application to use the new DH group. Fortunately,
+## OpenSSL provides us with a tool to do that. Simply run:
+## openssl dhparam -out dh-params.pem 2048
+##
+## Value: File
+## listener.ssl.external.dhfile = /etc/emqx/certs/dh-params.pem
+
+## A server only does x509-path validation in mode verify_peer,
+## as it then sends a certificate request to the client (this
+## message is not sent if the verify option is verify_none).
+## You can then also want to specify option fail_if_no_peer_cert.
+## More information at: http://erlang.org/doc/man/ssl.html
+##
+## Value: verify_peer | verify_none
+## listener.ssl.external.verify = verify_peer
+
+## Used together with {verify, verify_peer} by an SSL server. If set to true,
+## the server fails if the client does not have a certificate to send, that is,
+## sends an empty certificate.
+##
+## Value: true | false
+## listener.ssl.external.fail_if_no_peer_cert = true
+
+## This is the single most important configuration option of an Erlang SSL
+## application. Ciphers (and their ordering) define the way the client and
+## server encrypt information over the wire, from the initial Diffie-Helman
+## key exchange, the session key encryption ## algorithm and the message
+## digest algorithm. Selecting a good cipher suite is critical for the
+## application’s data security, confidentiality and performance.
+##
+## The cipher list above offers:
+##
+## A good balance between compatibility with older browsers.
+## It can get stricter for Machine-To-Machine scenarios.
+## Perfect Forward Secrecy.
+## No old/insecure encryption and HMAC algorithms
+##
+## Most of it was copied from Mozilla’s Server Side TLS article
+##
+## Value: Ciphers
+listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
+
+## Ciphers for TLS PSK.
+## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
+## be configured at the same time.
+## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+#listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+
+## SSL parameter renegotiation is a feature that allows a client and a server
+## to renegotiate the parameters of the SSL connection on the fly.
+## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
+## you drop support for the insecure renegotiation, prone to MitM attacks.
+##
+## Value: on | off
+## listener.ssl.external.secure_renegotiate = off
+
+## A performance optimization setting, it allows clients to reuse
+## pre-existing sessions, instead of initializing new ones.
+## Read more about it here.
+##
+## See: http://erlang.org/doc/man/ssl.html
+##
+## Value: on | off
+## listener.ssl.external.reuse_sessions = on
+
+## An important security setting, it forces the cipher to be set based
+## on the server-specified order instead of the client-specified order,
+## hence enforcing the (usually more properly configured) security
+## ordering of the server administrator.
+##
+## Value: on | off
+## listener.ssl.external.honor_cipher_order = on
+
+## Use the CN, DN or CRT field from the client certificate as a username.
+## Notice that 'verify' should be set as 'verify_peer'.
+##
+## Value: cn | dn | crt
+## listener.ssl.external.peer_cert_as_username = cn
+
+## TCP backlog for the SSL connection.
+##
+## See listener.tcp.$name.backlog
+##
+## Value: Number >= 0
+## listener.ssl.external.backlog = 1024
+
+## The TCP send timeout for the SSL connection.
+##
+## See listener.tcp.$name.send_timeout
+##
+## Value: Duration
+## listener.ssl.external.send_timeout = 15s
+
+## Close the SSL connection if send timeout.
+##
+## See: listener.tcp.$name.send_timeout_close
+##
+## Value: on | off
+## listener.ssl.external.send_timeout_close = on
+
+## The TCP receive buffer(os kernel) for the SSL connections.
+##
+## See: listener.tcp.$name.recbuf
+##
+## Value: Bytes
+## listener.ssl.external.recbuf = 4KB
+
+## The TCP send buffer(os kernel) for internal MQTT connections.
+##
+## See: listener.tcp.$name.sndbuf
+##
+## Value: Bytes
+## listener.ssl.external.sndbuf = 4KB
+
+## The size of the user-level software buffer used by the driver.
+##
+## See: listener.tcp.$name.buffer
+##
+## Value: Bytes
+## listener.ssl.external.buffer = 4KB
+
+## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+##
+## See: listener.tcp.$name.tune_buffer
+##
+## Value: on | off
+## listener.ssl.external.tune_buffer = off
+
+## The TCP_NODELAY flag for SSL connections.
+##
+## See: listener.tcp.$name.nodelay
+##
+## Value: true | false
+## listener.ssl.external.nodelay = true
+
+## The SO_REUSEADDR flag for MQTT/SSL Listener.
+##
+## Value: true | false
+listener.ssl.external.reuseaddr = true
+
+##--------------------------------------------------------------------
+## External WebSocket listener for MQTT protocol
+
+## listener.ws.$name is the IP address and port that the MQTT/WebSocket
+## listener will bind.
+##
+## Value: IP:Port | Port
+##
+## Examples: 8083, 127.0.0.1:8083, ::1:8083
+listener.ws.external = 8083
+
+## The path of WebSocket MQTT endpoint
+##
+## Value: URL Path
+listener.ws.external.mqtt_path = /mqtt
+
+## The acceptor pool for external MQTT/WebSocket listener.
+##
+## Value: Number
+listener.ws.external.acceptors = 4
+
+## Maximum number of concurrent MQTT/WebSocket connections.
+##
+## Value: Number
+listener.ws.external.max_connections = 102400
+
+## Maximum MQTT/WebSocket connections per second.
+##
+## Value: Number
+listener.ws.external.max_conn_rate = 1000
+
+## Simulate the {active, N} option for the MQTT/WebSocket connections.
+##
+## Value: Number
+listener.ws.external.active_n = 100
+
+## Rate limit for the MQTT/WebSocket connections.
+##
+## Value: Limit,Duration
+## Default: 100KB incoming per 10 seconds.
+## listener.ws.external.rate_limit = 100KB,10s
+
+## Zone of the external MQTT/WebSocket listener belonged to.
+##
+## Value: String
+listener.ws.external.zone = external
+
+## The access control for the MQTT/WebSocket listener.
+##
+## See: listener.ws.$name.access
+##
+## Value: ACL Rule
+listener.ws.external.access.1 = allow all
+
+## Verify if the protocol header is valid. Turn off for WeChat MiniApp.
+##
+## Value: on | off
+listener.ws.external.verify_protocol_header = on
+
+## Use X-Forwarded-For header for real source IP if the EMQ X cluster is
+## deployed behind NGINX or HAProxy.
+##
+## Value: String
+## listener.ws.external.proxy_address_header = X-Forwarded-For
+
+## Use X-Forwarded-Port header for real source port if the EMQ X cluster is
+## deployed behind NGINX or HAProxy.
+##
+## Value: String
+## listener.ws.external.proxy_port_header = X-Forwarded-Port
+
+## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
+## HAProxy or Nginx.
+##
+## See: listener.ws.$name.proxy_protocol
+##
+## Value: on | off
+## listener.ws.external.proxy_protocol = on
+
+## Sets the timeout for proxy protocol.
+##
+## See: listener.ws.$name.proxy_protocol_timeout
+##
+## Value: Duration
+## listener.ws.external.proxy_protocol_timeout = 3s
+
+## The TCP backlog of external MQTT/WebSocket Listener.
+##
+## See: listener.ws.$name.backlog
+##
+## Value: Number >= 0
+listener.ws.external.backlog = 1024
+
+## The TCP send timeout for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.send_timeout
+##
+## Value: Duration
+listener.ws.external.send_timeout = 15s
+
+## Close the MQTT/WebSocket connection if send timeout.
+##
+## See: listener.ws.$name.send_timeout_close
+##
+## Value: on | off
+listener.ws.external.send_timeout_close = on
+
+## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.recbuf
+##
+## Value: Bytes
+## listener.ws.external.recbuf = 2KB
+
+## The TCP send buffer(os kernel) for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.sndbuf
+##
+## Value: Bytes
+## listener.ws.external.sndbuf = 2KB
+
+## The size of the user-level software buffer used by the driver.
+##
+## See: listener.ws.$name.buffer
+##
+## Value: Bytes
+## listener.ws.external.buffer = 2KB
+
+## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+##
+## See: listener.ws.$name.tune_buffer
+##
+## Value: on | off
+## listener.ws.external.tune_buffer = off
+
+## The TCP_NODELAY flag for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.nodelay
+##
+## Value: true | false
+listener.ws.external.nodelay = true
+
+## The compress flag for external MQTT/WebSocket connections.
+##
+## If this Value is set true,the websocket message would be compressed
+##
+## Value: true | false
+## listener.ws.external.compress = true
+
+## The level of deflate options for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.level
+##
+## Value: none | default | best_compression | best_speed
+## listener.ws.external.deflate_opts.level = default
+
+## The mem_level of deflate options for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.mem_level
+##
+## Valid range is 1-9
+## listener.ws.external.deflate_opts.mem_level = 8
+
+## The strategy of deflate options for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.strategy
+##
+## Value: default | filtered | huffman_only | rle
+## listener.ws.external.deflate_opts.strategy = default
+
+## The deflate option for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.server_context_takeover
+##
+## Value: takeover | no_takeover
+## listener.ws.external.deflate_opts.server_context_takeover = takeover
+
+## The deflate option for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.client_context_takeover
+##
+## Value: takeover | no_takeover
+## listener.ws.external.deflate_opts.client_context_takeover = takeover
+
+## The deflate options for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.server_max_window_bits
+##
+## Valid range is 8-15
+## listener.ws.external.deflate_opts.server_max_window_bits = 15
+
+## The deflate options for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.deflate_opts.client_max_window_bits
+##
+## Valid range is 8-15
+## listener.ws.external.deflate_opts.client_max_window_bits = 15
+
+## The idle timeout for external MQTT/WebSocket connections.
+##
+## See: listener.ws.$name.idle_timeout
+##
+## Value: Duration
+## listener.ws.external.idle_timeout = 60s
+
+## The max frame size for external MQTT/WebSocket connections.
+##
+##
+## Value: Number
+## listener.ws.external.max_frame_size = 0
+
+##--------------------------------------------------------------------
+## External WebSocket/SSL listener for MQTT Protocol
+
+## listener.wss.$name is the IP address and port that the MQTT/WebSocket/SSL
+## listener will bind.
+##
+## Value: IP:Port | Port
+##
+## Examples: 8084, 127.0.0.1:8084, ::1:8084
+listener.wss.external = 8084
+
+## The path of WebSocket MQTT endpoint
+##
+## Value: URL Path
+listener.wss.external.mqtt_path = /mqtt
+
+## The acceptor pool for external MQTT/WebSocket/SSL listener.
+##
+## Value: Number
+listener.wss.external.acceptors = 4
+
+## Maximum number of concurrent MQTT/Webwocket/SSL connections.
+##
+## Value: Number
+listener.wss.external.max_connections = 16
+
+## Maximum MQTT/WebSocket/SSL connections per second.
+##
+## See: listener.tcp.$name.max_conn_rate
+##
+## Value: Number
+listener.wss.external.max_conn_rate = 1000
+
+## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections.
+##
+## Value: Number
+listener.wss.external.active_n = 100
+
+## Rate limit for the MQTT/WebSocket/SSL connections.
+##
+## Value: Limit,Duration
+## Default: 100KB incoming per 10 seconds.
+## listener.wss.external.rate_limit = 100KB,10s
+
+## Zone of the external MQTT/WebSocket/SSL listener belonged to.
+##
+## Value: String
+listener.wss.external.zone = external
+
+## The access control rules for the MQTT/WebSocket/SSL listener.
+##
+## See: listener.tcp.$name.access.
+##
+## Value: ACL Rule
+listener.wss.external.access.1 = allow all
+
+## See: listener.ws.external.verify_protocol_header
+##
+## Value: on | off
+listener.wss.external.verify_protocol_header = on
+
+## See: listener.ws.external.proxy_address_header
+##
+## Value: String
+## listener.wss.external.proxy_address_header = X-Forwarded-For
+
+## See: listener.ws.external.proxy_port_header
+##
+## Value: String
+## listener.wss.external.proxy_port_header = X-Forwarded-Port
+
+## Enable the Proxy Protocol V1/2 support.
+##
+## See: listener.tcp.$name.proxy_protocol
+##
+## Value: on | off
+## listener.wss.external.proxy_protocol = on
+
+## Sets the timeout for proxy protocol.
+##
+## See: listener.tcp.$name.proxy_protocol_timeout
+##
+## Value: Duration
+## listener.wss.external.proxy_protocol_timeout = 3s
+
+## TLS versions only to protect from POODLE attack.
+##
+## See: listener.ssl.$name.tls_versions
+##
+## Value: String, seperated by ','
+## listener.wss.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1
+
+## Path to the file containing the user's private PEM-encoded key.
+##
+## See: listener.ssl.$name.keyfile
+##
+## Value: File
+listener.wss.external.keyfile = /etc/emqx/certs/key.pem
+
+## Path to a file containing the user certificate.
+##
+## See: listener.ssl.$name.certfile
+##
+## Value: File
+listener.wss.external.certfile = /etc/emqx/certs/cert.pem
+
+## Path to the file containing PEM-encoded CA certificates.
+##
+## See: listener.ssl.$name.cacert
+##
+## Value: File
+## listener.wss.external.cacertfile = /etc/emqx/certs/cacert.pem
+
+## See: listener.ssl.$name.dhfile
+##
+## Value: File
+## listener.ssl.external.dhfile = /etc/emqx/certs/dh-params.pem
+
+## See: listener.ssl.$name.vefify
+##
+## Value: vefify_peer | verify_none
+## listener.wss.external.verify = verify_peer
+
+## See: listener.ssl.$name.fail_if_no_peer_cert
+##
+## Value: false | true
+## listener.wss.external.fail_if_no_peer_cert = true
+
+## See: listener.ssl.$name.ciphers
+##
+## Value: Ciphers
+listener.wss.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
+
+## Ciphers for TLS PSK.
+## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot
+## be configured at the same time.
+## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+## listener.wss.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+
+## See: listener.ssl.$name.secure_renegotiate
+##
+## Value: on | off
+## listener.wss.external.secure_renegotiate = off
+
+## See: listener.ssl.$name.reuse_sessions
+##
+## Value: on | off
+## listener.wss.external.reuse_sessions = on
+
+## See: listener.ssl.$name.honor_cipher_order
+##
+## Value: on | off
+## listener.wss.external.honor_cipher_order = on
+
+## See: listener.ssl.$name.peer_cert_as_username
+##
+## Value: cn | dn | crt
+## listener.wss.external.peer_cert_as_username = cn
+
+## TCP backlog for the WebSocket/SSL connection.
+##
+## See: listener.tcp.$name.backlog
+##
+## Value: Number >= 0
+listener.wss.external.backlog = 1024
+
+## The TCP send timeout for the WebSocket/SSL connection.
+##
+## See: listener.tcp.$name.send_timeout
+##
+## Value: Duration
+listener.wss.external.send_timeout = 15s
+
+## Close the WebSocket/SSL connection if send timeout.
+##
+## See: listener.tcp.$name.send_timeout_close
+##
+## Value: on | off
+listener.wss.external.send_timeout_close = on
+
+## The TCP receive buffer(os kernel) for the WebSocket/SSL connections.
+##
+## See: listener.tcp.$name.recbuf
+##
+## Value: Bytes
+## listener.wss.external.recbuf = 4KB
+
+## The TCP send buffer(os kernel) for the WebSocket/SSL connections.
+##
+## See: listener.tcp.$name.sndbuf
+##
+## Value: Bytes
+## listener.wss.external.sndbuf = 4KB
+
+## The size of the user-level software buffer used by the driver.
+##
+## See: listener.tcp.$name.buffer
+##
+## Value: Bytes
+## listener.wss.external.buffer = 4KB
+
+## The TCP_NODELAY flag for WebSocket/SSL connections.
+##
+## See: listener.tcp.$name.nodelay
+##
+## Value: true | false
+## listener.wss.external.nodelay = true
+
+## The compress flag for external WebSocket/SSL connections.
+##
+## If this Value is set true,the websocket message would be compressed
+##
+## Value: true | false
+## listener.wss.external.compress = true
+
+## The level of deflate options for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.level
+##
+## Value: none | default | best_compression | best_speed
+## listener.wss.external.deflate_opts.level = default
+
+## The mem_level of deflate options for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.mem_level
+##
+## Valid range is 1-9
+## listener.wss.external.deflate_opts.mem_level = 8
+
+## The strategy of deflate options for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.strategy
+##
+## Value: default | filtered | huffman_only | rle
+## listener.wss.external.deflate_opts.strategy = default
+
+## The deflate option for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.server_context_takeover
+##
+## Value: takeover | no_takeover
+## listener.wss.external.deflate_opts.server_context_takeover = takeover
+
+## The deflate option for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.client_context_takeover
+##
+## Value: takeover | no_takeover
+## listener.wss.external.deflate_opts.client_context_takeover = takeover
+
+## The deflate options for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.server_max_window_bits
+##
+## Valid range is 8-15
+## listener.wss.external.deflate_opts.server_max_window_bits = 15
+
+## The deflate options for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.deflate_opts.client_max_window_bits
+##
+## Valid range is 8-15
+## listener.wss.external.deflate_opts.client_max_window_bits = 15
+
+## The idle timeout for external WebSocket/SSL connections.
+##
+## See: listener.wss.$name.idle_timeout
+##
+## Value: Duration
+## listener.wss.external.idle_timeout = 60s
+
+## The max frame size for external WebSocket/SSL connections.
+##
+## Value: Number
+## listener.wss.external.max_frame_size = 0
+
+##--------------------------------------------------------------------
+## Modules
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## Presence Module
+
+## Enable Presence Module.
+##
+## Value: on | off
+module.presence = on
+
+## Sets the QoS for presence MQTT message.
+##
+## Value: 0 | 1 | 2
+module.presence.qos = 1
+
+##--------------------------------------------------------------------
+## Subscription Module
+
+## Enable Subscription Module.
+##
+## Value: on | off
+module.subscription = off
+
+## Subscribe the Topics automatically when client connected.
+## module.subscription.1.topic = $client/%c
+## Qos of the subscription: 0 | 1 | 2
+## module.subscription.1.qos = 1
+
+## module.subscription.2.topic = $user/%u
+## module.subscription.2.qos = 1
+
+##--------------------------------------------------------------------
+## Rewrite Module
+
+## Enable Rewrite Module.
+##
+## Value: on | off
+module.rewrite = off
+
+## {rewrite, Topic, Re, Dest}
+## module.rewrite.rule.1 = x/# ^x/y/(.+)$ z/y/$1
+## module.rewrite.rule.2 = y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2
+
+##-------------------------------------------------------------------
+## Plugins
+##-------------------------------------------------------------------
+
+## The etc dir for plugins' config.
+##
+## Value: Folder
+plugins.etc_dir = /etc/emqx/plugins/
+
+## The file to store loaded plugin names.
+##
+## Value: File
+plugins.loaded_file = /var/lib/emqx/loaded_plugins
+
+## File to store loaded plugin names.
+plugins.expand_plugins_dir = /var/lib/emqx/plugins/
+
+##--------------------------------------------------------------------
+## Broker
+##--------------------------------------------------------------------
+
+## System interval of publishing $SYS messages.
+##
+## Value: Duration
+## Default: 1m, 1 minute
+broker.sys_interval = 1m
+
+## System heartbeat interval of publishing following heart beat message:
+## - "$SYS/brokers//uptime"
+## - "$SYS/brokers//datetime"
+##
+## Value: Duration
+## Default: 30s
+broker.sys_heartbeat = 30s
+
+## Enable global session registry.
+##
+## Value: on | off
+broker.enable_session_registry = on
+
+## Session locking strategy in a cluster.
+##
+## Value: Enum
+## - local
+## - one
+## - quorum
+## - all
+broker.session_locking_strategy = quorum
+
+## Dispatch strategy for shared subscription
+##
+## Value: Enum
+## - random
+## - round_robin
+## - sticky
+## - hash
+broker.shared_subscription_strategy = random
+
+## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages
+## This should allow messages to be dispatched to a different subscriber in
+## the group in case the picked (based on shared_subscription_strategy) one # is offline
+##
+## Value: Enum
+## - true
+## - false
+broker.shared_dispatch_ack_enabled = false
+
+## Enable batch clean for deleted routes.
+##
+## Value: Flag
+broker.route_batch_clean = off
+
+##--------------------------------------------------------------------
+## System Monitor
+##--------------------------------------------------------------------
+
+## Enable Long GC monitoring. Disable if the value is 0.
+## Notice: don't enable the monitor in production for:
+## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
+##
+## Value: Duration
+## - h: hour
+## - m: minute
+## - s: second
+## - ms: milliseconds
+##
+## Examples:
+## - 2h: 2 hours
+## - 30m: 30 minutes
+## - 0.1s: 0.1 seconds
+## - 100ms : 100 milliseconds
+##
+## Default: 0ms
+sysmon.long_gc = 0
+
+## Enable Long Schedule(ms) monitoring.
+##
+## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+##
+## Value: Duration
+## - h: hour
+## - m: minute
+## - s: second
+## - ms: milliseconds
+##
+## Examples:
+## - 2h: 2 hours
+## - 30m: 30 minutes
+## - 0.1s: 0.1 seconds
+## - 100ms: 100 milliseconds
+##
+## Default: 0ms
+sysmon.long_schedule = 240ms
+
+## Enable Large Heap monitoring.
+##
+## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+##
+## Value: bytes
+##
+## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM.
+sysmon.large_heap = 8MB
+
+## Enable Busy Port monitoring.
+##
+## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+##
+## Value: true | false
+sysmon.busy_port = false
+
+## Enable Busy Dist Port monitoring.
+##
+## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+##
+## Value: true | false
+sysmon.busy_dist_port = true
+
+## The time interval for the periodic cpu check
+##
+## Value: Duration
+## -h: hour, e.g. '2h' for 2 hours
+## -m: minute, e.g. '5m' for 5 minutes
+## -s: second, e.g. '30s' for 30 seconds
+##
+## Default: 60s
+os_mon.cpu_check_interval = 60s
+
+## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set.
+##
+## Default: 80%
+os_mon.cpu_high_watermark = 80%
+
+## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear.
+##
+## Default: 60%
+os_mon.cpu_low_watermark = 60%
+
+## The time interval for the periodic memory check
+##
+## Value: Duration
+## -h: hour, e.g. '2h' for 2 hours
+## -m: minute, e.g. '5m' for 5 minutes
+## -s: second, e.g. '30s' for 30 seconds
+##
+## Default: 60s
+os_mon.mem_check_interval = 60s
+
+## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set.
+##
+## Default: 70%
+os_mon.sysmem_high_watermark = 70%
+
+## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set.
+##
+## Default: 5%
+os_mon.procmem_high_watermark = 5%
+
+## The time interval for the periodic process limit check
+##
+## Value: Duration
+##
+## Default: 30s
+vm_mon.check_interval = 30s
+
+## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set.
+##
+## Default: 80%
+vm_mon.process_high_watermark = 80%
+
+## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear.
+##
+## Default: 60%
+vm_mon.process_low_watermark = 60%
+
+
diff --git a/docker/local_build/emqx4.0/emqx_auth_http.conf b/docker/local_build/emqx4.0/emqx_auth_http.conf
new file mode 100644
index 00000000..ca54b13b
--- /dev/null
+++ b/docker/local_build/emqx4.0/emqx_auth_http.conf
@@ -0,0 +1,133 @@
+##--------------------------------------------------------------------
+## HTTP Auth/ACL Plugin
+##--------------------------------------------------------------------
+
+
+##------------------------------------------------------------------------------
+## SSL options
+
+## Path to the file containing PEM-encoded CA certificates. The CA certificates
+## are used during server authentication and when building the client certificate chain.
+##
+## Value: File
+## auth.http.ssl.cacertfile = /etc/emqx/certs/ca.pem
+
+## The path to a file containing the client's certificate.
+##
+## Value: File
+## auth.http.ssl.certfile = /etc/emqx/certs/client-cert.pem
+
+## Path to a file containing the client's private PEM-encoded key.
+##
+## Value: File
+## auth.http.ssl.keyfile = /etc/emqx/certs/client-key.pem
+
+##--------------------------------------------------------------------
+## HTTP Request Headers
+##
+## Example: auth.http.header.Accept-Encoding = *
+##
+## Value: String
+## auth.http.header.Accept = */*
+
+##--------------------------------------------------------------------
+## Authentication request.
+##
+## Variables:
+## - %u: username
+## - %c: clientid
+## - %a: ipaddress
+## - %r: protocol
+## - %P: password
+## - %p: sockport of server accepted
+## - %C: common name of client TLS cert
+## - %d: subject of client TLS cert
+##
+## Value: URL
+auth.http.auth_req = http://localhost:8080/iot/tool/mqtt/auth
+## Value: post | get | put
+auth.http.auth_req.method = post
+## Value: Params
+auth.http.auth_req.params = clientid=%c,username=%u,password=%P
+
+##--------------------------------------------------------------------
+## Superuser request.
+##
+## Variables:
+## - %u: username
+## - %c: clientid
+## - %a: ipaddress
+## - %r: protocol
+## - %P: password
+## - %p: sockport of server accepted
+## - %C: common name of client TLS cert
+## - %d: subject of client TLS cert
+##
+## Value: URL
+# auth.http.super_req = http://127.0.0.1:8991/mqtt/superuser
+## Value: post | get | put
+# auth.http.super_req.method = post
+## Value: Params
+# auth.http.super_req.params = clientid=%c,username=%u
+
+##--------------------------------------------------------------------
+## ACL request.
+##
+## Variables:
+## - %A: 1 | 2, 1 = sub, 2 = pub
+## - %u: username
+## - %c: clientid
+## - %a: ipaddress
+## - %r: protocol
+## - %m: mountpoint
+## - %t: topic
+##
+## Value: URL
+# auth.http.acl_req = http://127.0.0.1:8991/mqtt/acl
+## Value: post | get | put
+# auth.http.acl_req.method = get
+## Value: Params
+# auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
+
+##------------------------------------------------------------------------------
+## Http Reqeust options
+
+## Time-out time for the http request, 0 is never timeout.
+##
+## Value: Duration
+## -h: hour, e.g. '2h' for 2 hours
+## -m: minute, e.g. '5m' for 5 minutes
+## -s: second, e.g. '30s' for 30 seconds
+##
+## Default: 0
+## auth.http.request.timeout = 0
+
+## Connection time-out time, used during the initial request
+## when the client is connecting to the server
+##
+## Value: Duration
+##
+## Default is same with the timeout option
+## auth.http.request.connect_timout = 0
+
+## Re-send http reuqest times
+##
+## Value: integer
+##
+## Default: 3
+auth.http.request.retry_times = 3
+
+## The interval for re-sending the http request
+##
+## Value: Duration
+##
+## Default: 1s
+auth.http.request.retry_interval = 1s
+
+## The 'Exponential Backoff' mechanism for re-sending request. The actually
+## re-send time interval is `interval * backoff ^ times`
+##
+## Value: float
+##
+## Default: 2.0
+auth.http.request.retry_backoff = 2.0
diff --git a/docker/local_build/emqx4.0/emqx_web_hook.conf b/docker/local_build/emqx4.0/emqx_web_hook.conf
new file mode 100644
index 00000000..5fe157dc
--- /dev/null
+++ b/docker/local_build/emqx4.0/emqx_web_hook.conf
@@ -0,0 +1,22 @@
+
+web.hook.api.url = http://localhost:8080/iot/tool/mqtt/webhook
+
+## Encode message payload field
+##
+## Value: base64 | base62
+##
+## Default: undefined
+## web.hook.encode_payload = base64
+
+# web.hook.rule.client.connect.1 = {"action": "on_client_connect"}
+# web.hook.rule.client.connack.1 = {"action": "on_client_connack"}
+web.hook.rule.client.connected.1 = {"action": "on_client_connected"}
+web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"}
+# web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"}
+# web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"}
+# web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"}
+# web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
+# web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"}
+# web.hook.rule.message.publish.1 = {"action": "on_message_publish"}
+# web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"}
+# web.hook.rule.message.acked.1 = {"action": "on_message_acked"}
diff --git a/docker/local_build/emqx4.0/loaded_plugins b/docker/local_build/emqx4.0/loaded_plugins
new file mode 100644
index 00000000..91b5ed86
--- /dev/null
+++ b/docker/local_build/emqx4.0/loaded_plugins
@@ -0,0 +1,8 @@
+{emqx_management,true}.
+{emqx_recon,true}.
+{emqx_retainer,true}.
+{emqx_dashboard,true}.
+{emqx_rule_engine,true}.
+{emqx_bridge_mqtt,false}.
+{emqx_auth_http,true}.
+{emqx_web_hook,true}.
diff --git a/docker/local_build/nginx-ssl.conf b/docker/local_build/nginx-ssl.conf
new file mode 100644
index 00000000..b7587d83
--- /dev/null
+++ b/docker/local_build/nginx-ssl.conf
@@ -0,0 +1,97 @@
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+
+ gzip on;
+ gzip_min_length 1k;
+ gzip_buffers 16 64K;
+ gzip_http_version 1.1;
+ gzip_comp_level 5;
+ gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
+ gzip_vary on;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_disable "MSIE [1-6]\.";
+
+ server {
+ listen 80;
+ server_name localhost;
+ location / {
+ rewrite ^(.*) https://$server_name$1 permanent;
+ }
+ }
+
+server {
+ # 侦听443端口
+ listen 443 ssl;
+ # 定义访问域名
+ server_name localhost;
+ #证书文件名称
+ ssl_certificate domain_bundle.crt;
+ #私钥文件名称
+ ssl_certificate_key domain.key;
+
+ #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
+ #error_page 404/404.html;
+ #HTTP_TO_HTTPS_START
+ if ($server_port !~ 443){
+ rewrite ^(/.*)$ https://$host$1 permanent;
+ }
+ ssl_session_timeout 10m;
+ #请按照以下协议配置
+ ssl_protocols TLSv1.2 TLSv1.3;
+ #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
+ ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+ ssl_prefer_server_ciphers on;
+
+ # web端
+ location / {
+ root /var/wumei-smart/vue;
+ try_files $uri $uri/ /index.html;
+ index index.html index.htm;
+ }
+
+ # 服务端接口
+ location /prod-api/{
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE-HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:8080/;
+ }
+
+ # emqx接口
+ location /api/v4/{
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE-HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:8081/api/v4/;
+ }
+
+ # wss连接
+ location /mqtt {
+ proxy_pass http://localhost:8083/mqtt;
+ proxy_read_timeout 90s;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real_IP $remote_addr;
+ proxy_set_header X-Forwarded-for $remote_addr;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'Upgrade';
+ }
+
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root html;
+ }
+}
+}
\ No newline at end of file
diff --git a/docker/local_build/nginx.conf b/docker/local_build/nginx.conf
new file mode 100644
index 00000000..202372e3
--- /dev/null
+++ b/docker/local_build/nginx.conf
@@ -0,0 +1,55 @@
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+
+ gzip on;
+ gzip_min_length 1k;
+ gzip_buffers 16 64K;
+ gzip_http_version 1.1;
+ gzip_comp_level 5;
+ gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
+ gzip_vary on;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_disable "MSIE [1-6]\.";
+
+ server {
+ listen 80;
+ server_name localhost;
+ charset utf-8;
+
+ location / {
+ root /var/wumei-smart/vue;
+ try_files $uri $uri/ /index.html;
+ index index.html index.htm;
+ }
+
+ location /prod-api/ {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE-HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:8080/;
+ }
+
+ location /api/v4/ {
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header REMOTE-HOST $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:8081/api/v4/;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root html;
+ }
+ }
+}
\ No newline at end of file
diff --git a/docker/local_build/wumei-smart/java/放置后端jar包,改名为app.jar.txt b/docker/local_build/wumei-smart/java/放置后端jar包,改名为app.jar.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/docker/local_build/wumei-smart/vue/放置vue打包文件内容.txt b/docker/local_build/wumei-smart/vue/放置vue打包文件内容.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/springboot/pom.xml b/springboot/pom.xml
index 56ff4836..fd03c517 100644
--- a/springboot/pom.xml
+++ b/springboot/pom.xml
@@ -241,7 +241,7 @@
${project.build.sourceEncoding}
- ${java.home}/lib/rt.jar;${java.home}/lib/jce.jar
+ ${java.home}/lib/rt.jar:${java.home}/lib/jce.jar
diff --git a/springboot/wumei-admin/src/main/resources/logback.xml b/springboot/wumei-admin/src/main/resources/logback.xml
index 5a0ff56b..386aa4ee 100644
--- a/springboot/wumei-admin/src/main/resources/logback.xml
+++ b/springboot/wumei-admin/src/main/resources/logback.xml
@@ -1,7 +1,7 @@
-
+
diff --git a/springboot/wumei-iot/src/main/java/com/ruoyi/iot/mqtt/EmqxClient.java b/springboot/wumei-iot/src/main/java/com/ruoyi/iot/mqtt/EmqxClient.java
index 5d965bf8..c6e9ef31 100644
--- a/springboot/wumei-iot/src/main/java/com/ruoyi/iot/mqtt/EmqxClient.java
+++ b/springboot/wumei-iot/src/main/java/com/ruoyi/iot/mqtt/EmqxClient.java
@@ -79,7 +79,7 @@ public class EmqxClient {
token.waitForCompletion();
}catch (Exception e){
logger.error("=====>>>>>mqtt连接失败 message={}",e.getMessage());
-// e.printStackTrace();
+ e.printStackTrace();
}
}
}
@@ -98,7 +98,7 @@ public class EmqxClient {
logger.debug("====>>>mqtt客户端启动成功");
}catch (MqttException e){
logger.error("mqtt客户端连接错误 error={}",e.getMessage());
-// e.printStackTrace();
+ e.printStackTrace();
}
}
}
@@ -132,7 +132,6 @@ public class EmqxClient {
token.waitForCompletion();
}catch (MqttException e){
logger.error("====>>>>断开mqtt连接发生错误 message={}",e.getMessage());
- throw new ServiceException("断开mqtt连接发生错误" + e.getMessage());
}
}
client = null;