Created
July 3, 2019 17:48
-
-
Save toygame/18e730fe33f94a6172374241cff72e51 to your computer and use it in GitHub Desktop.
Configuration file for LoRa App Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [general] | |
| # Log level | |
| # | |
| # debug=5, info=4, warning=3, error=2, fatal=1, panic=0 | |
| log_level=4 | |
| # The number of times passwords must be hashed. A higher number is safer as | |
| # an attack takes more time to perform. | |
| password_hash_iterations=100000 | |
| # PostgreSQL settings. | |
| # | |
| # Please note that PostgreSQL 9.5+ is required. | |
| [postgresql] | |
| # PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable). | |
| # | |
| # Besides using an URL (e.g. 'postgres://user:password@hostname/database?sslmode=disable') | |
| # it is also possible to use the following format: | |
| # 'user=loraserver dbname=loraserver sslmode=disable'. | |
| # | |
| # The following connection parameters are supported: | |
| # | |
| # * dbname - The name of the database to connect to | |
| # * user - The user to sign in as | |
| # * password - The user's password | |
| # * host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost) | |
| # * port - The port to bind to. (default is 5432) | |
| # * sslmode - Whether or not to use SSL (default is require, this is not the default for libpq) | |
| # * fallback_application_name - An application_name to fall back to if one isn't provided. | |
| # * connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely. | |
| # * sslcert - Cert file location. The file must contain PEM encoded data. | |
| # * sslkey - Key file location. The file must contain PEM encoded data. | |
| # * sslrootcert - The location of the root certificate file. The file must contain PEM encoded data. | |
| # | |
| # Valid values for sslmode are: | |
| # | |
| # * disable - No SSL | |
| # * require - Always SSL (skip verification) | |
| # * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA) | |
| # * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate) | |
| dsn="postgres://loraserver_as:dbpassword@localhost/loraserver_as?sslmode=disable" | |
| # Automatically apply database migrations. | |
| # | |
| # It is possible to apply the database-migrations by hand | |
| # (see https://github.com/brocaar/lora-app-server/tree/master/migrations) | |
| # or let LoRa App Server migrate to the latest state automatically, by using | |
| # this setting. Make sure that you always make a backup when upgrading Lora | |
| # App Server and / or applying migrations. | |
| automigrate=true | |
| # Redis settings | |
| # | |
| # Please note that Redis 2.6.0+ is required. | |
| [redis] | |
| # Redis url (e.g. redis://user:password@hostname/0) | |
| # | |
| # For more information about the Redis URL format, see: | |
| # https://www.iana.org/assignments/uri-schemes/prov/redis | |
| url="redis://localhost:6379" | |
| # Max idle connections in the pool. | |
| max_idle=10 | |
| # Idle timeout. | |
| # | |
| # Close connections after remaining idle for this duration. If the value | |
| # is zero, then idle connections are not closed. You should set | |
| # the timeout to a value less than the server's timeout. | |
| idle_timeout="5m0s" | |
| # Application-server settings. | |
| [application_server] | |
| # Application-server identifier. | |
| # | |
| # Random UUID defining the id of the application-server installation (used by | |
| # LoRa Server as routing-profile id). | |
| # For now it is recommended to not change this id. | |
| id="6d5db27e-4ce2-4b2b-b5d7-91f069397978" | |
| # JavaScript codec settings. | |
| [application_server.codec.js] | |
| # Maximum execution time. | |
| max_execution_time="100ms" | |
| # Integration configures the data integration. | |
| # | |
| # This is the data integration which is available for all applications, | |
| # besides the extra integrations that can be added on a per-application | |
| # basis. | |
| [application_server.integration] | |
| # Enabled integrations. | |
| # | |
| # Enabled integrations are enabled for all applications. Multiple | |
| # integrations can be configured. | |
| # Do not forget to configure the related configuration section below for | |
| # the enabled integrations. Integrations that can be enabled are: | |
| # * mqtt - MQTT broker | |
| # * aws_sns - AWS Simple Notification Service (SNS) | |
| # * azure_service_bus - Azure Service-Bus | |
| # * gcp_pub_sub - Google Cloud Pub/Sub | |
| enabled=["mqtt"] | |
| # MQTT integration backend. | |
| [application_server.integration.mqtt] | |
| # MQTT topic templates for the different MQTT topics. | |
| # | |
| # The meaning of these topics are documented at: | |
| # https://www.loraserver.io/lora-app-server/integrate/data/ | |
| # | |
| # The following substitutions can be used: | |
| # * "{{ .ApplicationID }}" for the application id. | |
| # * "{{ .DevEUI }}" for the DevEUI of the device. | |
| # | |
| # Note: the downlink_topic_template must contain both the application id and | |
| # DevEUI substitution! | |
| uplink_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/rx" | |
| downlink_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/tx" | |
| join_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/join" | |
| ack_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/ack" | |
| error_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/error" | |
| status_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/status" | |
| location_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/location" | |
| # Retained messages configuration. | |
| # | |
| # The MQTT broker will store the last publised message, when retained message is set | |
| # to true. When a client subscribes to a topic with retained message set to true, it will | |
| # always receive the last published message. | |
| uplink_retained_message=false | |
| join_retained_message=false | |
| ack_retained_message=false | |
| error_retained_message=false | |
| status_retained_message=false | |
| location_retained_message=false | |
| # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws) | |
| server="tcp://localhost:1883" | |
| # Connect with the given username (optional) | |
| username="" | |
| # Connect with the given password (optional) | |
| password="" | |
| # Quality of service level | |
| # | |
| # 0: at most once | |
| # 1: at least once | |
| # 2: exactly once | |
| # | |
| # Note: an increase of this value will decrease the performance. | |
| # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels | |
| qos=0 | |
| # Clean session | |
| # | |
| # Set the "clean session" flag in the connect message when this client | |
| # connects to an MQTT broker. By setting this flag you are indicating | |
| # that no messages saved by the broker for this client should be delivered. | |
| clean_session=true | |
| # Client ID | |
| # | |
| # Set the client id to be used by this client when connecting to the MQTT | |
| # broker. A client id must be no longer than 23 characters. When left blank, | |
| # a random id will be generated. This requires clean_session=true. | |
| client_id="" | |
| # CA certificate file (optional) | |
| # | |
| # Use this when setting up a secure connection (when server uses ssl://...) | |
| # but the certificate used by the server is not trusted by any CA certificate | |
| # on the server (e.g. when self generated). | |
| ca_cert="" | |
| # TLS certificate file (optional) | |
| tls_cert="" | |
| # TLS key file (optional) | |
| tls_key="" | |
| # AWS Simple Notification Service (SNS) | |
| [application_server.integration.aws_sns] | |
| # AWS region. | |
| # | |
| # Example: "eu-west-1". | |
| # See also: https://docs.aws.amazon.com/general/latest/gr/rande.html. | |
| aws_region="" | |
| # AWS Access Key ID. | |
| aws_access_key_id="" | |
| # AWS Secret Access Key. | |
| aws_secret_access_key="" | |
| # Topic ARN (SNS). | |
| topic_arn="" | |
| # Azure Service-Bus integration. | |
| [application_server.integration.azure_service_bus] | |
| # Connection string. | |
| # | |
| # The connection string can be found / created in the Azure console under | |
| # Settings -> Shared access policies. The policy must contain Manage & Send. | |
| connection_string="" | |
| # Publish mode. | |
| # | |
| # Select either "topic", or "queue". | |
| publish_mode="" | |
| # Publish name. | |
| # | |
| # The name of the topic or queue. | |
| publish_name="" | |
| # Google Cloud Pub/Sub integration. | |
| [application_server.integration.gcp_pub_sub] | |
| # Path to the IAM service-account credentials file. | |
| # | |
| # Note: this service-account must have the following Pub/Sub roles: | |
| # * Pub/Sub Editor | |
| credentials_file="" | |
| # Google Cloud project id. | |
| project_id="" | |
| # Pub/Sub topic name. | |
| topic_name="" | |
| # Settings for the "internal api" | |
| # | |
| # This is the API used by LoRa Server to communicate with LoRa App Server | |
| # and should not be exposed to the end-user. | |
| [application_server.api] | |
| # ip:port to bind the api server | |
| bind="0.0.0.0:8001" | |
| # ca certificate used by the api server (optional) | |
| ca_cert="" | |
| # tls certificate used by the api server (optional) | |
| tls_cert="" | |
| # tls key used by the api server (optional) | |
| tls_key="" | |
| # Public ip:port of the application-server API. | |
| # | |
| # This is used by LoRa Server to connect to LoRa App Server. When running | |
| # LoRa App Server on a different host than LoRa Server, make sure to set | |
| # this to the host:ip on which LoRa Server can reach LoRa App Server. | |
| # The port must be equal to the port configured by the 'bind' flag | |
| # above. | |
| public_host="localhost:8001" | |
| # Settings for the "external api" | |
| # | |
| # This is the API and web-interface exposed to the end-user. | |
| [application_server.external_api] | |
| # ip:port to bind the (user facing) http server to (web-interface and REST / gRPC api) | |
| bind="0.0.0.0:8080" | |
| # http server TLS certificate (optional) | |
| tls_cert="" | |
| # http server TLS key (optional) | |
| tls_key="" | |
| # JWT secret used for api authentication / authorization | |
| # You could generate this by executing 'openssl rand -base64 32' for example | |
| jwt_secret="" | |
| # Allow origin header (CORS). | |
| # | |
| # Set this to allows cross-domain communication from the browser (CORS). | |
| # Example value: https://example.com. | |
| # When left blank (default), CORS will not be used. | |
| cors_allow_origin="" | |
| # when set, existing users can't be re-assigned (to avoid exposure of all users to an organization admin)" | |
| disable_assign_existing_users=false | |
| # Settings for the remote multicast setup. | |
| [application_server.remote_multicast_setup] | |
| # Synchronization interval. | |
| sync_interval="1s" | |
| # Synchronization retries. | |
| sync_retries=3 | |
| # Synchronization batch-size. | |
| sync_batch_size=100 | |
| # Settings for the fragmentation-session setup. | |
| [application_server.fragmentation_session] | |
| # Synchronization interval. | |
| sync_interval="1s" | |
| # Synchronization retries. | |
| sync_retries=3 | |
| # Synchronization batch-size. | |
| sync_batch_size=100 | |
| # Join-server configuration. | |
| # | |
| # LoRa App Server implements a (subset) of the join-api specified by the | |
| # LoRaWAN Backend Interfaces specification. This API is used by LoRa Server | |
| # to handle join-requests. | |
| [join_server] | |
| # ip:port to bind the join-server api interface to | |
| bind="0.0.0.0:8003" | |
| # CA certificate (optional). | |
| # | |
| # When set, the server requires a client-certificate and will validate this | |
| # certificate on incoming requests. | |
| ca_cert="" | |
| # TLS server-certificate (optional). | |
| # | |
| # Set this to enable TLS. | |
| tls_cert="" | |
| # TLS server-certificate key (optional). | |
| # | |
| # Set this to enable TLS. | |
| tls_key="" | |
| # Key Encryption Key (KEK) configuration. | |
| # | |
| # The KEK meganism is used to encrypt the session-keys sent from the | |
| # join-server to the network-server. | |
| # | |
| # The LoRa App Server join-server will use the NetID of the requesting | |
| # network-server as the KEK label. When no such label exists in the set, | |
| # the session-keys will be sent unencrypted (which can be fine for | |
| # private networks). | |
| # | |
| # Please refer to the LoRaWAN Backend Interface specification | |
| # 'Key Transport Security' section for more information. | |
| [join_server.kek] | |
| # Application-server KEK label. | |
| # | |
| # This defines the KEK label used to encrypt the AppSKey (note that the | |
| # AppSKey is signaled to the NS and on the first received uplink from the | |
| # NS to the AS). | |
| # | |
| # When left blank, the AppSKey will be sent unencrypted (which can be fine | |
| # for private networks). | |
| as_kek_label="" | |
| # KEK set. | |
| # | |
| # Example (the [[join_server.kek.set]] can be repeated): | |
| # [[join_server.kek.set]] | |
| # # KEK label. | |
| # label="000000" | |
| # # Key Encryption Key. | |
| # kek="01020304050607080102030405060708" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment