Skip to content

Instantly share code, notes, and snippets.

@zmstone

zmstone/emqx-schema-dump.json

Created March 31, 2023 18:10
Show Gist options
  • Save zmstone/66362165bea304992ea766fa50ceeddd to your computer and use it in GitHub Desktop.
Save zmstone/66362165bea304992ea766fa50ceeddd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
emqx-schema-dump.json
[
{
"fields": [
{
"aliases": [],
"name": "listeners",
"type": {
"kind": "struct",
"name": "broker:listeners"
}
},
{
"aliases": [],
"desc": "A zone is a set of configs grouped by the zone <code>name</code>.\nFor flexible configuration mapping, the <code>name</code> can be set to a listener's <code>zone</code> config.\nNOTE: A built-in zone named <code>default</code> is auto created and can not be deleted.",
"name": "zones",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:zone"
}
}
},
{
"aliases": [],
"desc": "Global MQTT configuration.\nThe configs here work as default values which can be overridden in <code>zone</code> configs",
"name": "mqtt",
"type": {
"kind": "struct",
"name": "broker:mqtt"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all MQTT listeners.\n\nFor per-listener overrides see <code>authentication</code> in listener configs\n\nThis option can be configured with:\n<ul>\n <li><code>[]</code>: The default value, it allows *ALL* logins</li>\n <li>one: For example <code>{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"}</code></li>\n <li>chain: An array of structs.</li>\n</ul>\n\nWhen a chain is configured, the login credentials are checked against the backends per the configured order, until an 'allow' or 'deny' decision can be made.\n\nIf there is no decision after a full chain exhaustion, the login is rejected.",
"name": "authentication",
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
},
"kind": "array"
}
},
{
"aliases": [],
"desc": "Authorization a.k.a. ACL.<br/>\nIn EMQX, MQTT client access control is extremely flexible.<br/>\nAn out-of-the-box set of authorization data sources are supported.\nFor example,<br/>\n'file' source is to support concise and yet generic ACL rules in a file;<br/>\n'built_in_database' source can be used to store per-client customizable rule sets,\nnatively in the EMQX node;<br/>\n'http' source to make EMQX call an external HTTP API to make the decision;<br/>\n'PostgreSQL' etc. to look up clients or rules from external databases",
"name": "authorization",
"type": {
"kind": "struct",
"name": "authorization"
}
},
{
"aliases": [],
"name": "node",
"type": {
"kind": "struct",
"name": "node"
}
},
{
"aliases": [],
"name": "cluster",
"type": {
"kind": "struct",
"name": "cluster"
}
},
{
"aliases": [],
"name": "log",
"type": {
"kind": "struct",
"name": "log"
}
},
{
"aliases": [],
"name": "rpc",
"type": {
"kind": "struct",
"name": "rpc"
}
},
{
"aliases": [],
"desc": "Message broker options.",
"name": "broker",
"type": {
"kind": "struct",
"name": "broker"
}
},
{
"aliases": [],
"desc": "System topics configuration.",
"name": "sys_topics",
"type": {
"kind": "struct",
"name": "broker:sys_topics"
}
},
{
"aliases": [],
"name": "force_shutdown",
"type": {
"kind": "struct",
"name": "broker:force_shutdown"
}
},
{
"aliases": [],
"name": "overload_protection",
"type": {
"kind": "struct",
"name": "broker:overload_protection"
}
},
{
"aliases": [],
"name": "force_gc",
"type": {
"kind": "struct",
"name": "broker:force_gc"
}
},
{
"aliases": [],
"name": "conn_congestion",
"type": {
"kind": "struct",
"name": "broker:conn_congestion"
}
},
{
"aliases": [],
"name": "stats",
"type": {
"kind": "struct",
"name": "broker:stats"
}
},
{
"aliases": [],
"name": "sysmon",
"type": {
"kind": "struct",
"name": "broker:sysmon"
}
},
{
"aliases": [],
"name": "alarm",
"type": {
"kind": "struct",
"name": "broker:alarm"
}
},
{
"aliases": [],
"name": "flapping_detect",
"type": {
"kind": "struct",
"name": "broker:flapping_detect"
}
},
{
"aliases": [],
"name": "persistent_session_store",
"type": {
"kind": "struct",
"name": "broker:persistent_session_store"
}
},
{
"aliases": [],
"name": "trace",
"type": {
"kind": "struct",
"name": "broker:trace"
}
},
{
"aliases": [],
"name": "bridges",
"type": {
"kind": "struct",
"name": "bridge:bridges"
}
},
{
"aliases": [],
"name": "retainer",
"type": {
"kind": "struct",
"name": "retainer"
}
},
{
"aliases": [],
"name": "statsd",
"type": {
"kind": "struct",
"name": "statsd"
}
},
{
"aliases": [],
"name": "auto_subscribe",
"type": {
"kind": "struct",
"name": "auto_subscribe"
}
},
{
"aliases": [],
"name": "delayed",
"type": {
"kind": "struct",
"name": "modules:delayed"
}
},
{
"aliases": [],
"name": "telemetry",
"type": {
"kind": "struct",
"name": "modules:telemetry"
}
},
{
"aliases": [],
"desc": "List of topic rewrite rules.",
"name": "rewrite",
"type": {
"elements": {
"kind": "struct",
"name": "modules:rewrite"
},
"kind": "array"
}
},
{
"aliases": [],
"desc": "List of topics whose metrics are reported.",
"name": "topic_metrics",
"type": {
"elements": {
"kind": "struct",
"name": "modules:topic_metrics"
},
"kind": "array"
}
},
{
"aliases": [],
"name": "plugins",
"type": {
"kind": "struct",
"name": "plugin:plugins"
}
},
{
"aliases": [],
"name": "dashboard",
"type": {
"kind": "struct",
"name": "dashboard"
}
},
{
"aliases": [],
"name": "gateway",
"type": {
"kind": "struct",
"name": "gateway"
}
},
{
"aliases": [],
"name": "prometheus",
"type": {
"kind": "struct",
"name": "prometheus"
}
},
{
"aliases": [],
"name": "rule_engine",
"type": {
"kind": "struct",
"name": "rule_engine"
}
},
{
"aliases": [],
"name": "exhook",
"type": {
"kind": "struct",
"name": "exhook"
}
},
{
"aliases": [],
"name": "psk_authentication",
"type": {
"kind": "struct",
"name": "authn-psk:psk_authentication"
}
},
{
"aliases": [],
"name": "limiter",
"type": {
"kind": "struct",
"name": "limiter"
}
},
{
"aliases": [],
"name": "slow_subs",
"type": {
"kind": "struct",
"name": "slow_subs"
}
},
{
"aliases": [],
"name": "api_key",
"type": {
"kind": "struct",
"name": "api_key"
}
}
],
"full_name": "Root Config Keys",
"paths": [],
"tags": []
},
{
"desc": "API Key, can be used to request API other than the management API key and the Dashboard user management API",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "Bootstrap file is used to add an api_key when emqx is launched,\n the format is:\n ```\n 7e729ae70d23144b:2QILI9AcQ9BYlVqLDHQNWN2saIjBV4egr1CZneTNKr9CpK\n ec3907f865805db0:Ee3taYltUKtoBVD9C3XjQl9C6NXheip8Z9B69BpUv5JxVHL\n ```",
"name": "bootstrap_file",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "api_key",
"paths": [
"api_key"
],
"tags": []
},
{
"desc": "Authorization using a static file.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "file"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Path to the file which contains the ACL rules.\nIf the file provisioned before starting EMQX node,\nit can be placed anywhere as long as EMQX has read access to it.\nThat is, EMQX will treat it as read only.\n\nIn case the rule-set is created or updated from EMQX Dashboard or HTTP API,\na new file will be created and placed in `authz` subdirectory inside EMQX's `data_dir`,\nand the old file will not be used anymore.",
"name": "path",
"type": {
"kind": "primitive",
"name": "string()"
}
}
],
"full_name": "authz:file",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using an external HTTP server (via GET requests).",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "http"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "URL of the auth server.",
"name": "url",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "HTTP request timeout.",
"name": "request_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "HTTP request body.",
"name": "body",
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "The timeout when connecting to the HTTP server.",
"name": "connect_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
"name": "enable_pipelining",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "max_retries",
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "The pool size.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Configure HTTP request parameters.",
"name": "request",
"type": {
"kind": "struct",
"name": "connector-http:request"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "retry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "HTTP method.",
"name": "method",
"type": {
"kind": "singleton",
"name": "get"
}
},
{
"aliases": [],
"default": {
"hocon": "{\n accept = \"application/json\"\n \"cache-control\" = \"no-cache\"\n connection = \"keep-alive\"\n \"keep-alive\" = \"timeout=30, max=1000\"\n}\n",
"oneliner": false
},
"desc": "List of HTTP headers (without <code>content-type</code>).",
"name": "headers",
"raw_default": {
"accept": "application/json",
"cache-control": "no-cache",
"connection": "keep-alive",
"keep-alive": "timeout=30, max=1000"
},
"type": {
"kind": "primitive",
"name": "[{binary(), binary()}]"
}
}
],
"full_name": "authz:http_get",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using an external HTTP server (via POST requests).",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "http"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "URL of the auth server.",
"name": "url",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "HTTP request timeout.",
"name": "request_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "HTTP request body.",
"name": "body",
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "The timeout when connecting to the HTTP server.",
"name": "connect_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
"name": "enable_pipelining",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "max_retries",
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "The pool size.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Configure HTTP request parameters.",
"name": "request",
"type": {
"kind": "struct",
"name": "connector-http:request"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "retry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "HTTP method.",
"name": "method",
"type": {
"kind": "singleton",
"name": "post"
}
},
{
"aliases": [],
"default": {
"hocon": "{\n accept = \"application/json\"\n \"cache-control\" = \"no-cache\"\n connection = \"keep-alive\"\n \"content-type\" = \"application/json\"\n \"keep-alive\" = \"timeout=30, max=1000\"\n}\n",
"oneliner": false
},
"desc": "List of HTTP Headers.",
"name": "headers",
"raw_default": {
"accept": "application/json",
"cache-control": "no-cache",
"connection": "keep-alive",
"content-type": "application/json",
"keep-alive": "timeout=30, max=1000"
},
"type": {
"kind": "primitive",
"name": "[{binary(), binary()}]"
}
}
],
"full_name": "authz:http_post",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a built-in database (mnesia).",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "built_in_database"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "authz:mnesia",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a MongoDB replica set.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "mongodb"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "`MongoDB` collection containing the authorization data.",
"name": "collection",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders<br/>\n - <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting<br/>\n - <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting",
"name": "filter",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "rs",
"oneliner": true
},
"desc": "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.",
"name": "mongo_type",
"raw_default": "rs",
"type": {
"kind": "singleton",
"name": "rs"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unsafe",
"oneliner": true
},
"desc": "Write mode.",
"name": "w_mode",
"raw_default": "unsafe",
"type": {
"kind": "enum",
"symbols": [
"unsafe",
"safe"
]
}
},
{
"aliases": [],
"default": {
"hocon": "master",
"oneliner": true
},
"desc": "Read mode.",
"name": "r_mode",
"raw_default": "master",
"type": {
"kind": "enum",
"symbols": [
"master",
"slave_ok"
]
}
},
{
"aliases": [],
"desc": "Name of the replica set.",
"name": "replica_set_name",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use DNS SRV record.",
"name": "srv_record",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name associated with the user's credentials.",
"name": "auth_source",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"name": "topology",
"type": {
"kind": "struct",
"name": "topology"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authz:mongo_rs",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a sharded MongoDB cluster.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "mongodb"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "`MongoDB` collection containing the authorization data.",
"name": "collection",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders<br/>\n - <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting<br/>\n - <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting",
"name": "filter",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "sharded",
"oneliner": true
},
"desc": "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.",
"name": "mongo_type",
"raw_default": "sharded",
"type": {
"kind": "singleton",
"name": "sharded"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unsafe",
"oneliner": true
},
"desc": "Write mode.",
"name": "w_mode",
"raw_default": "unsafe",
"type": {
"kind": "enum",
"symbols": [
"unsafe",
"safe"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use DNS SRV record.",
"name": "srv_record",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name associated with the user's credentials.",
"name": "auth_source",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"name": "topology",
"type": {
"kind": "struct",
"name": "topology"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authz:mongo_sharded",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a single MongoDB instance.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "mongodb"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "`MongoDB` collection containing the authorization data.",
"name": "collection",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders<br/>\n - <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting<br/>\n - <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting",
"name": "filter",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "single",
"oneliner": true
},
"desc": "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.",
"name": "mongo_type",
"raw_default": "single",
"type": {
"kind": "singleton",
"name": "single"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unsafe",
"oneliner": true
},
"desc": "Write mode.",
"name": "w_mode",
"raw_default": "unsafe",
"type": {
"kind": "enum",
"symbols": [
"unsafe",
"safe"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use DNS SRV record.",
"name": "srv_record",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name associated with the user's credentials.",
"name": "auth_source",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"name": "topology",
"type": {
"kind": "struct",
"name": "topology"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authz:mongo_single",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a MySQL database.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "mysql"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe MySQL default port 3306 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"root\"",
"oneliner": true
},
"desc": "EMQX's username in the external database.",
"name": "username",
"raw_default": "root",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "Key-value list of SQL prepared statements.",
"name": "prepare_statement",
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"desc": "Database query used to retrieve authorization data.",
"name": "query",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "authz:mysql",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a PostgreSQL database.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "postgresql"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "Key-value list of SQL prepared statements.",
"name": "prepare_statement",
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"desc": "Database query used to retrieve authorization data.",
"name": "query",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "authz:postgresql",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a Redis cluster.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "redis"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "cluster",
"oneliner": true
},
"desc": "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.",
"name": "redis_type",
"raw_default": "cluster",
"type": {
"kind": "singleton",
"name": "cluster"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "Database query used to retrieve authorization data.",
"name": "cmd",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "authz:redis_cluster",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a Redis Sentinel.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "redis"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "sentinel",
"oneliner": true
},
"desc": "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.",
"name": "redis_type",
"raw_default": "sentinel",
"type": {
"kind": "singleton",
"name": "sentinel"
}
},
{
"aliases": [],
"desc": "The cluster name in Redis sentinel mode.",
"name": "sentinel",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Redis database ID.",
"name": "database",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "Database query used to retrieve authorization data.",
"name": "cmd",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "authz:redis_sentinel",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Authorization using a single Redis instance.",
"fields": [
{
"aliases": [],
"desc": "Backend type.",
"name": "type",
"type": {
"kind": "singleton",
"name": "redis"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this ACL provider",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "single",
"oneliner": true
},
"desc": "Single mode. Must be set to 'single' when Redis server is running in single mode.",
"name": "redis_type",
"raw_default": "single",
"type": {
"kind": "singleton",
"name": "single"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Redis database ID.",
"name": "database",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "Database query used to retrieve authorization data.",
"name": "cmd",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "authz:redis_single",
"paths": [
"authorization.sources.$INDEX"
],
"tags": [
"Authorization"
]
},
{
"desc": "Settings for the alarms.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "[log, publish]",
"oneliner": true
},
"desc": "The actions triggered when the alarm is activated.<br/>Currently, the following actions are supported: <code>log</code> and <code>publish</code>.\n<code>log</code> is to write the alarm to log (console or file).\n<code>publish</code> is to publish the alarm as an MQTT message to the system topics:\n<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate</code> and\n<code>$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate</code>",
"examples": [
[
"log",
"publish"
]
],
"name": "actions",
"raw_default": [
"log",
"publish"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "The maximum total number of deactivated alarms to keep as history.<br/>When this limit is exceeded, the oldest deactivated alarms are deleted to cap the total number.",
"examples": [
1000
],
"name": "size_limit",
"raw_default": 1000,
"type": {
"kind": "primitive",
"name": "1..3000"
}
},
{
"aliases": [],
"default": {
"hocon": "\"24h\"",
"oneliner": true
},
"desc": "Retention time of deactivated alarms. Alarms are not deleted immediately\nwhen deactivated, but after the retention time.",
"examples": [
[
50,
52,
104
]
],
"name": "validity_period",
"raw_default": "24h",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "broker:alarm",
"paths": [
"alarm"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the authorization cache.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable or disable the authorization cache.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "32",
"oneliner": true
},
"desc": "Maximum number of cached items.",
"name": "max_size",
"raw_default": 32,
"type": {
"kind": "primitive",
"name": "1..1048576"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "Time to live for the cached data.",
"name": "ttl",
"raw_default": "1m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "broker:authz_cache",
"paths": [
"authorization.cache"
],
"tags": [
"EMQX"
]
},
{
"desc": "Message broker options.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable session registry",
"name": "enable_session_registry",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "quorum",
"oneliner": true
},
"desc": "Session locking strategy in a cluster.\n - `local`: only lock the session on the current node\n - `one`: select only one remote node to lock the session\n - `quorum`: select some nodes to lock the session\n - `all`: lock the session on all the nodes in the cluster",
"name": "session_locking_strategy",
"raw_default": "quorum",
"type": {
"kind": "enum",
"symbols": [
"local",
"leader",
"quorum",
"all"
]
}
},
{
"aliases": [],
"default": {
"hocon": "round_robin",
"oneliner": true
},
"desc": "Dispatch strategy for shared subscription.\n - `random`: dispatch the message to a random selected subscriber\n - `round_robin`: select the subscribers in a round-robin manner\n - `round_robin_per_group`: select the subscribers in round-robin fashion within each shared subscriber group\n - `local`: select random local subscriber otherwise select random cluster-wide\n - `sticky`: always use the last selected subscriber to dispatch, until the subscriber disconnects.\n - `hash_clientid`: select the subscribers by hashing the `clientIds`\n - `hash_topic`: select the subscribers by hashing the source topic",
"name": "shared_subscription_strategy",
"raw_default": "round_robin",
"type": {
"kind": "enum",
"symbols": [
"random",
"round_robin",
"round_robin_per_group",
"sticky",
"local",
"hash_topic",
"hash_clientid"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Deprecated, will be removed in 5.1.\nEnable/disable shared dispatch acknowledgement for QoS 1 and QoS 2 messages.\nThis should allow messages to be dispatched to a different subscriber in the group in case the picked (based on `shared_subscription_strategy`) subscriber is offline.",
"name": "shared_dispatch_ack_enabled",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable batch clean for deleted routes.",
"name": "route_batch_clean",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Per group dispatch strategy for shared subscription.\nThis config is a map from shared subscription group name to the strategy\nname. The group name should be of format `[A-Za-z0-9]`. i.e. no\nspecial characters are allowed.",
"examples": [
{
"example_group": {
"strategy": "random"
}
}
],
"name": "shared_subscription_group",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:shared_subscription_group"
}
}
}
],
"full_name": "broker",
"paths": [
"broker"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for `conn_congestion` alarm.\n\nSometimes the MQTT connection (usually an MQTT subscriber) may\nget \"congested\", because there are too many packets to be sent.\nThe socket tries to buffer the packets until the buffer is\nfull. If more packets arrive after that, the packets will be\n\"pending\" in the queue, and we consider the connection\ncongested.\n\nNote: `sndbuf` can be set to larger value if the\nalarm is triggered too often.\nThe name of the alarm is of format `conn_congestion/<ClientID>/<Username>`,\nwhere the `<ClientID>` is the client ID of the congested MQTT connection,\nand `<Username>` is the username or `unknown_user`.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable or disable connection congestion alarm.",
"name": "enable_alarm",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "Minimal time before clearing the alarm.<br/>The alarm is cleared only when there's no pending data in<br/>the queue, and at least <code>min_alarm_sustain_duration</code>milliseconds passed since the last time we considered the connection 'congested'.<br/>This is to avoid clearing and raising the alarm again too often.",
"name": "min_alarm_sustain_duration",
"raw_default": "1m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "broker:conn_congestion",
"paths": [
"conn_congestion"
],
"tags": [
"EMQX"
]
},
{
"desc": "Compression options.",
"fields": [
{
"aliases": [],
"desc": "Compression level.",
"name": "level",
"type": {
"kind": "enum",
"symbols": [
"none",
"default",
"best_compression",
"best_speed"
]
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Specifies the size of the compression state.<br/>\nLower values decrease memory usage per connection.",
"name": "mem_level",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "1..9"
}
},
{
"aliases": [],
"default": {
"hocon": "default",
"oneliner": true
},
"desc": "Specifies the compression strategy.",
"name": "strategy",
"raw_default": "default",
"type": {
"kind": "enum",
"symbols": [
"default",
"filtered",
"huffman_only",
"rle"
]
}
},
{
"aliases": [],
"default": {
"hocon": "takeover",
"oneliner": true
},
"desc": "Takeover means the compression state is retained between server messages.",
"name": "server_context_takeover",
"raw_default": "takeover",
"type": {
"kind": "enum",
"symbols": [
"takeover",
"no_takeover"
]
}
},
{
"aliases": [],
"default": {
"hocon": "takeover",
"oneliner": true
},
"desc": "Takeover means the compression state is retained between client messages.",
"name": "client_context_takeover",
"raw_default": "takeover",
"type": {
"kind": "enum",
"symbols": [
"takeover",
"no_takeover"
]
}
},
{
"aliases": [],
"default": {
"hocon": "15",
"oneliner": true
},
"desc": "Specifies the size of the compression context for the server.",
"name": "server_max_window_bits",
"raw_default": 15,
"type": {
"kind": "primitive",
"name": "8..15"
}
},
{
"aliases": [],
"default": {
"hocon": "15",
"oneliner": true
},
"desc": "Specifies the size of the compression context for the client.",
"name": "client_max_window_bits",
"raw_default": 15,
"type": {
"kind": "primitive",
"name": "8..15"
}
}
],
"full_name": "broker:deflate_opts",
"paths": [
"listeners.ws.$name.websocket.deflate_opts",
"listeners.wss.$name.websocket.deflate_opts"
],
"tags": [
"EMQX"
]
},
{
"desc": "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker/<node>/clients/<clientid>/<event>`\n- For the Gateway clients, it is\n`$SYS/broker/<node>/gateway/<gateway-name>/clients/<clientid>/<event>`\n",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable to publish client connected event messages",
"name": "client_connected",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable to publish client disconnected event messages.",
"name": "client_disconnected",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable to publish event message that client subscribed a topic successfully.",
"name": "client_subscribed",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable to publish event message that client unsubscribed a topic successfully.",
"name": "client_unsubscribed",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:event_names",
"paths": [
"sys_topics.sys_event_messages"
],
"tags": [
"EMQX"
]
},
{
"desc": "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable flapping connection detection feature.",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "15",
"oneliner": true
},
"desc": "The maximum number of disconnects allowed for a MQTT Client in `window_time`",
"name": "max_count",
"raw_default": 15,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "The time window for flapping detection.",
"name": "window_time",
"raw_default": "1m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5m\"",
"oneliner": true
},
"desc": "How long the flapping clientid will be banned.",
"name": "ban_time",
"raw_default": "5m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "broker:flapping_detect",
"paths": [
"flapping_detect"
],
"tags": [
"EMQX"
]
},
{
"desc": "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable forced garbage collection.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "16000",
"oneliner": true
},
"desc": "GC the process after this many received messages.",
"name": "count",
"raw_default": 16000,
"type": {
"kind": "primitive",
"name": "0..inf"
}
},
{
"aliases": [],
"default": {
"hocon": "\"16MB\"",
"oneliner": true
},
"desc": "GC the process after specified number of bytes have passed through.",
"name": "bytes",
"raw_default": "16MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
}
],
"full_name": "broker:force_gc",
"paths": [
"force_gc"
],
"tags": [
"EMQX"
]
},
{
"desc": "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable `force_shutdown` feature.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "Maximum message queue length.",
"name": "max_message_queue_len",
"raw_default": 1000,
"type": {
"kind": "primitive",
"name": "0..inf"
}
},
{
"aliases": [],
"default": {
"hocon": "\"32MB\"",
"oneliner": true
},
"desc": "Total heap size",
"name": "max_heap_size",
"raw_default": "32MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:wordsize()"
}
}
],
"full_name": "broker:force_shutdown",
"paths": [
"force_shutdown"
],
"tags": [
"EMQX"
]
},
{
"desc": "TLS options for QUIC transport.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "reuse_sessions",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "depth",
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "versions",
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "ciphers",
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "user_lookup_fun",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "secure_renegotiate",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "hibernate_after",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "dhfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "fail_if_no_peer_cert",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "honor_cipher_order",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "client_renegotiation",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "handshake_timeout",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "gc_after_handshake",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.20.",
"name": "enable_crl_check",
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:listener_quic_ssl_opts",
"paths": [
"listeners.quic.$name.ssl_options"
],
"tags": [
"EMQX"
]
},
{
"desc": "Socket options for SSL connections.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[tlsv1.3, tlsv1.2, tlsv1.1, tlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"tlsv1.3",
"tlsv1.2",
"tlsv1.1",
"tlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx_tls_psk:lookup\"",
"oneliner": true
},
"desc": "EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.",
"name": "user_lookup_fun",
"raw_default": "emqx_tls_psk:lookup",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.<br/>\nNOTE: The <code>dhfile</code> option is not supported by TLS 1.3.",
"name": "dhfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Used together with {verify, verify_peer} by an TLS/DTLS server.\nIf set to true, the server fails if the client does not have a\ncertificate to send, that is, sends an empty certificate.\nIf set to false, it fails only if the client sends an invalid\ncertificate (an empty certificate is considered valid).",
"name": "fail_if_no_peer_cert",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "An important security setting, it forces the cipher to be set based\n on the server-specified order instead of the client-specified order,\n hence enforcing the (usually more properly configured) security\n ordering of the server administrator.",
"name": "honor_cipher_order",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.",
"name": "client_renegotiation",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Maximum time duration allowed for the handshake to complete",
"name": "handshake_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
"name": "gc_after_handshake",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to enable CRL verification for this listener.",
"name": "enable_crl_check",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:listener_ssl_opts",
"paths": [
"gateway.exproto.listeners.ssl.$name.ssl_options",
"gateway.stomp.listeners.ssl.$name.ssl_options",
"listeners.ssl.$name.ssl_options"
],
"tags": [
"EMQX"
]
},
{
"desc": "Socket options for WebSocket/SSL connections.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[tlsv1.3, tlsv1.2, tlsv1.1, tlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"tlsv1.3",
"tlsv1.2",
"tlsv1.1",
"tlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx_tls_psk:lookup\"",
"oneliner": true
},
"desc": "EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.",
"name": "user_lookup_fun",
"raw_default": "emqx_tls_psk:lookup",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.<br/>\nNOTE: The <code>dhfile</code> option is not supported by TLS 1.3.",
"name": "dhfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Used together with {verify, verify_peer} by an TLS/DTLS server.\nIf set to true, the server fails if the client does not have a\ncertificate to send, that is, sends an empty certificate.\nIf set to false, it fails only if the client sends an invalid\ncertificate (an empty certificate is considered valid).",
"name": "fail_if_no_peer_cert",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "An important security setting, it forces the cipher to be set based\n on the server-specified order instead of the client-specified order,\n hence enforcing the (usually more properly configured) security\n ordering of the server administrator.",
"name": "honor_cipher_order",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.",
"name": "client_renegotiation",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Maximum time duration allowed for the handshake to complete",
"name": "handshake_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "broker:listener_wss_opts",
"paths": [
"listeners.wss.$name.ssl_options"
],
"tags": [
"EMQX"
]
},
{
"desc": "MQTT listeners identified by their protocol type and assigned names",
"fields": [
{
"aliases": [],
"desc": "TCP listeners.",
"name": "tcp",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:mqtt_tcp_listener"
}
}
},
{
"aliases": [],
"desc": "SSL listeners.",
"name": "ssl",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:mqtt_ssl_listener"
}
}
},
{
"aliases": [],
"desc": "HTTP websocket listeners.",
"name": "ws",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:mqtt_ws_listener"
}
}
},
{
"aliases": [],
"desc": "HTTPS websocket listeners.",
"name": "wss",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:mqtt_wss_listener"
}
}
},
{
"aliases": [],
"desc": "QUIC listeners.",
"name": "quic",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "broker:mqtt_quic_listener"
}
}
}
],
"full_name": "broker:listeners",
"paths": [
"listeners"
],
"tags": [
"EMQX"
]
},
{
"desc": "Global MQTT configuration.<br/>The configs here work as default values which can be overridden\nin <code>zone</code> configs",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "After the TCP connection is established, if the MQTT CONNECT packet from the client is\nnot received within the time specified by <code>idle_timeout</code>, the connection will be disconnected.\nAfter the CONNECT packet has been accepted by EMQX, if the connection idles for this long time,\nthen the Erlang process is put to hibernation to save OS resources. Note: long <code>idle_timeout</code>\ninterval may impose risk at the system if large number of malicious clients only establish connections\nbut do not send any data.",
"name": "idle_timeout",
"raw_default": "15s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"1MB\"",
"oneliner": true
},
"desc": "Maximum MQTT packet size allowed.",
"name": "max_packet_size",
"raw_default": "1MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "65535",
"oneliner": true
},
"desc": "Maximum allowed length of MQTT Client ID.",
"name": "max_clientid_len",
"raw_default": 65535,
"type": {
"kind": "primitive",
"name": "23..65535"
}
},
{
"aliases": [],
"default": {
"hocon": "128",
"oneliner": true
},
"desc": "Maximum topic levels allowed.",
"name": "max_topic_levels",
"raw_default": 128,
"type": {
"kind": "primitive",
"name": "1..65535"
}
},
{
"aliases": [],
"default": {
"hocon": "2",
"oneliner": true
},
"desc": "Maximum QoS allowed.",
"name": "max_qos_allowed",
"raw_default": 2,
"type": {
"kind": "primitive",
"name": "qos()"
}
},
{
"aliases": [],
"default": {
"hocon": "65535",
"oneliner": true
},
"desc": "Maximum topic alias, 0 means no topic alias supported.",
"name": "max_topic_alias",
"raw_default": 65535,
"type": {
"kind": "primitive",
"name": "0..65535"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable support for MQTT retained message.",
"name": "retain_available",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable support for MQTT wildcard subscription.",
"name": "wildcard_subscription",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable support for MQTT shared subscription.",
"name": "shared_subscription",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to enable support for MQTT exclusive subscription.",
"name": "exclusive_subscription",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Ignore loop delivery of messages for MQTT v3.1.1/v3.1.0, similar to <code>No Local</code> subscription option in MQTT 5.0.",
"name": "ignore_loop_deliver",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Parse MQTT messages in strict mode.\nWhen set to true, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected",
"name": "strict_mode",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "Specify the response information returned to the client. This feature is disabled if is set to \"\". Applies only to clients using MQTT 5.0.",
"name": "response_information",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "disabled",
"oneliner": true
},
"desc": "The keep alive that EMQX requires the client to use. If configured as <code>disabled</code>, it means that the keep alive specified by the client will be used. Requires <code>Server Keep Alive</code> in MQTT 5.0, so it is only applicable to clients using MQTT 5.0 protocol.",
"name": "server_keepalive",
"raw_default": "disabled",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "integer()"
},
{
"kind": "singleton",
"name": "disabled"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "0.75",
"oneliner": true
},
"desc": "The backoff multiplier used by the broker to determine the client keep alive timeout. If EMQX doesn't receive any packet in <code>Keep Alive * Backoff * 2</code> seconds, EMQX will close the current connection.",
"name": "keepalive_backoff",
"raw_default": 0.75,
"type": {
"kind": "primitive",
"name": "number()"
}
},
{
"aliases": [],
"default": {
"hocon": "infinity",
"oneliner": true
},
"desc": "Maximum number of subscriptions allowed per client.",
"name": "max_subscriptions",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "1..inf"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Force upgrade of QoS level according to subscription.",
"name": "upgrade_qos",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "32",
"oneliner": true
},
"desc": "Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment.",
"name": "max_inflight",
"raw_default": 32,
"type": {
"kind": "primitive",
"name": "1..65535"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "Retry interval for QoS 1/2 message delivering.",
"name": "retry_interval",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL. After reaching this limit, new QoS 2 PUBLISH requests will be rejected with `147(0x93)` until either PUBREL is received or timed out.",
"name": "max_awaiting_rel",
"raw_default": 100,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "integer()"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"300s\"",
"oneliner": true
},
"desc": "For client to broker QoS 2 message, the time limit for the broker to wait before the `PUBREL` message is received. The wait is aborted after timed out, meaning the packet ID is freed for new `PUBLISH` requests. Receiving a stale `PUBREL` causes a warning level log. Note, the message is delivered to subscribers before entering the wait for PUBREL.",
"name": "await_rel_timeout",
"raw_default": "300s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"2h\"",
"oneliner": true
},
"desc": "Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections.",
"name": "session_expiry_interval",
"raw_default": "2h",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full.",
"name": "max_mqueue_len",
"raw_default": 1000,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "non_neg_integer()"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "disabled",
"oneliner": true
},
"desc": "Topic priorities. Priority number [1-255]\nThere's no priority table by default, hence all messages are treated equal.\n\n**NOTE**: Comma and equal signs are not allowed for priority topic names.\n**NOTE**: Messages for topics not in the priority table are treated as either highest or lowest priority depending on the configured value for <code>mqtt.mqueue_default_priority</code>.\n\n**Examples**:\nTo configure <code>\"topic/1\" > \"topic/2\"</code>:\n<code>mqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}</code>",
"name": "mqueue_priorities",
"raw_default": "disabled",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "map()"
},
{
"kind": "singleton",
"name": "disabled"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "lowest",
"oneliner": true
},
"desc": "Default topic priority, which will be used by topics not in <code>Topic Priorities</code> (<code>mqueue_priorities</code>).",
"name": "mqueue_default_priority",
"raw_default": "lowest",
"type": {
"kind": "enum",
"symbols": [
"highest",
"lowest"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains.",
"name": "mqueue_store_qos0",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to user Client ID as Username.\nThis setting takes effect later than <code>Use Peer Certificate as Username</code> (<code>peer_cert_as_username</code>) and <code>Use peer certificate as Client ID</code> (<code>peer_cert_as_clientid</code>).",
"name": "use_username_as_clientid",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "disabled",
"oneliner": true
},
"desc": "Use the CN, DN field in the peer certificate or the entire certificate content as Username. Only works for the TLS connection.\nSupported configurations are the following:\n- <code>cn</code>: Take the CN field of the certificate as Username\n- <code>dn</code>: Take the DN field of the certificate as Username\n- <code>crt</code>: Take the content of the <code>DER</code> or <code>PEM</code> certificate as Username\n- <code>pem</code>: Convert <code>DER</code> certificate content to <code>PEM</code> format as Username\n- <code>md5</code>: Take the MD5 value of the content of the <code>DER</code> or <code>PEM</code> certificate as Username",
"name": "peer_cert_as_username",
"raw_default": "disabled",
"type": {
"kind": "enum",
"symbols": [
"disabled",
"cn",
"dn",
"crt",
"pem",
"md5"
]
}
},
{
"aliases": [],
"default": {
"hocon": "disabled",
"oneliner": true
},
"desc": "Use the CN, DN field in the peer certificate or the entire certificate content as Client ID. Only works for the TLS connection.\nSupported configurations are the following:\n- <code>cn</code>: Take the CN field of the certificate as Client ID\n- <code>dn</code>: Take the DN field of the certificate as Client ID\n- <code>crt</code>: Take the content of the <code>DER</code> or <code>PEM</code> certificate as Client ID\n- <code>pem</code>: Convert <code>DER</code> certificate content to <code>PEM</code> format as Client ID\n- <code>md5</code>: Take the MD5 value of the content of the <code>DER</code> or <code>PEM</code> certificate as Client ID",
"name": "peer_cert_as_clientid",
"raw_default": "disabled",
"type": {
"kind": "enum",
"symbols": [
"disabled",
"cn",
"dn",
"crt",
"pem",
"md5"
]
}
}
],
"full_name": "broker:mqtt",
"paths": [
"mqtt"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the MQTT over QUIC listener.",
"fields": [
{
"aliases": [],
"desc": "Path to the certificate file. Will be deprecated in 5.1, use .ssl_options.certfile instead.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Path to the secret key file. Will be deprecated in 5.1, use .ssl_options.keyfile instead.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[\"TLS_AES_256_GCM_SHA384\", \"TLS_AES_128_GCM_SHA256\", \"TLS_CHACHA20_POLY1305_SHA256\"]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code><br/>\n\nNOTE: QUIC listener supports only 'tlsv1.3' ciphers",
"name": "ciphers",
"raw_default": [
"TLS_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256"
],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "How long a connection can go idle before it is gracefully shut down. 0 to disable",
"name": "idle_timeout",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"10s\"",
"oneliner": true
},
"desc": "How long a handshake can idle before it is discarded.",
"name": "handshake_idle_timeout",
"raw_default": "10s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "How often to send PING frames to keep a connection alive. 0 means disabled.",
"name": "keep_alive_interval",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "TLS options for QUIC transport",
"name": "ssl_options",
"type": {
"kind": "struct",
"name": "broker:listener_quic_ssl_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable listener.",
"name": "enabled",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "14567",
"oneliner": true
},
"desc": "IP address and port for the listening socket.",
"name": "bind",
"raw_default": 14567,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The size of the listener's receiving pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The maximum number of concurrent connections allowed by the listener.",
"name": "max_connections",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "pos_integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.<br/>\nSet to `\"\"` to disable the feature.<br/>\n\nVariables in mountpoint string:\n - <code>${clientid}</code>: clientid\n - <code>${username}</code>: username",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "default",
"oneliner": true
},
"desc": "The configuration zone to which the listener belongs.",
"name": "zone",
"raw_default": "default",
"type": {
"kind": "primitive",
"name": "atom()"
}
},
{
"aliases": [],
"desc": "Type of the rate limit.",
"name": "limiter",
"type": {
"kind": "struct",
"name": "limiter:listener_fields"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to <code>false</code> to allow any clients with or without authentication information such as username or password to log in.\nWhen set to <code>quick_deny_anonymous</code>, it behaves like when set to <code>true</code>, but clients will be\ndenied immediately without going through any authenticators if <code>username</code> is not provided. This is useful to fence off\nanonymous clients early.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "enum",
"symbols": [
"true",
"false",
"quick_deny_anonymous"
]
}
}
],
"full_name": "broker:mqtt_quic_listener",
"paths": [
"listeners.quic.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the MQTT over SSL listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable listener.",
"name": "enabled",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8883",
"oneliner": true
},
"desc": "IP address and port for the listening socket.",
"name": "bind",
"raw_default": 8883,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The size of the listener's receiving pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The maximum number of concurrent connections allowed by the listener.",
"name": "max_connections",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "pos_integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.<br/>\nSet to `\"\"` to disable the feature.<br/>\n\nVariables in mountpoint string:\n - <code>${clientid}</code>: clientid\n - <code>${username}</code>: username",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "default",
"oneliner": true
},
"desc": "The configuration zone to which the listener belongs.",
"name": "zone",
"raw_default": "default",
"type": {
"kind": "primitive",
"name": "atom()"
}
},
{
"aliases": [],
"desc": "Type of the rate limit.",
"name": "limiter",
"type": {
"kind": "struct",
"name": "limiter:listener_fields"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to <code>false</code> to allow any clients with or without authentication information such as username or password to log in.\nWhen set to <code>quick_deny_anonymous</code>, it behaves like when set to <code>true</code>, but clients will be\ndenied immediately without going through any authenticators if <code>username</code> is not provided. This is useful to fence off\nanonymous clients early.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "enum",
"symbols": [
"true",
"false",
"quick_deny_anonymous"
]
}
},
{
"aliases": [],
"default": {
"hocon": "[\"allow all\"]",
"oneliner": true
},
"desc": "The access control rules for this listener.<br/>See: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [
"allow all"
],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.<br/>\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
"name": "proxy_protocol",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"3s\"",
"oneliner": true
},
"desc": "Timeout for proxy protocol. EMQX will close the TCP connection if proxy protocol packet is not received within the timeout.",
"name": "proxy_protocol_timeout",
"raw_default": "3s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Per-listener authentication override.\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked in the configured order.",
"name": "authentication",
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
},
"kind": "array"
}
},
{
"aliases": [],
"name": "tcp_options",
"type": {
"kind": "struct",
"name": "broker:tcp_opts"
}
},
{
"aliases": [],
"name": "ssl_options",
"type": {
"kind": "struct",
"name": "broker:listener_ssl_opts"
}
}
],
"full_name": "broker:mqtt_ssl_listener",
"paths": [
"listeners.ssl.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the MQTT over TCP listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable listener.",
"name": "enabled",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "1883",
"oneliner": true
},
"desc": "IP address and port for the listening socket.",
"name": "bind",
"raw_default": 1883,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The size of the listener's receiving pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The maximum number of concurrent connections allowed by the listener.",
"name": "max_connections",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "pos_integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.<br/>\nSet to `\"\"` to disable the feature.<br/>\n\nVariables in mountpoint string:\n - <code>${clientid}</code>: clientid\n - <code>${username}</code>: username",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "default",
"oneliner": true
},
"desc": "The configuration zone to which the listener belongs.",
"name": "zone",
"raw_default": "default",
"type": {
"kind": "primitive",
"name": "atom()"
}
},
{
"aliases": [],
"desc": "Type of the rate limit.",
"name": "limiter",
"type": {
"kind": "struct",
"name": "limiter:listener_fields"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to <code>false</code> to allow any clients with or without authentication information such as username or password to log in.\nWhen set to <code>quick_deny_anonymous</code>, it behaves like when set to <code>true</code>, but clients will be\ndenied immediately without going through any authenticators if <code>username</code> is not provided. This is useful to fence off\nanonymous clients early.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "enum",
"symbols": [
"true",
"false",
"quick_deny_anonymous"
]
}
},
{
"aliases": [],
"default": {
"hocon": "[\"allow all\"]",
"oneliner": true
},
"desc": "The access control rules for this listener.<br/>See: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [
"allow all"
],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.<br/>\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
"name": "proxy_protocol",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"3s\"",
"oneliner": true
},
"desc": "Timeout for proxy protocol. EMQX will close the TCP connection if proxy protocol packet is not received within the timeout.",
"name": "proxy_protocol_timeout",
"raw_default": "3s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Per-listener authentication override.\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked in the configured order.",
"name": "authentication",
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
},
"kind": "array"
}
},
{
"aliases": [],
"name": "tcp_options",
"type": {
"kind": "struct",
"name": "broker:tcp_opts"
}
}
],
"full_name": "broker:mqtt_tcp_listener",
"paths": [
"listeners.tcp.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the MQTT over WebSocket listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable listener.",
"name": "enabled",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8083",
"oneliner": true
},
"desc": "IP address and port for the listening socket.",
"name": "bind",
"raw_default": 8083,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The size of the listener's receiving pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The maximum number of concurrent connections allowed by the listener.",
"name": "max_connections",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "pos_integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.<br/>\nSet to `\"\"` to disable the feature.<br/>\n\nVariables in mountpoint string:\n - <code>${clientid}</code>: clientid\n - <code>${username}</code>: username",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "default",
"oneliner": true
},
"desc": "The configuration zone to which the listener belongs.",
"name": "zone",
"raw_default": "default",
"type": {
"kind": "primitive",
"name": "atom()"
}
},
{
"aliases": [],
"desc": "Type of the rate limit.",
"name": "limiter",
"type": {
"kind": "struct",
"name": "limiter:listener_fields"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to <code>false</code> to allow any clients with or without authentication information such as username or password to log in.\nWhen set to <code>quick_deny_anonymous</code>, it behaves like when set to <code>true</code>, but clients will be\ndenied immediately without going through any authenticators if <code>username</code> is not provided. This is useful to fence off\nanonymous clients early.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "enum",
"symbols": [
"true",
"false",
"quick_deny_anonymous"
]
}
},
{
"aliases": [],
"default": {
"hocon": "[\"allow all\"]",
"oneliner": true
},
"desc": "The access control rules for this listener.<br/>See: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [
"allow all"
],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.<br/>\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
"name": "proxy_protocol",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"3s\"",
"oneliner": true
},
"desc": "Timeout for proxy protocol. EMQX will close the TCP connection if proxy protocol packet is not received within the timeout.",
"name": "proxy_protocol_timeout",
"raw_default": "3s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Per-listener authentication override.\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked in the configured order.",
"name": "authentication",
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
},
"kind": "array"
}
},
{
"aliases": [],
"name": "tcp_options",
"type": {
"kind": "struct",
"name": "broker:tcp_opts"
}
},
{
"aliases": [],
"name": "websocket",
"type": {
"kind": "struct",
"name": "broker:ws_opts"
}
}
],
"full_name": "broker:mqtt_ws_listener",
"paths": [
"listeners.ws.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the MQTT over WebSocket/SSL listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable listener.",
"name": "enabled",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8084",
"oneliner": true
},
"desc": "IP address and port for the listening socket.",
"name": "bind",
"raw_default": 8084,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The size of the listener's receiving pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The maximum number of concurrent connections allowed by the listener.",
"name": "max_connections",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "pos_integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message\nis delivered to the subscriber. The mountpoint is a way that users can use\nto implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint`\nset to `some_tenant`, then the client actually subscribes to the topic\n`some_tenant/t`. Similarly, if another client B (connected to the same listener\nas the client A) sends a message to topic `t`, the message is routed\nto all the clients subscribed `some_tenant/t`, so client A will receive the\nmessage, with topic name `t`.<br/>\nSet to `\"\"` to disable the feature.<br/>\n\nVariables in mountpoint string:\n - <code>${clientid}</code>: clientid\n - <code>${username}</code>: username",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "default",
"oneliner": true
},
"desc": "The configuration zone to which the listener belongs.",
"name": "zone",
"raw_default": "default",
"type": {
"kind": "primitive",
"name": "atom()"
}
},
{
"aliases": [],
"desc": "Type of the rate limit.",
"name": "limiter",
"type": {
"kind": "struct",
"name": "limiter:listener_fields"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to <code>false</code> to allow any clients with or without authentication information such as username or password to log in.\nWhen set to <code>quick_deny_anonymous</code>, it behaves like when set to <code>true</code>, but clients will be\ndenied immediately without going through any authenticators if <code>username</code> is not provided. This is useful to fence off\nanonymous clients early.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "enum",
"symbols": [
"true",
"false",
"quick_deny_anonymous"
]
}
},
{
"aliases": [],
"default": {
"hocon": "[\"allow all\"]",
"oneliner": true
},
"desc": "The access control rules for this listener.<br/>See: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [
"allow all"
],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.<br/>\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
"name": "proxy_protocol",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"3s\"",
"oneliner": true
},
"desc": "Timeout for proxy protocol. EMQX will close the TCP connection if proxy protocol packet is not received within the timeout.",
"name": "proxy_protocol_timeout",
"raw_default": "3s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Per-listener authentication override.\nAuthentication can be one single authenticator instance or a chain of authenticators as an array.\nWhen authenticating a login (username, client ID, etc.) the authenticators are checked in the configured order.",
"name": "authentication",
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
},
"kind": "array"
}
},
{
"aliases": [],
"name": "tcp_options",
"type": {
"kind": "struct",
"name": "broker:tcp_opts"
}
},
{
"aliases": [],
"name": "ssl_options",
"type": {
"kind": "struct",
"name": "broker:listener_wss_opts"
}
},
{
"aliases": [],
"name": "websocket",
"type": {
"kind": "struct",
"name": "broker:ws_opts"
}
}
],
"full_name": "broker:mqtt_wss_listener",
"paths": [
"listeners.wss.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Overload protection mechanism monitors the load of the system and temporarily\ndisables some features (such as accepting new connections) when the load is high.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "React on system overload or not.",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "1",
"oneliner": true
},
"desc": "The maximum duration of delay for background task execution during high load conditions.",
"name": "backoff_delay",
"raw_default": 1,
"type": {
"kind": "primitive",
"name": "0..inf"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "When at high load, skip forceful GC.",
"name": "backoff_gc",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "When at high load, skip process hibernation.",
"name": "backoff_hibernation",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "When at high load, close new incoming connections.",
"name": "backoff_new_conn",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:overload_protection",
"paths": [
"overload_protection"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for the built-in storage engine of persistent messages.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "builtin",
"oneliner": true
},
"desc": "",
"name": "type",
"raw_default": "builtin",
"type": {
"kind": "enum",
"symbols": [
"builtin"
]
}
},
{
"aliases": [],
"desc": "Performance tuning options for built-in session table.",
"name": "session",
"type": {
"kind": "struct",
"name": "broker:persistent_table_mria_opts"
}
},
{
"aliases": [],
"desc": "Performance tuning options for built-in session messages table.",
"name": "session_messages",
"type": {
"kind": "struct",
"name": "broker:persistent_table_mria_opts"
}
},
{
"aliases": [],
"desc": "Performance tuning options for built-in messages table.",
"name": "messages",
"type": {
"kind": "struct",
"name": "broker:persistent_table_mria_opts"
}
}
],
"full_name": "broker:persistent_session_builtin",
"paths": [
"persistent_session_store.backend"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings for message persistence.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use the database to store information about persistent sessions.\nThis makes it possible to migrate a client connection to another\ncluster node if a node is stopped.",
"name": "enabled",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Save information about the persistent sessions on disc.\nIf this option is enabled, persistent sessions will survive full restart of the cluster.\nOtherwise, all the data will be stored in RAM, and it will be lost when all the nodes in the cluster are stopped.",
"name": "on_disc",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Maintain a copy of the data in RAM for faster access.",
"name": "ram_cache",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{\n messages {ram_cache = \"false\"}\n session {ram_cache = \"true\"}\n session_messages {ram_cache = \"true\"}\n type = \"builtin\"\n}\n",
"oneliner": false
},
"desc": "Database management system used to store information about persistent sessions and messages.\n- `builtin`: Use the embedded database (mria)",
"name": "backend",
"raw_default": {
"messages": {
"ram_cache": "false"
},
"session": {
"ram_cache": "true"
},
"session_messages": {
"ram_cache": "true"
},
"type": "builtin"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "broker:persistent_session_builtin"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"1h\"",
"oneliner": true
},
"desc": "The time messages that was not delivered to a persistent session\nis stored before being garbage collected if the node the previous\nsession was handled on restarts of is stopped.",
"name": "max_retain_undelivered",
"raw_default": "1h",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1h\"",
"oneliner": true
},
"desc": "The starting interval for garbage collection of undelivered messages to\na persistent session. This affects how often the \"max_retain_undelivered\"\nis checked for removal.",
"name": "message_gc_interval",
"raw_default": "1h",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "The starting interval for garbage collection of transient data for\npersistent session messages. This does not affect the lifetime length\nof persistent session messages.",
"name": "session_message_gc_interval",
"raw_default": "1m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "broker:persistent_session_store",
"paths": [
"persistent_session_store"
],
"tags": [
"EMQX"
]
},
{
"desc": "Tuning options for the mria table.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Maintain a copy of the data in RAM for faster access.",
"name": "ram_cache",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:persistent_table_mria_opts",
"paths": [
"persistent_session_store.backend.messages",
"persistent_session_store.backend.session",
"persistent_session_store.backend.session_messages"
],
"tags": [
"EMQX"
]
},
{
"desc": "Per group dispatch strategy for shared subscription",
"fields": [
{
"aliases": [],
"default": {
"hocon": "random",
"oneliner": true
},
"desc": "Dispatch strategy for shared subscription.\n- `random`: dispatch the message to a random selected subscriber\n- `round_robin`: select the subscribers in a round-robin manner\n- `round_robin_per_group`: select the subscribers in round-robin fashion within each shared subscriber group\n- `sticky`: always use the last selected subscriber to dispatch,\nuntil the subscriber disconnects.\n- `hash`: select the subscribers by the hash of `clientIds`\n- `local`: send to a random local subscriber. If local\nsubscriber was not found, send to a random subscriber cluster-wide",
"name": "strategy",
"raw_default": "random",
"type": {
"kind": "enum",
"symbols": [
"random",
"round_robin",
"round_robin_per_group",
"sticky",
"local",
"hash_topic",
"hash_clientid"
]
}
}
],
"full_name": "broker:shared_subscription_group",
"paths": [
"broker.shared_subscription_group.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Socket options for SSL clients.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[tlsv1.3, tlsv1.2, tlsv1.1, tlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"tlsv1.3",
"tlsv1.2",
"tlsv1.1",
"tlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx_tls_psk:lookup\"",
"oneliner": true
},
"desc": "EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.",
"name": "user_lookup_fun",
"raw_default": "emqx_tls_psk:lookup",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable TLS.",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Specify the host name to be used in TLS Server Name Indication extension.<br/>\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records <br/>\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP addressed used.<br/>\nThe host name is then also used in the host name verification of the peer\ncertificate.<br/> The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
"examples": [
"disable"
],
"name": "server_name_indication",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disable"
},
{
"kind": "primitive",
"name": "string()"
}
]
}
}
],
"full_name": "broker:ssl_client_opts",
"paths": [
"authentication.$INDEX.ssl",
"authorization.sources.$INDEX.ssl",
"bridges.mqtt.$name.ssl",
"bridges.webhook.$name.ssl",
"cluster.etcd.ssl",
"gateway.coap.authentication.ssl",
"gateway.coap.listeners.dtls.$name.authentication.ssl",
"gateway.coap.listeners.udp.$name.authentication.ssl",
"gateway.exproto.authentication.ssl",
"gateway.exproto.handler.ssl_options",
"gateway.exproto.listeners.dtls.$name.authentication.ssl",
"gateway.exproto.listeners.ssl.$name.authentication.ssl",
"gateway.exproto.listeners.tcp.$name.authentication.ssl",
"gateway.exproto.listeners.udp.$name.authentication.ssl",
"gateway.lwm2m.authentication.ssl",
"gateway.lwm2m.listeners.dtls.$name.authentication.ssl",
"gateway.lwm2m.listeners.udp.$name.authentication.ssl",
"gateway.mqttsn.authentication.ssl",
"gateway.mqttsn.listeners.dtls.$name.authentication.ssl",
"gateway.mqttsn.listeners.udp.$name.authentication.ssl",
"gateway.stomp.authentication.ssl",
"gateway.stomp.listeners.ssl.$name.authentication.ssl",
"gateway.stomp.listeners.tcp.$name.authentication.ssl",
"listeners.ssl.$name.authentication.$INDEX.ssl",
"listeners.tcp.$name.authentication.$INDEX.ssl",
"listeners.ws.$name.authentication.$INDEX.ssl",
"listeners.wss.$name.authentication.$INDEX.ssl"
],
"tags": [
"EMQX"
]
},
{
"desc": "Enable/disable statistic data collection.\nStatistic data such as message receive/send count/rate etc. It provides insights of system performance and helps to diagnose issues. You can find statistic data from the dashboard, or from the '/stats' API.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable/disable statistic data collection.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:stats",
"paths": [
"stats"
],
"tags": [
"EMQX"
]
},
{
"desc": "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "Time interval of publishing `$SYS` messages.",
"name": "sys_msg_interval",
"raw_default": "1m",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "Time interval for publishing following heartbeat messages:\n - `$SYS/brokers/<node>/uptime`\n - `$SYS/brokers/<node>/datetime`",
"name": "sys_heartbeat_interval",
"raw_default": "30s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"desc": "Client events messages.",
"name": "sys_event_messages",
"type": {
"kind": "struct",
"name": "broker:event_names"
}
}
],
"full_name": "broker:sys_topics",
"paths": [
"sys_topics"
],
"tags": [
"EMQX"
]
},
{
"desc": "Features related to system monitoring and introspection.",
"fields": [
{
"aliases": [],
"name": "vm",
"type": {
"kind": "struct",
"name": "broker:sysmon_vm"
}
},
{
"aliases": [],
"name": "os",
"type": {
"kind": "struct",
"name": "broker:sysmon_os"
}
},
{
"aliases": [],
"name": "top",
"type": {
"kind": "struct",
"name": "broker:sysmon_top"
}
}
],
"full_name": "broker:sysmon",
"paths": [
"sysmon"
],
"tags": [
"EMQX"
]
},
{
"desc": "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"60s\"",
"oneliner": true
},
"desc": "The time interval for the periodic CPU check.",
"name": "cpu_check_interval",
"raw_default": "60s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"80%\"",
"oneliner": true
},
"desc": "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is raised.",
"name": "cpu_high_watermark",
"raw_default": "80%",
"type": {
"kind": "primitive",
"name": "emqx_schema:percent()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60%\"",
"oneliner": true
},
"desc": "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is cleared.",
"name": "cpu_low_watermark",
"raw_default": "60%",
"type": {
"kind": "primitive",
"name": "emqx_schema:percent()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60s\"",
"oneliner": true
},
"desc": "The time interval for the periodic memory check.",
"name": "mem_check_interval",
"raw_default": "60s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"70%\"",
"oneliner": true
},
"desc": "The threshold, as percentage of system memory,\n for how much system memory can be allocated before the corresponding alarm is raised.",
"name": "sysmem_high_watermark",
"raw_default": "70%",
"type": {
"kind": "primitive",
"name": "emqx_schema:percent()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5%\"",
"oneliner": true
},
"desc": "The threshold, as percentage of system memory,\n for how much system memory can be allocated by one Erlang process before\n the corresponding alarm is raised.",
"name": "procmem_high_watermark",
"raw_default": "5%",
"type": {
"kind": "primitive",
"name": "emqx_schema:percent()"
}
}
],
"full_name": "broker:sysmon_os",
"paths": [
"sysmon.os"
],
"tags": [
"EMQX"
]
},
{
"desc": "This part of the configuration is responsible for monitoring\n the Erlang processes in the VM. This information can be sent to an external\n PostgreSQL database. This feature is inactive unless the PostgreSQL sink is configured.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "The number of top processes per monitoring group",
"name": "num_items",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"2s\"",
"oneliner": true
},
"desc": "Specifies how often process top should be collected",
"name": "sample_interval",
"raw_default": "2s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000000",
"oneliner": true
},
"desc": "Stop collecting data when the number of processes\nin the VM exceeds this value",
"name": "max_procs",
"raw_default": 1000000,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "Hostname of the PostgreSQL database that collects the data points",
"name": "db_hostname",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "5432",
"oneliner": true
},
"desc": "Port of the PostgreSQL database that collects the data points.",
"name": "db_port",
"raw_default": 5432,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"system_monitor\"",
"oneliner": true
},
"desc": "Username of the PostgreSQL database",
"name": "db_username",
"raw_default": "system_monitor",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"system_monitor_password\"",
"oneliner": true
},
"desc": "EMQX user password in the PostgreSQL database",
"name": "db_password",
"raw_default": "system_monitor_password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"postgres\"",
"oneliner": true
},
"desc": "PostgreSQL database name",
"name": "db_name",
"raw_default": "postgres",
"type": {
"kind": "primitive",
"name": "string()"
}
}
],
"full_name": "broker:sysmon_top",
"paths": [
"sysmon.top"
],
"tags": [
"EMQX"
]
},
{
"desc": "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The time interval for the periodic process limit check.",
"name": "process_check_interval",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"80%\"",
"oneliner": true
},
"desc": "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is raised.",
"name": "process_high_watermark",
"raw_default": "80%",
"type": {
"kind": "primitive",
"name": "emqx_schema:percent()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60%\"",
"oneliner": true
},
"desc": "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is cleared.",
"name": "process_low_watermark",
"raw_default": "60%",
"type": {
"kind": "primitive",
"name": "emqx_schema:percent()"
}
},
{
"aliases": [],
"default": {
"hocon": "disabled",
"oneliner": true
},
"desc": "When an Erlang process spends long time to perform garbage collection, a warning level <code>long_gc</code> log is emitted,\nand an MQTT message is published to the system topic <code>$SYS/sysmon/long_gc</code>.",
"name": "long_gc",
"raw_default": "disabled",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"240ms\"",
"oneliner": true
},
"desc": "When the Erlang VM detect a task scheduled for too long, a warning level 'long_schedule' log is emitted,\nand an MQTT message is published to the system topic <code>$SYS/sysmon/long_schedule</code>.",
"name": "long_schedule",
"raw_default": "240ms",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"32MB\"",
"oneliner": true
},
"desc": "When an Erlang process consumed a large amount of memory for its heap space,\nthe system will write a warning level <code>large_heap</code> log, and an MQTT message is published to\nthe system topic <code>$SYS/sysmon/large_heap</code>.",
"name": "large_heap",
"raw_default": "32MB",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "When the RPC connection used to communicate with other nodes in the cluster is overloaded,\nthere will be a <code>busy_dist_port</code> warning log,\nand an MQTT message is published to system topic <code>$SYS/sysmon/busy_dist_port</code>.",
"name": "busy_dist_port",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "When a port (e.g. TCP socket) is overloaded, there will be a <code>busy_port</code> warning log,\nand an MQTT message is published to the system topic <code>$SYS/sysmon/busy_port</code>.",
"name": "busy_port",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:sysmon_vm",
"paths": [
"sysmon.vm"
],
"tags": [
"EMQX"
]
},
{
"desc": "TCP listener options.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Specify the {active, N} option for this Socket.<br/>\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
"name": "active_n",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
"name": "backlog",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "The TCP send timeout for the connections.",
"name": "send_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Close the connection if send timeout.",
"name": "send_timeout_close",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The TCP receive buffer (OS kernel) for the connections.",
"examples": [
"2KB"
],
"name": "recbuf",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"desc": "The TCP send buffer (OS kernel) for the connections.",
"examples": [
"4KB"
],
"name": "sndbuf",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"4KB\"",
"oneliner": true
},
"desc": "The size of the user-space buffer used by the driver.",
"examples": [
"4KB"
],
"name": "buffer",
"raw_default": "4KB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1MB\"",
"oneliner": true
},
"desc": "The socket is set to a busy state when the amount of data queued internally\nby the VM socket implementation reaches this limit.",
"name": "high_watermark",
"raw_default": "1MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "The TCP_NODELAY flag for the connections.",
"name": "nodelay",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "The SO_REUSEADDR flag for the connections.",
"name": "reuseaddr",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "broker:tcp_opts",
"paths": [
"gateway.exproto.listeners.ssl.$name.tcp_options",
"gateway.exproto.listeners.tcp.$name.tcp_options",
"gateway.stomp.listeners.ssl.$name.tcp_options",
"gateway.stomp.listeners.tcp.$name.tcp_options",
"listeners.ssl.$name.tcp_options",
"listeners.tcp.$name.tcp_options",
"listeners.ws.$name.tcp_options",
"listeners.wss.$name.tcp_options"
],
"tags": [
"EMQX"
]
},
{
"desc": "Real-time filtering logs for the ClientID or Topic or IP for debugging.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "text",
"oneliner": true
},
"desc": "Determine the format of the payload format in the trace file.<br/>\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.<br/>\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.<br/>\n`hidden`: payload is obfuscated as `******`",
"name": "payload_encode",
"raw_default": "text",
"type": {
"kind": "enum",
"symbols": [
"hex",
"text",
"hidden"
]
}
}
],
"full_name": "broker:trace",
"paths": [
"trace"
],
"tags": [
"EMQX"
]
},
{
"desc": "WebSocket listener options.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"/mqtt\"",
"oneliner": true
},
"desc": "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\n<code>ws://{ip}:{port}/mqtt</code>",
"name": "mqtt_path",
"raw_default": "/mqtt",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "multiple",
"oneliner": true
},
"desc": "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
"name": "mqtt_piggyback",
"raw_default": "multiple",
"type": {
"kind": "enum",
"symbols": [
"single",
"multiple"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "If <code>true</code>, compress WebSocket messages using <code>zlib</code>.<br/>\nThe configuration items under <code>deflate_opts</code> belong to the compression-related parameter configuration.",
"name": "compress",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"7200s\"",
"oneliner": true
},
"desc": "Close transport-layer connections from the clients that have not sent MQTT CONNECT message within this interval.",
"name": "idle_timeout",
"raw_default": "7200s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "infinity",
"oneliner": true
},
"desc": "The maximum length of a single MQTT packet.",
"name": "max_frame_size",
"raw_default": "infinity",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "If <code>true</code>, the server will return an error when\n the client does not carry the <code>Sec-WebSocket-Protocol</code> field.\n <br/>Note: WeChat applet needs to disable this verification.",
"name": "fail_if_no_subprotocol",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\"",
"oneliner": true
},
"desc": "Comma-separated list of supported subprotocols.",
"name": "supported_subprotocols",
"raw_default": "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5",
"type": {
"kind": "primitive",
"name": "emqx_schema:comma_separated_list()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "If <code>true</code>, <code>origin</code> HTTP header will be\n validated against the list of allowed origins configured in <code>check_origins</code>\n parameter.",
"name": "check_origin_enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "If <code>false</code> and <code>check_origin_enable</code> is\n <code>true</code>, the server will reject requests that don't have <code>origin</code>\n HTTP header.",
"name": "allow_origin_absence",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"http://localhost:18083, http://127.0.0.1:18083\"",
"oneliner": true
},
"desc": "List of allowed origins.<br/>See <code>check_origin_enable</code>.",
"name": "check_origins",
"raw_default": "http://localhost:18083, http://127.0.0.1:18083",
"type": {
"kind": "primitive",
"name": "emqx_schema:comma_separated_binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"x-forwarded-for\"",
"oneliner": true
},
"desc": "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.",
"name": "proxy_address_header",
"raw_default": "x-forwarded-for",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"x-forwarded-port\"",
"oneliner": true
},
"desc": "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.",
"name": "proxy_port_header",
"raw_default": "x-forwarded-port",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"name": "deflate_opts",
"type": {
"kind": "struct",
"name": "broker:deflate_opts"
}
}
],
"full_name": "broker:ws_opts",
"paths": [
"listeners.ws.$name.websocket",
"listeners.wss.$name.websocket"
],
"tags": [
"EMQX"
]
},
{
"desc": "A `Zone` defines a set of configuration items (such as the maximum number of connections) that can be shared between multiple listeners.\n\n`Listener` can refer to a `Zone` through the configuration item <code>listener.\\<Protocol>.\\<Listener Name>.zone</code>.\n\nThe configs defined in the zones will override the global configs with the same key.\n\nFor example, given the following config:\n```\na {\n b: 1, c: 1\n}\nzone.my_zone {\n a {\n b:2\n }\n}\n```\n\nThe global config `a` is overridden by the configs `a` inside the zone `my_zone`.\n\nIf there is a listener using the zone `my_zone`, the value of config `a` will be: `{b:2, c: 1}`.\nNote that although the default value of `a.c` is `0`, the global value is used, i.e. configs in the zone have no default values. To override `a.c` one must configure it explicitly in the zone.\n\nAll the global configs that can be overridden in zones are:\n - `stats.*`\n - `mqtt.*`\n - `authorization.*`\n - `flapping_detect.*`\n - `force_shutdown.*`\n - `conn_congestion.*`\n - `force_gc.*`\n\n",
"fields": [
{
"aliases": [],
"name": "mqtt",
"type": {
"kind": "struct",
"name": "zone:mqtt"
}
},
{
"aliases": [],
"name": "stats",
"type": {
"kind": "struct",
"name": "zone:stats"
}
},
{
"aliases": [],
"name": "flapping_detect",
"type": {
"kind": "struct",
"name": "zone:flapping_detect"
}
},
{
"aliases": [],
"name": "force_shutdown",
"type": {
"kind": "struct",
"name": "zone:force_shutdown"
}
},
{
"aliases": [],
"name": "conn_congestion",
"type": {
"kind": "struct",
"name": "zone:conn_congestion"
}
},
{
"aliases": [],
"name": "force_gc",
"type": {
"kind": "struct",
"name": "zone:force_gc"
}
},
{
"aliases": [],
"name": "overload_protection",
"type": {
"kind": "struct",
"name": "zone:overload_protection"
}
}
],
"full_name": "broker:zone",
"paths": [
"zones.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Configuration for EMQX dashboard.",
"fields": [
{
"aliases": [],
"desc": "HTTP(s) listeners are identified by their protocol type and are\nused to serve dashboard UI and restful HTTP API.\nListeners must have a unique combination of port number and IP address.\nFor example, an HTTP listener can listen on all configured IP addresses\non a given port for a machine by specifying the IP address 0.0.0.0.\nAlternatively, the HTTP listener can specify a unique IP address for each listener,\nbut use the same port.",
"name": "listeners",
"type": {
"kind": "struct",
"name": "dashboard:listeners"
}
},
{
"aliases": [],
"default": {
"hocon": "\"admin\"",
"oneliner": true
},
"desc": "The default username of the automatically created dashboard user.",
"name": "default_username",
"raw_default": "admin",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"public\"",
"oneliner": true
},
"desc": "The initial default password for dashboard 'admin' user.\nFor safety, it should be changed as soon as possible.\nThis value is not valid when you log in to Dashboard for the first time via the web\nand change to a complex password as prompted.",
"name": "default_password",
"raw_default": "public",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"10s\"",
"oneliner": true
},
"desc": "How often to update metrics displayed in the dashboard.\nNote: `sample_interval` should be a divisor of 60, default is 10s.",
"name": "sample_interval",
"raw_default": "10s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_s()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60m\"",
"oneliner": true
},
"desc": "JWT token expiration time. Default is 60 minutes",
"name": "token_expired_time",
"raw_default": "60m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Support Cross-Origin Resource Sharing (CORS).\nAllows a server to indicate any origins (domain, scheme, or port) other than\nits own from which a browser should permit loading resources.",
"name": "cors",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "en",
"oneliner": true
},
"desc": "Internationalization language support.",
"name": "i18n_lang",
"raw_default": "en",
"type": {
"kind": "enum",
"symbols": [
"en",
"zh"
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "Deprecated, use api_key.bootstrap_file.",
"name": "bootstrap_users_file",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "dashboard",
"paths": [
"dashboard"
],
"tags": []
},
{
"desc": "Configuration for the dashboard listener (plaintext).",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Ignore or enable this listener",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "18083",
"oneliner": true
},
"desc": "Port without IP(18083) or port with specified IP(127.0.0.1:18083).",
"examples": [
[
48,
46,
48,
46,
48,
46,
48,
58,
49,
56,
48,
56,
51
]
],
"name": "bind",
"raw_default": 18083,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "non_neg_integer()"
},
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "20",
"oneliner": true
},
"desc": "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online",
"name": "num_acceptors",
"raw_default": 20,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "512",
"oneliner": true
},
"desc": "Maximum number of simultaneous connections.",
"name": "max_connections",
"raw_default": 512,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "Defines the maximum length that the queue of pending connections can grow to.",
"name": "backlog",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"10s\"",
"oneliner": true
},
"desc": "Send timeout for the socket.",
"name": "send_timeout",
"raw_default": "10s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable IPv6 support, default is false, which means IPv4 only.",
"name": "inet6",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.",
"name": "ipv6_v6only",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.",
"name": "proxy_header",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "dashboard:http",
"paths": [
"dashboard.listeners.http"
],
"tags": []
},
{
"desc": "Configuration for the dashboard listener (TLS).",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Ignore or enable this listener",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "18084",
"oneliner": true
},
"desc": "Port without IP(18083) or port with specified IP(127.0.0.1:18083).",
"examples": [
[
48,
46,
48,
46,
48,
46,
48,
58,
49,
56,
48,
56,
52
]
],
"name": "bind",
"raw_default": 18084,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "non_neg_integer()"
},
{
"kind": "primitive",
"name": "emqx_schema:ip_port()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "20",
"oneliner": true
},
"desc": "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online",
"name": "num_acceptors",
"raw_default": 20,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "512",
"oneliner": true
},
"desc": "Maximum number of simultaneous connections.",
"name": "max_connections",
"raw_default": 512,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "Defines the maximum length that the queue of pending connections can grow to.",
"name": "backlog",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"10s\"",
"oneliner": true
},
"desc": "Send timeout for the socket.",
"name": "send_timeout",
"raw_default": "10s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable IPv6 support, default is false, which means IPv4 only.",
"name": "inet6",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.",
"name": "ipv6_v6only",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.",
"name": "proxy_header",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[tlsv1.3, tlsv1.2, tlsv1.1, tlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"tlsv1.3",
"tlsv1.2",
"tlsv1.1",
"tlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx_tls_psk:lookup\"",
"oneliner": true
},
"desc": "EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.",
"name": "user_lookup_fun",
"raw_default": "emqx_tls_psk:lookup",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.<br/>\nNOTE: The <code>dhfile</code> option is not supported by TLS 1.3.",
"name": "dhfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "An important security setting, it forces the cipher to be set based\n on the server-specified order instead of the client-specified order,\n hence enforcing the (usually more properly configured) security\n ordering of the server administrator.",
"name": "honor_cipher_order",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.",
"name": "client_renegotiation",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Maximum time duration allowed for the handshake to complete",
"name": "handshake_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "dashboard:https",
"paths": [
"dashboard.listeners.https"
],
"tags": []
},
{
"desc": "Configuration for the dashboard listener.",
"fields": [
{
"aliases": [],
"desc": "TCP listeners",
"name": "http",
"type": {
"kind": "struct",
"name": "dashboard:http"
}
},
{
"aliases": [],
"desc": "SSL listeners",
"name": "https",
"type": {
"kind": "struct",
"name": "dashboard:https"
}
}
],
"full_name": "dashboard:listeners",
"paths": [
"dashboard.listeners"
],
"tags": []
},
{
"desc": "External hook (exhook) configuration.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "List of exhook servers",
"name": "servers",
"raw_default": [],
"type": {
"elements": {
"kind": "struct",
"name": "exhook:server"
},
"kind": "array"
}
}
],
"full_name": "exhook",
"paths": [
"exhook"
],
"tags": []
},
{
"desc": "gRPC server configuration.",
"fields": [
{
"aliases": [],
"desc": "Name of the exhook server",
"examples": [
"default"
],
"name": "name",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable this Exhook server",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "URL of the gRPC server",
"examples": [
"http://127.0.0.1:9000"
],
"name": "url",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "The timeout of request gRPC server",
"name": "request_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "deny",
"oneliner": true
},
"desc": "The value that is returned when the request to the gRPC server fails for any reason",
"name": "failed_action",
"raw_default": "deny",
"type": {
"kind": "enum",
"symbols": [
"deny",
"ignore"
]
}
},
{
"aliases": [],
"name": "ssl",
"type": {
"kind": "struct",
"name": "exhook:ssl_conf"
}
},
{
"aliases": [],
"default": {
"hocon": "{keepalive = true, nodelay = true}",
"oneliner": true
},
"name": "socket_options",
"raw_default": {
"keepalive": true,
"nodelay": true
},
"type": {
"kind": "struct",
"name": "exhook:socket_options"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60s\"",
"oneliner": true
},
"desc": "Whether to automatically reconnect (initialize) the gRPC server.\nWhen gRPC is not available, Exhook tries to request the gRPC service at that interval and reinitialize the list of mounted hooks.",
"name": "auto_reconnect",
"raw_default": "60s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "false"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "The process pool size for gRPC client",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
}
],
"full_name": "exhook:server",
"paths": [
"exhook.servers.$INDEX"
],
"tags": []
},
{
"desc": "Connection socket options",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enables/disables periodic transmission on a connected socket when no other data is exchanged.\nIf the other end does not respond, the connection is considered broken and an error message is sent to the controlling process.",
"name": "keepalive",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "If true, option TCP_NODELAY is turned on for the socket,\nwhich means that also small amounts of data are sent immediately",
"name": "nodelay",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The minimum size of receive buffer to use for the socket",
"examples": [
"64KB"
],
"name": "recbuf",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"desc": "The minimum size of send buffer to use for the socket",
"examples": [
"16KB"
],
"name": "sndbuf",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
}
],
"full_name": "exhook:socket_options",
"paths": [
"exhook.servers.$INDEX.socket_options"
],
"tags": []
},
{
"desc": "SSL client configuration.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[tlsv1.3, tlsv1.2, tlsv1.1, tlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"tlsv1.3",
"tlsv1.2",
"tlsv1.1",
"tlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable TLS.",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Specify the host name to be used in TLS Server Name Indication extension.<br/>\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records <br/>\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP addressed used.<br/>\nThe host name is then also used in the host name verification of the peer\ncertificate.<br/> The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
"examples": [
"disable"
],
"name": "server_name_indication",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disable"
},
{
"kind": "primitive",
"name": "string()"
}
]
}
}
],
"full_name": "exhook:ssl_conf",
"paths": [
"exhook.servers.$INDEX.ssl"
],
"tags": []
},
{
"desc": "ClientInfo override.",
"fields": [
{
"aliases": [],
"desc": "Template for overriding username.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Template for overriding password.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Template for overriding clientid.",
"name": "clientid",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "gateway:clientinfo_override",
"paths": [
"gateway.coap.clientinfo_override",
"gateway.exproto.clientinfo_override",
"gateway.lwm2m.clientinfo_override",
"gateway.mqttsn.clientinfo_override",
"gateway.stomp.clientinfo_override"
],
"tags": [
"Gateway"
]
},
{
"desc": "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The gateway server required minimum heartbeat interval.\nWhen connection mode is enabled, this parameter is used to set the minimum heartbeat interval for the connection to be alive",
"name": "heartbeat",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable or disable connection mode.\nConnection mode is a feature of non-standard protocols. When connection mode is enabled, it is necessary to maintain the creation, authentication and alive of connection resources",
"name": "connection_required",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "qos",
"oneliner": true
},
"desc": "The Notification Message will be delivered to the CoAP client if a new message received on an observed topic.\nThe type of delivered coap message can be set to:<br/>\n - non: Non-confirmable;<br/>\n - con: Confirmable;<br/>\n - qos: Mapping from QoS type of received message, QoS0 -> non, QoS1,2 -> con",
"name": "notify_type",
"raw_default": "qos",
"type": {
"kind": "enum",
"symbols": [
"non",
"con",
"qos"
]
}
},
{
"aliases": [],
"default": {
"hocon": "coap",
"oneliner": true
},
"desc": "The Default QoS Level indicator for subscribe request.\nThis option specifies the QoS level for the CoAP Client when establishing a subscription membership, if the subscribe request is not carried `qos` option. The indicator can be set to:<br/>\n - qos0, qos1, qos2: Fixed default QoS level<br/>\n - coap: Dynamic QoS level by the message type of subscribe request<br/>\n * qos0: If the subscribe request is non-confirmable<br/>\n * qos1: If the subscribe request is confirmable",
"name": "subscribe_qos",
"raw_default": "coap",
"type": {
"kind": "enum",
"symbols": [
"qos0",
"qos1",
"qos2",
"coap"
]
}
},
{
"aliases": [],
"default": {
"hocon": "coap",
"oneliner": true
},
"desc": "The Default QoS Level indicator for publish request.\nThis option specifies the QoS level for the CoAP Client when publishing a message to EMQX PUB/SUB system, if the publish request is not carried `qos` option. The indicator can be set to:<br/>\n - qos0, qos1, qos2: Fixed default QoS level<br/>\n - coap: Dynamic QoS level by the message type of publish request<br/>\n * qos0: If the publish request is non-confirmable<br/>\n * qos1: If the publish request is confirmable",
"name": "publish_qos",
"raw_default": "coap",
"type": {
"kind": "enum",
"symbols": [
"qos0",
"qos1",
"qos2",
"coap"
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Settings for the UDP listeners.",
"name": "listeners",
"type": {
"kind": "struct",
"name": "gateway:udp_listeners"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable this gateway",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable client process statistic",
"name": "enable_stats",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.",
"name": "idle_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"desc": "ClientInfo override.",
"name": "clientinfo_override",
"type": {
"kind": "struct",
"name": "gateway:clientinfo_override"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
}
],
"full_name": "gateway:coap",
"paths": [
"gateway.coap"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the DTLS listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "Size of the acceptor pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"name": "udp_options",
"type": {
"kind": "struct",
"name": "gateway:udp_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable the listener.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IP address and port that the listener will bind.",
"name": "bind",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_gateway_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "Maximum number of concurrent connections.",
"name": "max_connections",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "Maximum connections per second.",
"name": "max_conn_rate",
"raw_default": 1000,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener. \nWhen set to <code>false</code> clients will be allowed to connect without authentication.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nVariables in mountpoint string:<br/>\n - <code>${clientid}</code>: clientid<br/>\n - <code>${username}</code>: username",
"name": "mountpoint",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "The access control rules for this listener.\nSee: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"desc": "DTLS socket options",
"name": "dtls_options",
"type": {
"kind": "struct",
"name": "gateway:dtls_opts"
}
}
],
"full_name": "gateway:dtls_listener",
"paths": [
"gateway.coap.listeners.dtls.$name",
"gateway.exproto.listeners.dtls.$name",
"gateway.lwm2m.listeners.dtls.$name",
"gateway.mqttsn.listeners.dtls.$name"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the DTLS protocol.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[dtlsv1.2, dtlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"dtlsv1.2",
"dtlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx_tls_psk:lookup\"",
"oneliner": true
},
"desc": "EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.",
"name": "user_lookup_fun",
"raw_default": "emqx_tls_psk:lookup",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.<br/>\nNOTE: The <code>dhfile</code> option is not supported by TLS 1.3.",
"name": "dhfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Used together with {verify, verify_peer} by an TLS/DTLS server.\nIf set to true, the server fails if the client does not have a\ncertificate to send, that is, sends an empty certificate.\nIf set to false, it fails only if the client sends an invalid\ncertificate (an empty certificate is considered valid).",
"name": "fail_if_no_peer_cert",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "An important security setting, it forces the cipher to be set based\n on the server-specified order instead of the client-specified order,\n hence enforcing the (usually more properly configured) security\n ordering of the server administrator.",
"name": "honor_cipher_order",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.",
"name": "client_renegotiation",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Maximum time duration allowed for the handshake to complete",
"name": "handshake_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
"name": "gc_after_handshake",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to enable CRL verification for this listener.",
"name": "enable_crl_check",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "gateway:dtls_opts",
"paths": [
"gateway.coap.listeners.dtls.$name.dtls_options",
"gateway.exproto.listeners.dtls.$name.dtls_options",
"gateway.lwm2m.listeners.dtls.$name.dtls_options",
"gateway.mqttsn.listeners.dtls.$name.dtls_options"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for EMQX extension protocol (exproto).",
"fields": [
{
"aliases": [],
"desc": "Configurations for starting the <code>ConnectionAdapter</code> service",
"name": "server",
"type": {
"kind": "struct",
"name": "gateway:exproto_grpc_server"
}
},
{
"aliases": [],
"desc": "Configurations for request to <code>ConnectionHandler</code> service",
"name": "handler",
"type": {
"kind": "struct",
"name": "gateway:exproto_grpc_handler"
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Settings for the listeners.",
"name": "listeners",
"type": {
"kind": "struct",
"name": "gateway:tcp_udp_listeners"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable this gateway",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable client process statistic",
"name": "enable_stats",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.",
"name": "idle_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"desc": "ClientInfo override.",
"name": "clientinfo_override",
"type": {
"kind": "struct",
"name": "gateway:clientinfo_override"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
}
],
"full_name": "gateway:exproto",
"paths": [
"gateway.exproto"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the exproto gRPC connection handler.",
"fields": [
{
"aliases": [],
"desc": "gRPC server address.",
"name": "address",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "SSL configuration for the gRPC client.",
"name": "ssl_options",
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "gateway:exproto_grpc_handler",
"paths": [
"gateway.exproto.handler"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the exproto gRPC server.",
"fields": [
{
"aliases": [],
"desc": "Listening address and port for the gRPC server.",
"name": "bind",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_gateway_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"desc": "SSL configuration for the gRPC server.",
"name": "ssl_options",
"type": {
"kind": "struct",
"name": "gateway:ssl_server_opts"
}
}
],
"full_name": "gateway:exproto_grpc_server",
"paths": [
"gateway.exproto.server"
],
"tags": [
"Gateway"
]
},
{
"desc": "EMQX Gateway configuration root.",
"fields": [
{
"aliases": [],
"desc": "The Stomp Gateway configuration.\nThis gateway supports v1.2/1.1/1.0",
"name": "stomp",
"type": {
"kind": "struct",
"name": "gateway:stomp"
}
},
{
"aliases": [],
"desc": "The MQTT-SN Gateway configuration.\nThis gateway only supports the v1.2 protocol",
"name": "mqttsn",
"type": {
"kind": "struct",
"name": "gateway:mqttsn"
}
},
{
"aliases": [],
"desc": "The CoAP Gateway configuration.\nThis gateway is implemented based on RFC-7252 and https://core-wg.github.io/coap-pubsub/draft-ietf-core-pubsub.html",
"name": "coap",
"type": {
"kind": "struct",
"name": "gateway:coap"
}
},
{
"aliases": [],
"desc": "The LwM2M Gateway configuration. This gateway only supports the v1.0.1 protocol.",
"name": "lwm2m",
"type": {
"kind": "struct",
"name": "gateway:lwm2m"
}
},
{
"aliases": [],
"desc": "The Extension Protocol configuration",
"name": "exproto",
"type": {
"kind": "struct",
"name": "gateway:exproto"
}
}
],
"full_name": "gateway",
"paths": [
"gateway"
],
"tags": [
"Gateway"
]
},
{
"desc": "The LwM2M protocol gateway.",
"fields": [
{
"aliases": [],
"desc": "The Directory for LwM2M Resource definition.",
"examples": [
"/etc/emqx/lwm2m_xml"
],
"name": "xml_dir",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Minimum value of lifetime allowed to be set by the LwM2M client.",
"name": "lifetime_min",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"86400s\"",
"oneliner": true
},
"desc": "Maximum value of lifetime allowed to be set by the LwM2M client.",
"name": "lifetime_max",
"raw_default": "86400s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"22s\"",
"oneliner": true
},
"desc": "The value of the time window during which the network link is considered valid by the LwM2M Gateway in QMode mode.\nFor example, after receiving an update message from a client, any messages within this time window are sent directly to the LwM2M client, and all messages beyond this time window are temporarily stored in memory.",
"name": "qmode_time_window",
"raw_default": "22s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration_s()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Automatically observe the object list of REGISTER packet.",
"name": "auto_observe",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "contains_object_list",
"oneliner": true
},
"desc": "Policy for publishing UPDATE event message.<br/>\n - always: send update events as long as the UPDATE request is received.<br/>\n - contains_object_list: send update events only if the UPDATE request carries any Object List",
"name": "update_msg_publish_condition",
"raw_default": "contains_object_list",
"type": {
"kind": "enum",
"symbols": [
"always",
"contains_object_list"
]
}
},
{
"aliases": [],
"desc": "Topic configuration for LwM2M's gateway publishing and subscription.",
"name": "translators",
"type": {
"kind": "struct",
"name": "gateway:lwm2m_translators"
}
},
{
"aliases": [],
"default": {
"hocon": "\"lwm2m/${endpoint_name}/\"",
"oneliner": true
},
"desc": "",
"name": "mountpoint",
"raw_default": "lwm2m/${endpoint_name}/",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Settings for the UDP listeners.",
"name": "listeners",
"type": {
"kind": "struct",
"name": "gateway:udp_listeners"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable this gateway",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable client process statistic",
"name": "enable_stats",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.",
"name": "idle_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"desc": "ClientInfo override.",
"name": "clientinfo_override",
"type": {
"kind": "struct",
"name": "gateway:clientinfo_override"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
}
],
"full_name": "gateway:lwm2m",
"paths": [
"gateway.lwm2m"
],
"tags": [
"Gateway"
]
},
{
"desc": "MQTT topics that correspond to LwM2M events.",
"fields": [
{
"aliases": [],
"desc": "The topic for receiving downstream commands.\nFor each new LwM2M client that succeeds in going online, the gateway creates a subscription relationship to receive downstream commands and send it to the LwM2M client",
"name": "command",
"type": {
"kind": "struct",
"name": "gateway:translator"
}
},
{
"aliases": [],
"desc": "The topic for gateway to publish the acknowledge events from LwM2M client",
"name": "response",
"type": {
"kind": "struct",
"name": "gateway:translator"
}
},
{
"aliases": [],
"desc": "The topic for gateway to publish the notify events from LwM2M client.\nAfter succeed observe a resource of LwM2M client, Gateway will send the notify events via this topic, if the client reports any resource changes",
"name": "notify",
"type": {
"kind": "struct",
"name": "gateway:translator"
}
},
{
"aliases": [],
"desc": "The topic for gateway to publish the register events from LwM2M client.",
"name": "register",
"type": {
"kind": "struct",
"name": "gateway:translator"
}
},
{
"aliases": [],
"desc": "The topic for gateway to publish the update events from LwM2M client",
"name": "update",
"type": {
"kind": "struct",
"name": "gateway:translator"
}
}
],
"full_name": "gateway:lwm2m_translators",
"paths": [
"gateway.lwm2m.translators"
],
"tags": [
"Gateway"
]
},
{
"desc": "The MQTT-SN (MQTT for Sensor Networks) protocol gateway.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "1",
"oneliner": true
},
"desc": "MQTT-SN Gateway ID.\nWhen the <code>broadcast</code> option is enabled, the gateway will broadcast ADVERTISE message with this value",
"name": "gateway_id",
"raw_default": 1,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to periodically broadcast ADVERTISE messages",
"name": "broadcast",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Allows connectionless clients to publish messages with a Qos of -1.\nThis feature is defined for very simple client implementations which do not support any other features except this one. There is no connection setup nor tear down, no registration nor subscription. The client just sends its 'PUBLISH' messages to a GW",
"name": "enable_qos3",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to initiate all subscribed topic name registration messages to the client after the Session has been taken over by a new channel",
"name": "subs_resume",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "The pre-defined topic IDs and topic names.\nA 'pre-defined' topic ID is a topic ID whose mapping to a topic name is known in advance by both the client's application and the gateway",
"name": "predefined",
"raw_default": [],
"type": {
"elements": {
"kind": "struct",
"name": "gateway:mqttsn_predefined"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Settings for the UDP listeners.",
"name": "listeners",
"type": {
"kind": "struct",
"name": "gateway:udp_listeners"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable this gateway",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable client process statistic",
"name": "enable_stats",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.",
"name": "idle_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"desc": "ClientInfo override.",
"name": "clientinfo_override",
"type": {
"kind": "struct",
"name": "gateway:clientinfo_override"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
}
],
"full_name": "gateway:mqttsn",
"paths": [
"gateway.mqttsn"
],
"tags": [
"Gateway"
]
},
{
"desc": "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved.",
"fields": [
{
"aliases": [],
"desc": "Topic ID. Range: 1-65535",
"name": "id",
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Topic Name",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "gateway:mqttsn_predefined",
"paths": [
"gateway.mqttsn.predefined.$INDEX"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the SSL listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "Size of the acceptor pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Setting the TCP socket options.",
"name": "tcp_options",
"type": {
"kind": "struct",
"name": "broker:tcp_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
"name": "proxy_protocol",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.",
"name": "proxy_protocol_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable the listener.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IP address and port that the listener will bind.",
"name": "bind",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_gateway_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "Maximum number of concurrent connections.",
"name": "max_connections",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "Maximum connections per second.",
"name": "max_conn_rate",
"raw_default": 1000,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener. \nWhen set to <code>false</code> clients will be allowed to connect without authentication.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nVariables in mountpoint string:<br/>\n - <code>${clientid}</code>: clientid<br/>\n - <code>${username}</code>: username",
"name": "mountpoint",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "The access control rules for this listener.\nSee: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"desc": "SSL Socket options.",
"name": "ssl_options",
"type": {
"kind": "struct",
"name": "broker:listener_ssl_opts"
}
}
],
"full_name": "gateway:ssl_listener",
"paths": [
"gateway.exproto.listeners.ssl.$name",
"gateway.stomp.listeners.ssl.$name"
],
"tags": [
"Gateway"
]
},
{
"desc": "SSL configuration for the server.",
"fields": [
{
"aliases": [],
"desc": "Trusted PEM format CA certificates bundle file.<br/>\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).<br/>\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format certificates chain file.<br/>\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "PEM format private key file.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "verify_none",
"oneliner": true
},
"desc": "Enable or disable peer verification.",
"name": "verify",
"raw_default": "verify_none",
"type": {
"kind": "enum",
"symbols": [
"verify_peer",
"verify_none"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable TLS session reuse.",
"name": "reuse_sessions",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;<br/>\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;<br/>\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
"name": "depth",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "String containing the user's password. Only used if the private key file is password-protected.",
"examples": [
""
],
"name": "password",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[tlsv1.3, tlsv1.2, tlsv1.1, tlsv1]",
"oneliner": true
},
"desc": "All TLS/DTLS versions to be supported.<br/>\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.<br/>\nIn case PSK cipher suites are intended, make sure to configure\n<code>['tlsv1.2', 'tlsv1.1']</code> here.",
"name": "versions",
"raw_default": [
"tlsv1.3",
"tlsv1.2",
"tlsv1.1",
"tlsv1"
],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n<code>\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"</code> or\n<code>[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]</code>.\n<br/>\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.<br/>\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS <code>versions</code> ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the <code>versions</code>,\nconfiguring cipher suites for other versions will have no effect.\n<br/>\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config<br/>\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from <code>versions</code>.<br/>\nPSK cipher suites: <code>\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"</code>",
"name": "ciphers",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx_tls_psk:lookup\"",
"oneliner": true
},
"desc": "EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.",
"name": "user_lookup_fun",
"raw_default": "emqx_tls_psk:lookup",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "SSL parameter renegotiation is a feature that allows a client and a server\nto renegotiate the parameters of the SSL connection on the fly.\nRFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,\nyou drop support for the insecure renegotiation, prone to MitM attacks.",
"name": "secure_renegotiate",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": " Hibernate the SSL process after idling for amount of time reducing its memory footprint. ",
"name": "hibernate_after",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.<br/>\nNOTE: The <code>dhfile</code> option is not supported by TLS 1.3.",
"name": "dhfile",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Used together with {verify, verify_peer} by an TLS/DTLS server.\nIf set to true, the server fails if the client does not have a\ncertificate to send, that is, sends an empty certificate.\nIf set to false, it fails only if the client sends an invalid\ncertificate (an empty certificate is considered valid).",
"name": "fail_if_no_peer_cert",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "An important security setting, it forces the cipher to be set based\n on the server-specified order instead of the client-specified order,\n hence enforcing the (usually more properly configured) security\n ordering of the server administrator.",
"name": "honor_cipher_order",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.",
"name": "client_renegotiation",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Maximum time duration allowed for the handshake to complete",
"name": "handshake_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "gateway:ssl_server_opts",
"paths": [
"gateway.exproto.server.ssl_options"
],
"tags": [
"Gateway"
]
},
{
"desc": "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol.",
"fields": [
{
"aliases": [],
"name": "frame",
"type": {
"kind": "struct",
"name": "gateway:stomp_frame"
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "",
"name": "mountpoint",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Settings for the TCP listeners.",
"name": "listeners",
"type": {
"kind": "struct",
"name": "gateway:tcp_listeners"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable this gateway",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to enable client process statistic",
"name": "enable_stats",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.",
"name": "idle_timeout",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"desc": "ClientInfo override.",
"name": "clientinfo_override",
"type": {
"kind": "struct",
"name": "gateway:clientinfo_override"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
}
],
"full_name": "gateway:stomp",
"paths": [
"gateway.stomp"
],
"tags": [
"Gateway"
]
},
{
"desc": "Size limits for the STOMP frames.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "The maximum number of Header",
"name": "max_headers",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "The maximum string length of the Header Value",
"name": "max_headers_length",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "65536",
"oneliner": true
},
"desc": "Maximum number of bytes of Body allowed per Stomp packet",
"name": "max_body_length",
"raw_default": 65536,
"type": {
"kind": "primitive",
"name": "integer()"
}
}
],
"full_name": "gateway:stomp_frame",
"paths": [
"gateway.stomp.frame"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the TCP listener.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "Size of the acceptor pool.",
"name": "acceptors",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Setting the TCP socket options.",
"name": "tcp_options",
"type": {
"kind": "struct",
"name": "broker:tcp_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
"name": "proxy_protocol",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.",
"name": "proxy_protocol_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable the listener.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IP address and port that the listener will bind.",
"name": "bind",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_gateway_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "Maximum number of concurrent connections.",
"name": "max_connections",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "Maximum connections per second.",
"name": "max_conn_rate",
"raw_default": 1000,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener. \nWhen set to <code>false</code> clients will be allowed to connect without authentication.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nVariables in mountpoint string:<br/>\n - <code>${clientid}</code>: clientid<br/>\n - <code>${username}</code>: username",
"name": "mountpoint",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "The access control rules for this listener.\nSee: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
}
],
"full_name": "gateway:tcp_listener",
"paths": [
"gateway.exproto.listeners.tcp.$name",
"gateway.stomp.listeners.tcp.$name"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the TCP listeners.",
"fields": [
{
"aliases": [],
"desc": "",
"name": "tcp",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:tcp_listener"
}
}
},
{
"aliases": [],
"desc": "",
"name": "ssl",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:ssl_listener"
}
}
}
],
"full_name": "gateway:tcp_listeners",
"paths": [
"gateway.stomp.listeners"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the listeners.",
"fields": [
{
"aliases": [],
"desc": "",
"name": "tcp",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:tcp_listener"
}
}
},
{
"aliases": [],
"desc": "",
"name": "ssl",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:ssl_listener"
}
}
},
{
"aliases": [],
"desc": "",
"name": "udp",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:udp_listener"
}
}
},
{
"aliases": [],
"desc": "",
"name": "dtls",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:dtls_listener"
}
}
}
],
"full_name": "gateway:tcp_udp_listeners",
"paths": [
"gateway.exproto.listeners"
],
"tags": [
"Gateway"
]
},
{
"desc": "MQTT topic that corresponds to a particular type of event.",
"fields": [
{
"aliases": [],
"desc": "Topic Name",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "QoS Level",
"name": "qos",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "qos()"
}
}
],
"full_name": "gateway:translator",
"paths": [
"gateway.lwm2m.translators.command",
"gateway.lwm2m.translators.notify",
"gateway.lwm2m.translators.register",
"gateway.lwm2m.translators.response",
"gateway.lwm2m.translators.update"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the UDP listener.",
"fields": [
{
"aliases": [],
"name": "udp_options",
"type": {
"kind": "struct",
"name": "gateway:udp_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable the listener.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IP address and port that the listener will bind.",
"name": "bind",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_gateway_schema:ip_port()"
},
{
"kind": "primitive",
"name": "integer()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "1024",
"oneliner": true
},
"desc": "Maximum number of concurrent connections.",
"name": "max_connections",
"raw_default": 1024,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "1000",
"oneliner": true
},
"desc": "Maximum connections per second.",
"name": "max_conn_rate",
"raw_default": 1000,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Default authentication configs for all the gateway listeners. For per-listener overrides see <code>authentication</code>\n in listener configs",
"examples": {
"jwt": {
"summary": "JWT authentication",
"value": {
"algorithm": "hmac-based",
"mechanism": "jwt",
"secret": "mysecret",
"secret_base64_encoded": false,
"use_jwks": false,
"verify_claims": {
"username": "${username}"
}
}
},
"password_based:built_in_database": {
"summary": "Built-in password_based authentication",
"value": {
"backend": "built_in_database",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"user_id_type": "username"
}
},
"password_based:http": {
"summary": "password_based authentication through external HTTP API",
"value": {
"backend": "http",
"body": {
"password": "${password}",
"username": "${username}"
},
"connect_timeout": 5000,
"enable_pipelining": 100,
"headers": {
"content-type": "application/json"
},
"mechanism": "password_based",
"method": "post",
"pool_size": 8,
"request_timeout": 5000,
"ssl": {
"enable": false
},
"url": "http://127.0.0.1:18083"
}
},
"password_based:mongodb": {
"summary": "password_based authentication with MongoDB backend",
"value": {
"backend": "mongodb",
"collection": "users",
"database": "example",
"filter": {
"username": "${username}"
},
"is_superuser_field": "is_superuser",
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"password_hash_field": "password_hash",
"salt_field": "salt",
"server": "127.0.0.1:27017"
}
},
"password_based:redis": {
"summary": "password_based authentication with Redis backend",
"value": {
"backend": "redis",
"cmd": "HMGET ${username} password_hash salt",
"database": 0,
"mechanism": "password_based",
"password_hash_algorithm": {
"name": "sha256",
"salt_position": "suffix"
},
"redis_type": "single",
"server": "127.0.0.1:6379"
}
}
},
"name": "authentication",
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-builtin_db:authentication"
},
{
"kind": "struct",
"name": "authn-mysql:authentication"
},
{
"kind": "struct",
"name": "authn-postgresql:authentication"
},
{
"kind": "struct",
"name": "authn-mongodb:standalone"
},
{
"kind": "struct",
"name": "authn-mongodb:replica-set"
},
{
"kind": "struct",
"name": "authn-mongodb:sharded-cluster"
},
{
"kind": "struct",
"name": "authn-redis:standalone"
},
{
"kind": "struct",
"name": "authn-redis:cluster"
},
{
"kind": "struct",
"name": "authn-redis:sentinel"
},
{
"kind": "struct",
"name": "authn-http:get"
},
{
"kind": "struct",
"name": "authn-http:post"
},
{
"kind": "struct",
"name": "authn-jwt:hmac-based"
},
{
"kind": "struct",
"name": "authn-jwt:public-key"
},
{
"kind": "struct",
"name": "authn-jwt:jwks"
},
{
"kind": "struct",
"name": "authn-scram-builtin_db:authentication"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set <code>true</code> (default) to enable client authentication on this listener. \nWhen set to <code>false</code> clients will be allowed to connect without authentication.",
"name": "enable_authn",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\<name>.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nVariables in mountpoint string:<br/>\n - <code>${clientid}</code>: clientid<br/>\n - <code>${username}</code>: username",
"name": "mountpoint",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "The access control rules for this listener.\nSee: https://github.com/emqtt/esockd#allowdeny",
"name": "access_rules",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "string()"
},
"kind": "array"
}
}
],
"full_name": "gateway:udp_listener",
"paths": [
"gateway.coap.listeners.udp.$name",
"gateway.exproto.listeners.udp.$name",
"gateway.lwm2m.listeners.udp.$name",
"gateway.mqttsn.listeners.udp.$name"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the UDP listeners.",
"fields": [
{
"aliases": [],
"desc": "",
"name": "udp",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:udp_listener"
}
}
},
{
"aliases": [],
"desc": "",
"name": "dtls",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "gateway:dtls_listener"
}
}
}
],
"full_name": "gateway:udp_listeners",
"paths": [
"gateway.coap.listeners",
"gateway.lwm2m.listeners",
"gateway.mqttsn.listeners"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the UDP sockets.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
"name": "active_n",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Size of the kernel-space receive buffer for the socket.",
"name": "recbuf",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:bytesize()"
}
},
{
"aliases": [],
"desc": "Size of the kernel-space send buffer for the socket.",
"name": "sndbuf",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:bytesize()"
}
},
{
"aliases": [],
"desc": "Size of the user-space buffer for the socket.",
"name": "buffer",
"type": {
"kind": "primitive",
"name": "emqx_gateway_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Allow local reuse of port numbers.",
"name": "reuseaddr",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "gateway:udp_opts",
"paths": [
"gateway.coap.listeners.dtls.$name.udp_options",
"gateway.coap.listeners.udp.$name.udp_options",
"gateway.exproto.listeners.dtls.$name.udp_options",
"gateway.exproto.listeners.udp.$name.udp_options",
"gateway.lwm2m.listeners.dtls.$name.udp_options",
"gateway.lwm2m.listeners.udp.$name.udp_options",
"gateway.mqttsn.listeners.dtls.$name.udp_options",
"gateway.mqttsn.listeners.udp.$name.udp_options"
],
"tags": [
"Gateway"
]
},
{
"desc": "Settings for the bucket.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "Rate for this bucket.",
"name": "rate",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:rate()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The capacity of this token bucket.",
"name": "capacity",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:capacity()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0\"",
"oneliner": true
},
"desc": "The initial number of tokens for this bucket.",
"name": "initial",
"raw_default": "0",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:initial()"
}
}
],
"full_name": "limiter:bucket_infinity",
"paths": [
"listeners.quic.$name.limiter.bytes_in",
"listeners.quic.$name.limiter.message_in",
"listeners.quic.$name.limiter.message_routing",
"listeners.ssl.$name.limiter.bytes_in",
"listeners.ssl.$name.limiter.message_in",
"listeners.ssl.$name.limiter.message_routing",
"listeners.tcp.$name.limiter.bytes_in",
"listeners.tcp.$name.limiter.message_in",
"listeners.tcp.$name.limiter.message_routing",
"listeners.ws.$name.limiter.bytes_in",
"listeners.ws.$name.limiter.message_in",
"listeners.ws.$name.limiter.message_routing",
"listeners.wss.$name.limiter.bytes_in",
"listeners.wss.$name.limiter.message_in",
"listeners.wss.$name.limiter.message_routing"
],
"tags": []
},
{
"desc": "Settings for the bucket.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"1000/s\"",
"oneliner": true
},
"desc": "Rate for this bucket.",
"name": "rate",
"raw_default": "1000/s",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:rate()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1000\"",
"oneliner": true
},
"desc": "The capacity of this token bucket.",
"name": "capacity",
"raw_default": "1000",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:capacity()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0\"",
"oneliner": true
},
"desc": "The initial number of tokens for this bucket.",
"name": "initial",
"raw_default": "0",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:initial()"
}
}
],
"full_name": "limiter:bucket_limit",
"paths": [
"listeners.quic.$name.limiter.connection",
"listeners.ssl.$name.limiter.connection",
"listeners.tcp.$name.limiter.connection",
"listeners.ws.$name.limiter.connection",
"listeners.wss.$name.limiter.connection"
],
"tags": []
},
{
"desc": "Fields of the client level.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The bytes_in limiter.\nThis is used to limit the inbound bytes rate for this EMQX node.\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "bytes_in",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The message in limiter.\nThis is used to limit the inbound message numbers for this EMQX node\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "message_in",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The connection limiter.\nThis is used to limit the connection rate for this EMQX node.\nOnce the limit is reached, new connections will be refused",
"name": "connection",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The message routing limiter.\nThis is used to limit the forwarding rate for this EMQX node.\nOnce the limit is reached, new publish will be refused",
"name": "message_routing",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Limiter for EMQX internal app.",
"name": "internal",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
}
],
"full_name": "limiter:client_fields",
"paths": [
"limiter.client"
],
"tags": []
},
{
"desc": "Settings for the client in bucket level.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "Rate for this bucket.",
"name": "rate",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:rate()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0\"",
"oneliner": true
},
"desc": "The initial number of tokens for this bucket.",
"name": "initial",
"raw_default": "0",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:initial()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0\"",
"oneliner": true
},
"desc": "If the remaining tokens are lower than this value,\nthe check/consume will succeed, but it will be forced to wait for a short period of time.",
"name": "low_watermark",
"raw_default": "0",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:initial()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The capacity of per user.",
"name": "capacity",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:capacity()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Is it possible to split the number of requested tokens?",
"name": "divisible",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"10s\"",
"oneliner": true
},
"desc": "The maximum retry time when acquire failed.",
"name": "max_retry_time",
"raw_default": "10s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "force",
"oneliner": true
},
"desc": "The strategy when all the retries failed.",
"name": "failure_strategy",
"raw_default": "force",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:failure_strategy()"
}
}
],
"full_name": "limiter:client_opts",
"paths": [
"limiter.client.bytes_in",
"limiter.client.connection",
"limiter.client.internal",
"limiter.client.message_in",
"limiter.client.message_routing",
"listeners.quic.$name.limiter.client.bytes_in",
"listeners.quic.$name.limiter.client.connection",
"listeners.quic.$name.limiter.client.message_in",
"listeners.quic.$name.limiter.client.message_routing",
"listeners.ssl.$name.limiter.client.bytes_in",
"listeners.ssl.$name.limiter.client.connection",
"listeners.ssl.$name.limiter.client.message_in",
"listeners.ssl.$name.limiter.client.message_routing",
"listeners.tcp.$name.limiter.client.bytes_in",
"listeners.tcp.$name.limiter.client.connection",
"listeners.tcp.$name.limiter.client.message_in",
"listeners.tcp.$name.limiter.client.message_routing",
"listeners.ws.$name.limiter.client.bytes_in",
"listeners.ws.$name.limiter.client.connection",
"listeners.ws.$name.limiter.client.message_in",
"listeners.ws.$name.limiter.client.message_routing",
"listeners.wss.$name.limiter.client.bytes_in",
"listeners.wss.$name.limiter.client.connection",
"listeners.wss.$name.limiter.client.message_in",
"listeners.wss.$name.limiter.client.message_routing",
"retainer.flow_control.batch_deliver_limiter.client"
],
"tags": []
},
{
"desc": "Internal limiter.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "Rate for this bucket.",
"name": "rate",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:rate()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "The capacity of this token bucket.",
"name": "capacity",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:capacity()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0\"",
"oneliner": true
},
"desc": "The initial number of tokens for this bucket.",
"name": "initial",
"raw_default": "0",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:initial()"
}
},
{
"aliases": [],
"desc": "The rate limit for each user of the bucket",
"name": "client",
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
}
],
"full_name": "limiter:internal",
"paths": [
"retainer.flow_control.batch_deliver_limiter"
],
"tags": []
},
{
"desc": "Settings for the rate limiter.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The bytes_in limiter.\nThis is used to limit the inbound bytes rate for this EMQX node.\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "bytes_in",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:node_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The message in limiter.\nThis is used to limit the inbound message numbers for this EMQX node\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "message_in",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:node_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The connection limiter.\nThis is used to limit the connection rate for this EMQX node.\nOnce the limit is reached, new connections will be refused",
"name": "connection",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:node_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The message routing limiter.\nThis is used to limit the forwarding rate for this EMQX node.\nOnce the limit is reached, new publish will be refused",
"name": "message_routing",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:node_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Limiter for EMQX internal app.",
"name": "internal",
"raw_default": {},
"type": {
"kind": "struct",
"name": "limiter:node_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "{\n bytes_in {}\n connection {}\n internal {}\n message_in {}\n message_routing {}\n}\n",
"oneliner": false
},
"desc": "The rate limit for each user of the bucket",
"name": "client",
"raw_default": {
"bytes_in": {},
"connection": {},
"internal": {},
"message_in": {},
"message_routing": {}
},
"type": {
"kind": "struct",
"name": "limiter:client_fields"
}
}
],
"full_name": "limiter",
"paths": [
"limiter"
],
"tags": []
},
{
"desc": "Fields of the client level of the listener.",
"fields": [
{
"aliases": [],
"desc": "The bytes_in limiter.\nThis is used to limit the inbound bytes rate for this EMQX node.\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "bytes_in",
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"desc": "The message in limiter.\nThis is used to limit the inbound message numbers for this EMQX node\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "message_in",
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"desc": "The connection limiter.\nThis is used to limit the connection rate for this EMQX node.\nOnce the limit is reached, new connections will be refused",
"name": "connection",
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
},
{
"aliases": [],
"desc": "The message routing limiter.\nThis is used to limit the forwarding rate for this EMQX node.\nOnce the limit is reached, new publish will be refused",
"name": "message_routing",
"type": {
"kind": "struct",
"name": "limiter:client_opts"
}
}
],
"full_name": "limiter:listener_client_fields",
"paths": [
"listeners.quic.$name.limiter.client",
"listeners.ssl.$name.limiter.client",
"listeners.tcp.$name.limiter.client",
"listeners.ws.$name.limiter.client",
"listeners.wss.$name.limiter.client"
],
"tags": []
},
{
"desc": "Fields of the listener.",
"fields": [
{
"aliases": [],
"desc": "The bytes_in limiter.\nThis is used to limit the inbound bytes rate for this EMQX node.\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "bytes_in",
"type": {
"kind": "struct",
"name": "limiter:bucket_infinity"
}
},
{
"aliases": [],
"desc": "The message in limiter.\nThis is used to limit the inbound message numbers for this EMQX node\nOnce the limit is reached, the restricted client will be slow down even be hung for a while.",
"name": "message_in",
"type": {
"kind": "struct",
"name": "limiter:bucket_infinity"
}
},
{
"aliases": [],
"desc": "The connection limiter.\nThis is used to limit the connection rate for this EMQX node.\nOnce the limit is reached, new connections will be refused",
"name": "connection",
"type": {
"kind": "struct",
"name": "limiter:bucket_limit"
}
},
{
"aliases": [],
"desc": "The message routing limiter.\nThis is used to limit the forwarding rate for this EMQX node.\nOnce the limit is reached, new publish will be refused",
"name": "message_routing",
"type": {
"kind": "struct",
"name": "limiter:bucket_infinity"
}
},
{
"aliases": [],
"desc": "The rate limit for each user of the bucket",
"name": "client",
"type": {
"kind": "struct",
"name": "limiter:listener_client_fields"
}
}
],
"full_name": "limiter:listener_fields",
"paths": [
"listeners.quic.$name.limiter",
"listeners.ssl.$name.limiter",
"listeners.tcp.$name.limiter",
"listeners.ws.$name.limiter",
"listeners.wss.$name.limiter"
],
"tags": []
},
{
"desc": "Settings for the limiter of the node level.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"infinity\"",
"oneliner": true
},
"desc": "Rate for this bucket.",
"name": "rate",
"raw_default": "infinity",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:rate()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0\"",
"oneliner": true
},
"desc": "The burst, This value is based on rate.<br/>\n This value + rate = the maximum limit that can be achieved when limiter burst.",
"name": "burst",
"raw_default": "0",
"type": {
"kind": "primitive",
"name": "emqx_limiter_schema:burst_rate()"
}
}
],
"full_name": "limiter:node_opts",
"paths": [
"limiter.bytes_in",
"limiter.connection",
"limiter.internal",
"limiter.message_in",
"limiter.message_routing"
],
"tags": []
},
{
"desc": "Settings for the delayed module.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable this feature",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Maximum number of delayed messages (0 is no limit).",
"name": "max_delayed_messages",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "integer()"
}
}
],
"full_name": "modules:delayed",
"paths": [
"delayed"
],
"tags": []
},
{
"desc": "The topic rewriting function of EMQX supports rewriting topic A to topic B when the client subscribes to topics, publishes messages, and cancels subscriptions according to user-configured rules.\nEach rewrite rule consists of three parts: subject filter, regular expression, and target expression.\nUnder the premise that the subject rewriting function is enabled, when EMQX receives a subject-based MQTT message such as a `PUBLISH` message,\nit will use the subject of the message to sequentially match the subject filter part of the rule in the configuration file. If the match is successful,\nthe regular expression is used to extract the information in the subject, and then replaced with the target expression to form a new subject.\nVariables in the format of `$N` can be used in the target expression to match the elements extracted from the regular expression.\nThe value of `$N` is the Nth element extracted from the regular expression. For example, `$1` is the regular expression. The first element extracted by the expression.\nIt should be noted that EMQX uses reverse order to read the rewrite rules in the configuration file.\nWhen a topic can match the topic filter of multiple topic rewrite rules at the same time, EMQX will only use the first rule it matches. Rewrite.\nIf the regular expression in this rule does not match the subject of the MQTT message, the rewriting will fail, and no other rules will be attempted for rewriting.\nTherefore, users need to carefully design MQTT message topics and topic rewriting rules when using them.",
"fields": [
{
"aliases": [],
"desc": "Topic rewriting takes effect on the type of operation:\n - `subscribe`: Rewrite topic when client do subscribe.\n - `publish`: Rewrite topic when client do publish.\n - `all`: Both",
"examples": [
"publish"
],
"name": "action",
"type": {
"kind": "enum",
"symbols": [
"subscribe",
"publish",
"all"
]
}
},
{
"aliases": [],
"desc": "Source topic, specified by the client.",
"examples": [
[
120,
47,
35
]
],
"name": "source_topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Destination topic.",
"examples": [
[
122,
47,
121,
47,
36,
49
]
],
"name": "dest_topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Regular expressions",
"examples": [
[
94,
120,
47,
121,
47,
40,
46,
43,
41,
36
]
],
"name": "re",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "modules:rewrite",
"paths": [
"rewrite.$INDEX"
],
"tags": []
},
{
"desc": "Settings for the telemetry module.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable telemetry.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "modules:telemetry",
"paths": [
"telemetry"
],
"tags": []
},
{
"desc": "",
"fields": [
{
"aliases": [],
"desc": "Collect metrics for the topic.",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "modules:topic_metrics",
"paths": [
"topic_metrics.$INDEX"
],
"tags": []
},
{
"desc": "Configuration for a built-in action.",
"fields": [
{
"aliases": [],
"desc": "Print the actions to the console",
"name": "function",
"type": {
"kind": "singleton",
"name": "console"
}
}
],
"full_name": "rule_engine:builtin_action_console",
"paths": [
"rule_engine.rules.$id.actions.$INDEX"
],
"tags": [
"Rule Engine"
]
},
{
"desc": "Configuration for a built-in action.",
"fields": [
{
"aliases": [],
"desc": "Republish the message as a new MQTT message",
"name": "function",
"type": {
"kind": "singleton",
"name": "republish"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"name": "args",
"raw_default": {},
"type": {
"kind": "struct",
"name": "rule_engine:republish_args"
}
}
],
"full_name": "rule_engine:builtin_action_republish",
"paths": [
"rule_engine.rules.$id.actions.$INDEX"
],
"tags": [
"Rule Engine"
]
},
{
"desc": "The arguments of the built-in 'republish' action.One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n<code>\n SELECT clientid, qos, payload FROM \"t/1\"\n</code>\nThen there are 3 variables available: <code>clientid</code>, <code>qos</code> and\n<code>payload</code>. And if we've set the args to:\n<code>\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n</code>\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`.",
"fields": [
{
"aliases": [],
"desc": "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.",
"examples": [
"a/1"
],
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"${qos}\"",
"oneliner": true
},
"desc": "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
"examples": [
"${qos}"
],
"name": "qos",
"raw_default": "${qos}",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "qos()"
},
{
"kind": "primitive",
"name": "binary()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"${retain}\"",
"oneliner": true
},
"desc": "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
"examples": [
"${retain}"
],
"name": "retain",
"raw_default": "${retain}",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "boolean()"
},
{
"kind": "primitive",
"name": "binary()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"${payload}\"",
"oneliner": true
},
"desc": "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.",
"examples": [
"${payload}"
],
"name": "payload",
"raw_default": "${payload}",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"${user_properties}\"",
"oneliner": true
},
"desc": "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to <code>${pub_props.'User-Property'}</code> or\nuse <code>SELECT *,pub_props.'User-Property' as user_properties</code>\nto forward the original user properties to the republished message.\nYou may also call <code>map_put</code> function like\n<code>map_put('my-prop-name', 'my-prop-value', user_properties) as user_properties</code>\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.",
"examples": [
"${pub_props.'User-Property'}"
],
"name": "user_properties",
"raw_default": "${user_properties}",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "rule_engine:republish_args",
"paths": [
"rule_engine.rules.$id.actions.$INDEX.args"
],
"tags": [
"Rule Engine"
]
},
{
"desc": "Configuration for the EMQX Rule Engine.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "When set to 'true' (default), rule-engine will ignore messages published to $SYS topics.",
"name": "ignore_sys_message",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The rules",
"name": "rules",
"raw_default": {},
"type": {
"kind": "map",
"name": "id",
"values": {
"kind": "struct",
"name": "rule_engine:rules"
}
}
},
{
"aliases": [],
"default": {
"hocon": "\"10s\"",
"oneliner": true
},
"desc": "Default timeout for the `jq` rule engine function",
"name": "jq_function_default_timeout",
"raw_default": "10s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "jq_nif",
"oneliner": true
},
"desc": "The implementation module for the jq rule engine function. The two options are jq_nif and jq_port. With the jq_nif option an Erlang NIF library is used while with the jq_port option an implementation based on Erlang port programs is used. The jq_nif option (the default option) is the fastest implementation of the two but jq_port is safer as the jq programs will not execute in the same process as the Erlang VM.",
"name": "jq_implementation_module",
"raw_default": "jq_nif",
"type": {
"kind": "enum",
"symbols": [
"jq_nif",
"jq_port"
]
}
}
],
"full_name": "rule_engine",
"paths": [
"rule_engine"
],
"tags": [
"Rule Engine"
]
},
{
"desc": "Configuration for a rule.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "The name of the rule",
"examples": [
[
102,
111,
111
]
],
"name": "name",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "SQL query to transform the messages.\nExample: <code>SELECT * FROM \"test/topic\" WHERE payload.x = 1</code>",
"examples": [
[
83,
69,
76,
69,
67,
84,
32,
42,
32,
70,
82,
79,
77,
32,
34,
116,
101,
115,
116,
47,
116,
111,
112,
105,
99,
34,
32,
87,
72,
69,
82,
69,
32,
112,
97,
121,
108,
111,
97,
100,
46,
120,
32,
61,
32,
49
]
],
"name": "sql",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "A list of actions of the rule.\nAn action can be a string that refers to the channel ID of an EMQX bridge, or an object\nthat refers to a function.\nThere a some built-in functions like \"republish\" and \"console\", and we also support user\nprovided functions in the format: \"{module}:{function}\".\nThe actions in the list are executed sequentially.\nThis means that if one of the action is executing slowly, all the following actions will not\nbe executed until it returns.\nIf one of the action crashed, all other actions come after it will still be executed, in the\noriginal order.\nIf there's any error when running an action, there will be an error message, and the 'failure'\ncounter of the function action or the bridge channel will increase.",
"examples": [
[
"webhook:my_webhook",
{
"args": {
"payload": "${payload}",
"topic": "t/1"
},
"function": "republish"
},
{
"function": "console"
}
]
],
"name": "actions",
"raw_default": [],
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "binary()"
},
{
"kind": "struct",
"name": "rule_engine:builtin_action_republish"
},
{
"kind": "struct",
"name": "rule_engine:builtin_action_console"
},
{
"kind": "struct",
"name": "rule_engine:user_provided_function"
}
]
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable or disable the rule",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"\"",
"oneliner": true
},
"desc": "The description of the rule",
"examples": [
[
83,
111,
109,
101,
32,
100,
101,
115,
99,
114,
105,
112,
116,
105,
111,
110
]
],
"name": "description",
"raw_default": "",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Rule metadata, do not change manually",
"name": "metadata",
"type": {
"kind": "primitive",
"name": "map()"
}
}
],
"full_name": "rule_engine:rules",
"paths": [
"rule_engine.rules.$id"
],
"tags": [
"Rule Engine"
]
},
{
"desc": "Configuration for a built-in action.",
"fields": [
{
"aliases": [],
"desc": "The user provided function. Should be in the format: '{module}:{function}'.\nWhere {module} is the Erlang callback module and {function} is the Erlang function.\n\nTo write your own function, checkout the function <code>console</code> and\n<code>republish</code> in the source file:\n<code>apps/emqx_rule_engine/src/emqx_rule_actions.erl</code> as an example.",
"examples": [
[
109,
111,
100,
117,
108,
101,
58,
102,
117,
110,
99,
116,
105,
111,
110
]
],
"name": "function",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The args will be passed as the 3rd argument to module:function/3,\ncheckout the function <code>console</code> and <code>republish</code> in the source file:\n<code>apps/emqx_rule_engine/src/emqx_rule_actions.erl</code> as an example.",
"name": "args",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
}
],
"full_name": "rule_engine:user_provided_function",
"paths": [
"rule_engine.rules.$id.actions.$INDEX"
],
"tags": [
"Rule Engine"
]
},
{
"desc": "Service discovery via DNS SRV records.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"localhost\"",
"oneliner": true
},
"desc": "The domain name from which to discover peer EMQX nodes' IP addresses.\nApplicable when <code>cluster.discovery_strategy = dns</code>",
"name": "name",
"raw_default": "localhost",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "a",
"oneliner": true
},
"desc": "DNS record type.",
"name": "record_type",
"raw_default": "a",
"type": {
"kind": "enum",
"symbols": [
"a",
"srv"
]
}
}
],
"full_name": "cluster_dns",
"paths": [
"cluster.dns"
],
"tags": [
"EMQX"
]
},
{
"desc": "Service discovery using 'etcd' service.",
"fields": [
{
"aliases": [],
"desc": "List of endpoint URLs of the etcd cluster",
"name": "server",
"type": {
"kind": "primitive",
"name": "emqx_schema:comma_separated_list()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqxcl\"",
"oneliner": true
},
"desc": "Key prefix used for EMQX service discovery.",
"name": "prefix",
"raw_default": "emqxcl",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "Expiration time of the etcd key associated with the node.\nIt is refreshed automatically, as long as the node is alive.",
"name": "node_ttl",
"raw_default": "1m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Options for the TLS connection to the etcd cluster.",
"name": "ssl",
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "cluster_etcd",
"paths": [
"cluster.etcd"
],
"tags": [
"EMQX"
]
},
{
"desc": "Service discovery via Kubernetes API server.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"http://10.110.111.204:8080\"",
"oneliner": true
},
"desc": "Kubernetes API endpoint URL.",
"name": "apiserver",
"raw_default": "http://10.110.111.204:8080",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"emqx\"",
"oneliner": true
},
"desc": "EMQX broker service name.",
"name": "service_name",
"raw_default": "emqx",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "ip",
"oneliner": true
},
"desc": "Address type used for connecting to the discovered nodes.\nSetting <code>cluster.k8s.address_type</code> to <code>ip</code> will\nmake EMQX to discover IP addresses of peer nodes from Kubernetes API.",
"name": "address_type",
"raw_default": "ip",
"type": {
"kind": "enum",
"symbols": [
"ip",
"dns",
"hostname"
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"default\"",
"oneliner": true
},
"desc": "Kubernetes namespace.",
"name": "namespace",
"raw_default": "default",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"pod.local\"",
"oneliner": true
},
"desc": "Node name suffix.<br/>\nNote: this parameter is only relevant when <code>address_type</code> is <code>dns</code>\nor <code>hostname</code>.",
"name": "suffix",
"raw_default": "pod.local",
"type": {
"kind": "primitive",
"name": "string()"
}
}
],
"full_name": "cluster_k8s",
"paths": [
"cluster.k8s"
],
"tags": [
"EMQX"
]
},
{
"desc": "Service discovery via UDP multicast.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"239.192.0.1\"",
"oneliner": true
},
"desc": "Multicast IPv4 address.",
"name": "addr",
"raw_default": "239.192.0.1",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "[4369,4370]",
"oneliner": true
},
"desc": "List of UDP ports used for service discovery.<br/>\nNote: probe messages are broadcast to all the specified ports.",
"name": "ports",
"raw_default": [
4369,
4370
],
"type": {
"elements": {
"kind": "primitive",
"name": "integer()"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0.0.0.0\"",
"oneliner": true
},
"desc": "Local IP address the node discovery service needs to bind to.",
"name": "iface",
"raw_default": "0.0.0.0",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "255",
"oneliner": true
},
"desc": "Time-to-live (TTL) for the outgoing UDP datagrams.",
"name": "ttl",
"raw_default": 255,
"type": {
"kind": "primitive",
"name": "0..255"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "If <code>true</code>, loop UDP datagrams back to the local socket.",
"name": "loop",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"16KB\"",
"oneliner": true
},
"desc": "Size of the kernel-level buffer for outgoing datagrams.",
"name": "sndbuf",
"raw_default": "16KB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"16KB\"",
"oneliner": true
},
"desc": "Size of the kernel-level buffer for incoming datagrams.",
"name": "recbuf",
"raw_default": "16KB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"32KB\"",
"oneliner": true
},
"desc": "Size of the user-level buffer.",
"name": "buffer",
"raw_default": "32KB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
}
],
"full_name": "cluster_mcast",
"paths": [
"cluster.mcast"
],
"tags": [
"EMQX"
]
},
{
"desc": "Service discovery via static nodes.\nThe new node joins the cluster by connecting to one of the bootstrap nodes.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "List EMQX node names in the static cluster. See <code>node.name</code>.",
"name": "seeds",
"raw_default": [],
"type": {
"elements": {
"kind": "primitive",
"name": "atom()"
},
"kind": "array"
}
}
],
"full_name": "cluster_static",
"paths": [
"cluster.static"
],
"tags": [
"EMQX"
]
},
{
"desc": "Settings that control client authorization.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "allow",
"oneliner": true
},
"desc": "Default access control action if the user or client matches no ACL rules,\nor if no such user or client is found by the configurable authorization\nsources such as built_in_database, an HTTP API, or a query against PostgreSQL.\nFind more details in 'authorization.sources' config.",
"name": "no_match",
"raw_default": "allow",
"type": {
"kind": "enum",
"symbols": [
"allow",
"deny"
]
}
},
{
"aliases": [],
"default": {
"hocon": "ignore",
"oneliner": true
},
"desc": "The action when the authorization check rejects an operation.",
"name": "deny_action",
"raw_default": "ignore",
"type": {
"kind": "enum",
"symbols": [
"ignore",
"disconnect"
]
}
},
{
"aliases": [],
"name": "cache",
"type": {
"kind": "struct",
"name": "broker:authz_cache"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "Authorization data sources.<br/>\nAn array of authorization (ACL) data providers.\nIt is designed as an array, not a hash-map, so the sources can be\nordered to form a chain of access controls.<br/>\n\nWhen authorizing a 'publish' or 'subscribe' action, the configured\nsources are checked in order. When checking an ACL source,\nin case the client (identified by username or client ID) is not found,\nit moves on to the next source. And it stops immediately\nonce an 'allow' or 'deny' decision is returned.<br/>\n\nIf the client is not found in any of the sources,\nthe default action configured in 'authorization.no_match' is applied.<br/>\n\nNOTE:\nThe source elements are identified by their 'type'.\nIt is NOT allowed to configure two or more sources of the same type.",
"name": "sources",
"raw_default": [],
"type": {
"elements": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authz:file"
},
{
"kind": "struct",
"name": "authz:http_get"
},
{
"kind": "struct",
"name": "authz:http_post"
},
{
"kind": "struct",
"name": "authz:mnesia"
},
{
"kind": "struct",
"name": "authz:mongo_single"
},
{
"kind": "struct",
"name": "authz:mongo_rs"
},
{
"kind": "struct",
"name": "authz:mongo_sharded"
},
{
"kind": "struct",
"name": "authz:mysql"
},
{
"kind": "struct",
"name": "authz:postgresql"
},
{
"kind": "struct",
"name": "authz:redis_single"
},
{
"kind": "struct",
"name": "authz:redis_sentinel"
},
{
"kind": "struct",
"name": "authz:redis_cluster"
}
]
},
"kind": "array"
}
}
],
"full_name": "authorization",
"paths": [
"authorization"
],
"tags": [
"EMQX"
]
},
{
"desc": "EMQX nodes can form a cluster to scale up the total capacity.<br/>\n Here holds the configs to instruct how individual nodes can discover each other.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "emqxcl",
"oneliner": true
},
"desc": "Human-friendly name of the EMQX cluster.",
"name": "name",
"raw_default": "emqxcl",
"type": {
"kind": "primitive",
"name": "atom()"
}
},
{
"aliases": [],
"default": {
"hocon": "manual",
"oneliner": true
},
"desc": "Service discovery method for the cluster nodes. Possible values are:\n- manual: Use <code>emqx ctl cluster</code> command to manage cluster.<br/>\n- static: Configure static nodes list by setting <code>seeds</code> in config file.<br/>\n- dns: Use DNS A record to discover peer nodes.<br/>\n- etcd: Use etcd to discover peer nodes.<br/>\n- k8s: Use Kubernetes API to discover peer pods.",
"name": "discovery_strategy",
"raw_default": "manual",
"type": {
"kind": "enum",
"symbols": [
"manual",
"static",
"mcast",
"dns",
"etcd",
"k8s"
]
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "List of core nodes that the replicant will connect to.<br/>\nNote: this parameter only takes effect when the <code>backend</code> is set\nto <code>rlog</code> and the <code>role</code> is set to <code>replicant</code>.<br/>\nThis value needs to be defined for manual or static cluster discovery mechanisms.<br/>\nIf an automatic cluster discovery mechanism is being used (such as <code>etcd</code>),\nthere is no need to set this value.",
"name": "core_nodes",
"raw_default": [],
"type": {
"kind": "primitive",
"name": "emqx_schema:comma_separated_atoms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5m\"",
"oneliner": true
},
"desc": "Remove disconnected nodes from the cluster after this interval.",
"name": "autoclean",
"raw_default": "5m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "If <code>true</code>, the node will try to heal network partitions automatically.",
"name": "autoheal",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "inet_tcp",
"oneliner": true
},
"desc": "The Erlang distribution protocol for the cluster.<br/>\n- inet_tcp: IPv4 TCP <br/>\n- inet_tls: IPv4 TLS, works together with <code>etc/ssl_dist.conf</code>",
"name": "proto_dist",
"raw_default": "inet_tcp",
"type": {
"kind": "enum",
"symbols": [
"inet_tcp",
"inet6_tcp",
"inet_tls"
]
}
},
{
"aliases": [],
"name": "static",
"type": {
"kind": "struct",
"name": "cluster_static"
}
},
{
"aliases": [],
"name": "mcast",
"type": {
"kind": "struct",
"name": "cluster_mcast"
}
},
{
"aliases": [],
"name": "dns",
"type": {
"kind": "struct",
"name": "cluster_dns"
}
},
{
"aliases": [],
"name": "etcd",
"type": {
"kind": "struct",
"name": "cluster_etcd"
}
},
{
"aliases": [],
"name": "k8s",
"type": {
"kind": "struct",
"name": "cluster_k8s"
}
}
],
"full_name": "cluster",
"paths": [
"cluster"
],
"tags": [
"EMQX"
]
},
{
"desc": "Options for the 'cluster call' feature that allows to execute a callback on all nodes in the cluster.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"1m\"",
"oneliner": true
},
"desc": "Time interval to retry after a failed call.",
"name": "retry_interval",
"raw_default": "1m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Retain the maximum number of completed transactions (for queries).",
"name": "max_history",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "1..500"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5m\"",
"oneliner": true
},
"desc": "Time interval to clear completed but stale transactions.\nEnsure that the number of completed transactions is less than the <code>max_history</code>.",
"name": "cleanup_interval",
"raw_default": "5m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "cluster_call",
"paths": [
"node.cluster_call"
],
"tags": [
"EMQX"
]
},
{
"desc": "Log handler that prints log events to the EMQX console.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable this log handler.",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "warning",
"oneliner": true
},
"desc": "The log level for the current log handler.\nDefaults to warning.",
"name": "level",
"raw_default": "warning",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:log_level()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"system\"",
"oneliner": true
},
"desc": "The time offset to be used when formatting the timestamp.\nCan be one of:\n - <code>system</code>: the time offset used by the local system\n - <code>utc</code>: the UTC time offset\n - <code>+-[hh]:[mm]</code>: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: <code>system</code>.",
"name": "time_offset",
"raw_default": "system",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unlimited",
"oneliner": true
},
"desc": "Set the maximum length of a single log message. If this length is exceeded, the log message will be truncated.\nNOTE: Restrict char limiter if formatter is JSON , it will get a truncated incomplete JSON data, which is not recommended.",
"name": "chars_limit",
"raw_default": "unlimited",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "unlimited"
},
{
"kind": "primitive",
"name": "100..inf"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "text",
"oneliner": true
},
"desc": "Choose log formatter. <code>text</code> for free text, and <code>json</code> for structured logging.",
"name": "formatter",
"raw_default": "text",
"type": {
"kind": "enum",
"symbols": [
"text",
"json"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Print logs in a single line if set to true. Otherwise, log messages may span multiple lines.",
"name": "single_line",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "As long as the number of buffered log events is lower than this value,\nall log events are handled asynchronously. This means that the client process sending the log event,\nby calling a log function in the Logger API, does not wait for a response from the handler\nbut continues executing immediately after the event is sent.\nIt is not affected by the time it takes the handler to print the event to the log device.\nIf the message queue grows larger than this value,\nthe handler starts handling log events synchronously instead,\nmeaning that the client process sending the event must wait for a response.\nWhen the handler reduces the message queue to a level below the sync_mode_qlen threshold,\nasynchronous operation is resumed.",
"name": "sync_mode_qlen",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "3000",
"oneliner": true
},
"desc": "When the number of buffered log events is larger than this value, the new log events are dropped.\nWhen drop mode is activated or deactivated, a message is printed in the logs.",
"name": "drop_mode_qlen",
"raw_default": 3000,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "8000",
"oneliner": true
},
"desc": "If the number of buffered log events grows larger than this threshold, a flush (delete) operation takes place.\nTo flush events, the handler discards the buffered log messages without logging.",
"name": "flush_qlen",
"raw_default": 8000,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"name": "overload_kill",
"type": {
"kind": "struct",
"name": "log_overload_kill"
}
},
{
"aliases": [],
"name": "burst_limit",
"type": {
"kind": "struct",
"name": "log_burst_limit"
}
},
{
"aliases": [],
"default": {
"hocon": "error",
"oneliner": true
},
"desc": "Type of supervisor reports that are logged. Defaults to <code>error</code><br/>\n - <code>error</code>: only log errors in the Erlang processes<br/>.\n - <code>progress</code>: log process startup.",
"name": "supervisor_reports",
"raw_default": "error",
"type": {
"kind": "enum",
"symbols": [
"error",
"progress"
]
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Maximum depth for Erlang term log formatting and Erlang process message queue inspection.",
"name": "max_depth",
"raw_default": 100,
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "unlimited"
},
{
"kind": "primitive",
"name": "non_neg_integer()"
}
]
}
}
],
"full_name": "console_handler",
"paths": [
"log.console_handler"
],
"tags": [
"EMQX"
]
},
{
"desc": "EMQX logging supports multiple sinks for the log events.\nEach sink is represented by a _log handler_, which can be configured independently.",
"fields": [
{
"aliases": [],
"name": "console_handler",
"type": {
"kind": "struct",
"name": "console_handler"
}
},
{
"aliases": [],
"desc": "File-based log handlers.",
"name": "file_handlers",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "log_file_handler"
}
}
}
],
"full_name": "log",
"paths": [
"log"
],
"tags": [
"EMQX"
]
},
{
"desc": "Large bursts of log events produced in a short time can potentially cause problems, such as:\n - Log files grow very large\n - Log files are rotated too quickly, and useful information gets overwritten\n - Overall performance impact on the system\n\nLog burst limit feature can temporarily disable logging to avoid these issues.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable log burst control feature.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10000",
"oneliner": true
},
"desc": "Maximum number of log events to handle within a `window_time` interval. After the limit is reached, successive events are dropped until the end of the `window_time`.",
"name": "max_count",
"raw_default": 10000,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1s\"",
"oneliner": true
},
"desc": "See <code>max_count</code>.",
"name": "window_time",
"raw_default": "1s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "log_burst_limit",
"paths": [
"log.console_handler.burst_limit",
"log.file_handlers.$name.burst_limit"
],
"tags": [
"EMQX"
]
},
{
"desc": "Log handler that prints log events to files.",
"fields": [
{
"aliases": [],
"desc": "Name the log file.",
"name": "file",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:file()"
}
},
{
"aliases": [],
"name": "rotation",
"type": {
"kind": "struct",
"name": "log_rotation"
}
},
{
"aliases": [],
"default": {
"hocon": "\"50MB\"",
"oneliner": true
},
"desc": "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `max_size` in bytes.",
"name": "max_size",
"raw_default": "50MB",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable this log handler.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "warning",
"oneliner": true
},
"desc": "The log level for the current log handler.\nDefaults to warning.",
"name": "level",
"raw_default": "warning",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:log_level()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"system\"",
"oneliner": true
},
"desc": "The time offset to be used when formatting the timestamp.\nCan be one of:\n - <code>system</code>: the time offset used by the local system\n - <code>utc</code>: the UTC time offset\n - <code>+-[hh]:[mm]</code>: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: <code>system</code>.",
"name": "time_offset",
"raw_default": "system",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unlimited",
"oneliner": true
},
"desc": "Set the maximum length of a single log message. If this length is exceeded, the log message will be truncated.\nNOTE: Restrict char limiter if formatter is JSON , it will get a truncated incomplete JSON data, which is not recommended.",
"name": "chars_limit",
"raw_default": "unlimited",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "unlimited"
},
{
"kind": "primitive",
"name": "100..inf"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "text",
"oneliner": true
},
"desc": "Choose log formatter. <code>text</code> for free text, and <code>json</code> for structured logging.",
"name": "formatter",
"raw_default": "text",
"type": {
"kind": "enum",
"symbols": [
"text",
"json"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Print logs in a single line if set to true. Otherwise, log messages may span multiple lines.",
"name": "single_line",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "As long as the number of buffered log events is lower than this value,\nall log events are handled asynchronously. This means that the client process sending the log event,\nby calling a log function in the Logger API, does not wait for a response from the handler\nbut continues executing immediately after the event is sent.\nIt is not affected by the time it takes the handler to print the event to the log device.\nIf the message queue grows larger than this value,\nthe handler starts handling log events synchronously instead,\nmeaning that the client process sending the event must wait for a response.\nWhen the handler reduces the message queue to a level below the sync_mode_qlen threshold,\nasynchronous operation is resumed.",
"name": "sync_mode_qlen",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "3000",
"oneliner": true
},
"desc": "When the number of buffered log events is larger than this value, the new log events are dropped.\nWhen drop mode is activated or deactivated, a message is printed in the logs.",
"name": "drop_mode_qlen",
"raw_default": 3000,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "8000",
"oneliner": true
},
"desc": "If the number of buffered log events grows larger than this threshold, a flush (delete) operation takes place.\nTo flush events, the handler discards the buffered log messages without logging.",
"name": "flush_qlen",
"raw_default": 8000,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"name": "overload_kill",
"type": {
"kind": "struct",
"name": "log_overload_kill"
}
},
{
"aliases": [],
"name": "burst_limit",
"type": {
"kind": "struct",
"name": "log_burst_limit"
}
},
{
"aliases": [],
"default": {
"hocon": "error",
"oneliner": true
},
"desc": "Type of supervisor reports that are logged. Defaults to <code>error</code><br/>\n - <code>error</code>: only log errors in the Erlang processes<br/>.\n - <code>progress</code>: log process startup.",
"name": "supervisor_reports",
"raw_default": "error",
"type": {
"kind": "enum",
"symbols": [
"error",
"progress"
]
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Maximum depth for Erlang term log formatting and Erlang process message queue inspection.",
"name": "max_depth",
"raw_default": 100,
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "unlimited"
},
{
"kind": "primitive",
"name": "non_neg_integer()"
}
]
}
}
],
"full_name": "log_file_handler",
"paths": [
"log.file_handlers.$name"
],
"tags": [
"EMQX"
]
},
{
"desc": "Log overload kill features an overload protection that activates when the log handlers use too much memory or have too many buffered log messages.<br/>\nWhen the overload is detected, the log handler is terminated and restarted after a cooldown period.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable log handler overload kill feature.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30MB\"",
"oneliner": true
},
"desc": "Maximum memory size that the log handler process is allowed to use.",
"name": "mem_size",
"raw_default": "30MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "20000",
"oneliner": true
},
"desc": "Maximum allowed queue length.",
"name": "qlen",
"raw_default": 20000,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "The handler restarts automatically after a delay in the event of termination, unless the value `infinity` is set, which blocks any subsequent restarts.",
"name": "restart_after",
"raw_default": "5s",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
}
],
"full_name": "log_overload_kill",
"paths": [
"log.console_handler.overload_kill",
"log.file_handlers.$name.overload_kill"
],
"tags": [
"EMQX"
]
},
{
"desc": "By default, the logs are stored in `./log` directory (for installation from zip file) or in `/var/log/emqx` (for binary installation).<br/>\nThis section of the configuration controls the number of files kept for each log handler.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable log rotation feature.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Maximum number of log files.",
"name": "count",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "1..2048"
}
}
],
"full_name": "log_rotation",
"paths": [
"log.file_handlers.$name.rotation"
],
"tags": [
"EMQX"
]
},
{
"desc": "Node name, cookie, config & data directories and the Erlang virtual machine (BEAM) boot parameters.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"emqx@127.0.0.1\"",
"oneliner": true
},
"desc": "Unique name of the EMQX node. It must follow <code>%name%@FQDN</code> or\n<code>%name%@IPv4</code> format.",
"importance": "high",
"name": "name",
"raw_default": "emqx@127.0.0.1",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Secret cookie is a random string that should be the same on all nodes in\nthe given EMQX cluster, but unique per EMQX cluster. It is used to prevent EMQX nodes that\nbelong to different clusters from accidentally connecting to each other.",
"importance": "high",
"name": "cookie",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "2097152",
"oneliner": true
},
"desc": "Maximum number of simultaneously existing processes for this Erlang system.\nThe actual maximum chosen may be much larger than the Number passed.\nFor more information, see: https://www.erlang.org/doc/man/erl.html",
"importance": "medium",
"name": "process_limit",
"raw_default": 2097152,
"type": {
"kind": "primitive",
"name": "1024..134217727"
}
},
{
"aliases": [],
"default": {
"hocon": "1048576",
"oneliner": true
},
"desc": "Maximum number of simultaneously existing ports for this Erlang system.\nThe actual maximum chosen may be much larger than the Number passed.\nFor more information, see: https://www.erlang.org/doc/man/erl.html",
"importance": "high",
"name": "max_ports",
"raw_default": 1048576,
"type": {
"kind": "primitive",
"name": "1024..134217727"
}
},
{
"aliases": [],
"default": {
"hocon": "8192",
"oneliner": true
},
"desc": "Erlang's distribution buffer busy limit in kilobytes.",
"importance": "low",
"name": "dist_buffer_size",
"raw_default": 8192,
"type": {
"kind": "primitive",
"name": "1..2097151"
}
},
{
"aliases": [],
"default": {
"hocon": "262144",
"oneliner": true
},
"desc": "Max number of ETS tables",
"importance": "low",
"name": "max_ets_tables",
"raw_default": 262144,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15m\"",
"oneliner": true
},
"desc": "Periodic garbage collection interval. Set to <code>disabled</code> to have it disabled.",
"importance": "low",
"name": "global_gc_interval",
"raw_default": "15m",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "disabled"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"log/erl_crash.dump\"",
"oneliner": true
},
"desc": "Location of the crash dump file.",
"importance": "low",
"name": "crash_dump_file",
"raw_default": "log/erl_crash.dump",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:file()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "This variable gives the number of seconds that the emulator is allowed to spend writing a crash dump. When the given number of seconds have elapsed, the emulator is terminated.<br/>\n- If setting to 0 seconds, the runtime system does not even attempt to write the crash dump file. It only terminates.<br/>\n- If setting to a positive value S, wait for S seconds to complete the crash dump file and then terminates the runtime system with a SIGALRM signal.<br/>\n- A negative value causes the termination of the runtime system to wait indefinitely until the crash dump file has been completely written.",
"importance": "low",
"name": "crash_dump_seconds",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_s()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"100MB\"",
"oneliner": true
},
"desc": "This variable sets the maximum size of a crash dump file in bytes.\nThe crash dump will be truncated if this limit is exceeded.\nIf setting it to 0, the runtime system does not even attempt to write a crash dump file.",
"importance": "low",
"name": "crash_dump_bytes",
"raw_default": "100MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"2m\"",
"oneliner": true
},
"desc": "This is the approximate time an EMQX node may be unresponsive until it is considered down and thereby disconnected.",
"importance": "low",
"name": "dist_net_ticktime",
"raw_default": "2m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_s()"
}
},
{
"aliases": [],
"default": {
"hocon": "23",
"oneliner": true
},
"desc": "Maximum depth of the call stack printed in error messages and\n<code>process_info</code>.",
"importance": "low",
"name": "backtrace_depth",
"raw_default": 23,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "List of Erlang applications that shall be rebooted when the EMQX broker joins the cluster.",
"importance": "low",
"name": "applications",
"raw_default": [],
"type": {
"kind": "primitive",
"name": "emqx_schema:comma_separated_atoms()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.8.",
"importance": "low",
"name": "etc_dir",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"importance": "low",
"name": "cluster_call",
"type": {
"kind": "struct",
"name": "cluster_call"
}
},
{
"aliases": [],
"default": {
"hocon": "core",
"oneliner": true
},
"desc": "Select a node role.<br/>\n<code>core</code> nodes provide durability of the data, and take care of writes.\nIt is recommended to place core nodes in different racks or different availability zones.<br/>\n<code>replicant</code> nodes are ephemeral worker nodes. Removing them from the cluster\ndoesn't affect database redundancy<br/>\nIt is recommended to have more replicant nodes than core nodes.<br/>\nNote: this parameter only takes effect when the <code>backend</code> is set\nto <code>rlog</code>.",
"importance": "high",
"name": "db_role",
"raw_default": "core",
"type": {
"kind": "enum",
"symbols": [
"core",
"replicant"
]
}
},
{
"aliases": [],
"default": {
"hocon": "async",
"oneliner": true
},
"desc": "In sync mode the core node waits for an ack from the replicant nodes before sending the next\ntransaction log entry.",
"importance": "low",
"name": "tlog_push_mode",
"raw_default": "async",
"type": {
"kind": "enum",
"symbols": [
"sync",
"async"
]
}
}
],
"full_name": "node",
"paths": [
"node"
],
"tags": [
"EMQX"
]
},
{
"desc": "EMQX uses a library called <code>gen_rpc</code> for inter-broker communication.<br/>\nMost of the time the default config should work,\nbut in case you need to do performance fine-tuning or experiment a bit,\nthis is where to look.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "async",
"oneliner": true
},
"desc": "In <code>sync</code> mode the sending side waits for the ack from the receiving side.",
"name": "mode",
"raw_default": "async",
"type": {
"kind": "enum",
"symbols": [
"sync",
"async"
]
}
},
{
"aliases": [],
"default": {
"hocon": "tcp",
"oneliner": true
},
"desc": "Transport protocol used for inter-broker communication",
"name": "driver",
"raw_default": "tcp",
"type": {
"kind": "enum",
"symbols": [
"tcp",
"ssl"
]
}
},
{
"aliases": [],
"default": {
"hocon": "256",
"oneliner": true
},
"desc": "The maximum number of batch messages sent in asynchronous mode.\n Note that this configuration does not work in synchronous mode.",
"name": "async_batch_size",
"raw_default": 256,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "stateless",
"oneliner": true
},
"desc": "<code>manual</code>: discover ports by <code>tcp_server_port</code>.<br/>\n<code>stateless</code>: discover ports in a stateless manner, using the following algorithm.\nIf node name is <code>emqxN@127.0.0.1</code>, where the N is an integer,\nthen the listening port will be 5370 + N.",
"name": "port_discovery",
"raw_default": "stateless",
"type": {
"kind": "enum",
"symbols": [
"manual",
"stateless"
]
}
},
{
"aliases": [],
"default": {
"hocon": "5369",
"oneliner": true
},
"desc": "Listening port used by RPC local service.<br/>\nNote that this config only takes effect when rpc.port_discovery is set to manual.",
"name": "tcp_server_port",
"raw_default": 5369,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "5369",
"oneliner": true
},
"desc": "Listening port used by RPC local service.<br/>\nNote that this config only takes effect when rpc.port_discovery is set to manual\nand <code>driver</code> is set to <code>ssl</code>.",
"name": "ssl_server_port",
"raw_default": 5369,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Set the maximum number of RPC communication channels initiated by this node to each remote node.",
"name": "tcp_client_num",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "1..256"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Timeout for establishing an RPC connection.",
"name": "connect_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Path to TLS certificate file used to validate identity of the cluster nodes.\nNote that this config only takes effect when <code>rpc.driver</code> is set to <code>ssl</code>.",
"name": "certfile",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:file()"
}
},
{
"aliases": [],
"desc": "Path to the private key file for the <code>rpc.certfile</code>.<br/>\nNote: contents of this file are secret, so it's necessary to set permissions to 600.",
"name": "keyfile",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:file()"
}
},
{
"aliases": [],
"desc": "Path to certification authority TLS certificate file used to validate <code>rpc.certfile</code>.<br/>\nNote: certificates of all nodes in the cluster must be signed by the same CA.",
"name": "cacertfile",
"type": {
"kind": "primitive",
"name": "emqx_conf_schema:file()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Timeout for sending the RPC request.",
"name": "send_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Timeout for the remote node authentication.",
"name": "authentication_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Timeout for the reply to a synchronous RPC.",
"name": "call_receive_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15m\"",
"oneliner": true
},
"desc": "How long the connections between the brokers should remain open after the last message is sent.",
"name": "socket_keepalive_idle",
"raw_default": "15m",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_s()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"75s\"",
"oneliner": true
},
"desc": "The interval between keepalive messages.",
"name": "socket_keepalive_interval",
"raw_default": "75s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_s()"
}
},
{
"aliases": [],
"default": {
"hocon": "9",
"oneliner": true
},
"desc": "How many times the keepalive probe message can fail to receive a reply\nuntil the RPC connection is considered lost.",
"name": "socket_keepalive_count",
"raw_default": 9,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1MB\"",
"oneliner": true
},
"desc": "TCP tuning parameters. TCP sending buffer size.",
"name": "socket_sndbuf",
"raw_default": "1MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1MB\"",
"oneliner": true
},
"desc": "TCP tuning parameters. TCP receiving buffer size.",
"name": "socket_recbuf",
"raw_default": "1MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1MB\"",
"oneliner": true
},
"desc": "TCP tuning parameters. Socket buffer size in user mode.",
"name": "socket_buffer",
"raw_default": "1MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable compatibility with old RPC authentication.",
"name": "insecure_fallback",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "rpc",
"paths": [
"rpc"
],
"tags": [
"EMQX"
]
},
{
"desc": "Topology of MongoDB.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Max Overflow.",
"name": "max_overflow",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"desc": "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.",
"name": "overflow_ttl",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "Period for checking if there are more workers than configured (\"overflow\").",
"name": "overflow_check_period",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "The size of the latency window for selecting among multiple suitable MongoDB instances.",
"name": "local_threshold_ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "The duration to attempt a connection before timing out.",
"name": "connect_timeout_ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "The duration to attempt to send or to receive on a socket before the attempt times out.",
"name": "socket_timeout_ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "Specifies how long to block for server selection before throwing an exception.",
"name": "server_selection_timeout_ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "The maximum duration that a worker can wait for a connection to become available.",
"name": "wait_queue_timeout_ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"200s\"",
"oneliner": true
},
"desc": "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.",
"name": "heartbeat_frequency_ms",
"raw_default": "200s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "Controls the minimum amount of time to wait between heartbeats.",
"name": "min_heartbeat_frequency_ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
}
],
"full_name": "topology",
"paths": [
"authentication.$INDEX.topology",
"authorization.sources.$INDEX.topology",
"gateway.coap.authentication.topology",
"gateway.coap.listeners.dtls.$name.authentication.topology",
"gateway.coap.listeners.udp.$name.authentication.topology",
"gateway.exproto.authentication.topology",
"gateway.exproto.listeners.dtls.$name.authentication.topology",
"gateway.exproto.listeners.ssl.$name.authentication.topology",
"gateway.exproto.listeners.tcp.$name.authentication.topology",
"gateway.exproto.listeners.udp.$name.authentication.topology",
"gateway.lwm2m.authentication.topology",
"gateway.lwm2m.listeners.dtls.$name.authentication.topology",
"gateway.lwm2m.listeners.udp.$name.authentication.topology",
"gateway.mqttsn.authentication.topology",
"gateway.mqttsn.listeners.dtls.$name.authentication.topology",
"gateway.mqttsn.listeners.udp.$name.authentication.topology",
"gateway.stomp.authentication.topology",
"gateway.stomp.listeners.ssl.$name.authentication.topology",
"gateway.stomp.listeners.tcp.$name.authentication.topology",
"listeners.ssl.$name.authentication.$INDEX.topology",
"listeners.tcp.$name.authentication.$INDEX.topology",
"listeners.ws.$name.authentication.$INDEX.topology",
"listeners.wss.$name.authentication.$INDEX.topology"
],
"tags": []
},
{
"desc": "Settings for `conn_congestion` alarm.\n\nSometimes the MQTT connection (usually an MQTT subscriber) may\nget \"congested\", because there are too many packets to be sent.\nThe socket tries to buffer the packets until the buffer is\nfull. If more packets arrive after that, the packets will be\n\"pending\" in the queue, and we consider the connection\ncongested.\n\nNote: `sndbuf` can be set to larger value if the\nalarm is triggered too often.\nThe name of the alarm is of format `conn_congestion/<ClientID>/<Username>`,\nwhere the `<ClientID>` is the client ID of the congested MQTT connection,\nand `<Username>` is the username or `unknown_user`.",
"fields": [
{
"aliases": [],
"desc": "Enable or disable connection congestion alarm.",
"name": "enable_alarm",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Minimal time before clearing the alarm.<br/>The alarm is cleared only when there's no pending data in<br/>the queue, and at least <code>min_alarm_sustain_duration</code>milliseconds passed since the last time we considered the connection 'congested'.<br/>This is to avoid clearing and raising the alarm again too often.",
"name": "min_alarm_sustain_duration",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "zone:conn_congestion",
"paths": [
"zones.$name.conn_congestion"
],
"tags": []
},
{
"desc": "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`.",
"fields": [
{
"aliases": [],
"desc": "Enable flapping connection detection feature.",
"name": "enable",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The maximum number of disconnects allowed for a MQTT Client in `window_time`",
"name": "max_count",
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "The time window for flapping detection.",
"name": "window_time",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "How long the flapping clientid will be banned.",
"name": "ban_time",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "zone:flapping_detect",
"paths": [
"zones.$name.flapping_detect"
],
"tags": []
},
{
"desc": "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data.",
"fields": [
{
"aliases": [],
"desc": "Enable forced garbage collection.",
"name": "enable",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "GC the process after this many received messages.",
"name": "count",
"type": {
"kind": "primitive",
"name": "0..inf"
}
},
{
"aliases": [],
"desc": "GC the process after specified number of bytes have passed through.",
"name": "bytes",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
}
],
"full_name": "zone:force_gc",
"paths": [
"zones.$name.force_gc"
],
"tags": []
},
{
"desc": "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2.",
"fields": [
{
"aliases": [],
"desc": "Enable `force_shutdown` feature.",
"name": "enable",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Maximum message queue length.",
"name": "max_message_queue_len",
"type": {
"kind": "primitive",
"name": "0..inf"
}
},
{
"aliases": [],
"desc": "Total heap size",
"name": "max_heap_size",
"type": {
"kind": "primitive",
"name": "emqx_schema:wordsize()"
}
}
],
"full_name": "zone:force_shutdown",
"paths": [
"zones.$name.force_shutdown"
],
"tags": []
},
{
"desc": "Global MQTT configuration.<br/>The configs here work as default values which can be overridden\nin <code>zone</code> configs",
"fields": [
{
"aliases": [],
"desc": "After the TCP connection is established, if the MQTT CONNECT packet from the client is\nnot received within the time specified by <code>idle_timeout</code>, the connection will be disconnected.\nAfter the CONNECT packet has been accepted by EMQX, if the connection idles for this long time,\nthen the Erlang process is put to hibernation to save OS resources. Note: long <code>idle_timeout</code>\ninterval may impose risk at the system if large number of malicious clients only establish connections\nbut do not send any data.",
"name": "idle_timeout",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:duration()"
}
]
}
},
{
"aliases": [],
"desc": "Maximum MQTT packet size allowed.",
"name": "max_packet_size",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"desc": "Maximum allowed length of MQTT Client ID.",
"name": "max_clientid_len",
"type": {
"kind": "primitive",
"name": "23..65535"
}
},
{
"aliases": [],
"desc": "Maximum topic levels allowed.",
"name": "max_topic_levels",
"type": {
"kind": "primitive",
"name": "1..65535"
}
},
{
"aliases": [],
"desc": "Maximum QoS allowed.",
"name": "max_qos_allowed",
"type": {
"kind": "primitive",
"name": "qos()"
}
},
{
"aliases": [],
"desc": "Maximum topic alias, 0 means no topic alias supported.",
"name": "max_topic_alias",
"type": {
"kind": "primitive",
"name": "0..65535"
}
},
{
"aliases": [],
"desc": "Whether to enable support for MQTT retained message.",
"name": "retain_available",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Whether to enable support for MQTT wildcard subscription.",
"name": "wildcard_subscription",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Whether to enable support for MQTT shared subscription.",
"name": "shared_subscription",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Whether to enable support for MQTT exclusive subscription.",
"name": "exclusive_subscription",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Ignore loop delivery of messages for MQTT v3.1.1/v3.1.0, similar to <code>No Local</code> subscription option in MQTT 5.0.",
"name": "ignore_loop_deliver",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Parse MQTT messages in strict mode.\nWhen set to true, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected",
"name": "strict_mode",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Specify the response information returned to the client. This feature is disabled if is set to \"\". Applies only to clients using MQTT 5.0.",
"name": "response_information",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "The keep alive that EMQX requires the client to use. If configured as <code>disabled</code>, it means that the keep alive specified by the client will be used. Requires <code>Server Keep Alive</code> in MQTT 5.0, so it is only applicable to clients using MQTT 5.0 protocol.",
"name": "server_keepalive",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "integer()"
},
{
"kind": "singleton",
"name": "disabled"
}
]
}
},
{
"aliases": [],
"desc": "The backoff multiplier used by the broker to determine the client keep alive timeout. If EMQX doesn't receive any packet in <code>Keep Alive * Backoff * 2</code> seconds, EMQX will close the current connection.",
"name": "keepalive_backoff",
"type": {
"kind": "primitive",
"name": "number()"
}
},
{
"aliases": [],
"desc": "Maximum number of subscriptions allowed per client.",
"name": "max_subscriptions",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "1..inf"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
},
{
"aliases": [],
"desc": "Force upgrade of QoS level according to subscription.",
"name": "upgrade_qos",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment.",
"name": "max_inflight",
"type": {
"kind": "primitive",
"name": "1..65535"
}
},
{
"aliases": [],
"desc": "Retry interval for QoS 1/2 message delivering.",
"name": "retry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL. After reaching this limit, new QoS 2 PUBLISH requests will be rejected with `147(0x93)` until either PUBREL is received or timed out.",
"name": "max_awaiting_rel",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "integer()"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
},
{
"aliases": [],
"desc": "For client to broker QoS 2 message, the time limit for the broker to wait before the `PUBREL` message is received. The wait is aborted after timed out, meaning the packet ID is freed for new `PUBLISH` requests. Receiving a stale `PUBREL` causes a warning level log. Note, the message is delivered to subscribers before entering the wait for PUBREL.",
"name": "await_rel_timeout",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections.",
"name": "session_expiry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"desc": "Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full.",
"name": "max_mqueue_len",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "non_neg_integer()"
},
{
"kind": "singleton",
"name": "infinity"
}
]
}
},
{
"aliases": [],
"desc": "Topic priorities. Priority number [1-255]\nThere's no priority table by default, hence all messages are treated equal.\n\n**NOTE**: Comma and equal signs are not allowed for priority topic names.\n**NOTE**: Messages for topics not in the priority table are treated as either highest or lowest priority depending on the configured value for <code>mqtt.mqueue_default_priority</code>.\n\n**Examples**:\nTo configure <code>\"topic/1\" > \"topic/2\"</code>:\n<code>mqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}</code>",
"name": "mqueue_priorities",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "map()"
},
{
"kind": "singleton",
"name": "disabled"
}
]
}
},
{
"aliases": [],
"desc": "Default topic priority, which will be used by topics not in <code>Topic Priorities</code> (<code>mqueue_priorities</code>).",
"name": "mqueue_default_priority",
"type": {
"kind": "enum",
"symbols": [
"highest",
"lowest"
]
}
},
{
"aliases": [],
"desc": "Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains.",
"name": "mqueue_store_qos0",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Whether to user Client ID as Username.\nThis setting takes effect later than <code>Use Peer Certificate as Username</code> (<code>peer_cert_as_username</code>) and <code>Use peer certificate as Client ID</code> (<code>peer_cert_as_clientid</code>).",
"name": "use_username_as_clientid",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Use the CN, DN field in the peer certificate or the entire certificate content as Username. Only works for the TLS connection.\nSupported configurations are the following:\n- <code>cn</code>: Take the CN field of the certificate as Username\n- <code>dn</code>: Take the DN field of the certificate as Username\n- <code>crt</code>: Take the content of the <code>DER</code> or <code>PEM</code> certificate as Username\n- <code>pem</code>: Convert <code>DER</code> certificate content to <code>PEM</code> format as Username\n- <code>md5</code>: Take the MD5 value of the content of the <code>DER</code> or <code>PEM</code> certificate as Username",
"name": "peer_cert_as_username",
"type": {
"kind": "enum",
"symbols": [
"disabled",
"cn",
"dn",
"crt",
"pem",
"md5"
]
}
},
{
"aliases": [],
"desc": "Use the CN, DN field in the peer certificate or the entire certificate content as Client ID. Only works for the TLS connection.\nSupported configurations are the following:\n- <code>cn</code>: Take the CN field of the certificate as Client ID\n- <code>dn</code>: Take the DN field of the certificate as Client ID\n- <code>crt</code>: Take the content of the <code>DER</code> or <code>PEM</code> certificate as Client ID\n- <code>pem</code>: Convert <code>DER</code> certificate content to <code>PEM</code> format as Client ID\n- <code>md5</code>: Take the MD5 value of the content of the <code>DER</code> or <code>PEM</code> certificate as Client ID",
"name": "peer_cert_as_clientid",
"type": {
"kind": "enum",
"symbols": [
"disabled",
"cn",
"dn",
"crt",
"pem",
"md5"
]
}
}
],
"full_name": "zone:mqtt",
"paths": [
"zones.$name.mqtt"
],
"tags": []
},
{
"desc": "Overload protection mechanism monitors the load of the system and temporarily\ndisables some features (such as accepting new connections) when the load is high.",
"fields": [
{
"aliases": [],
"desc": "React on system overload or not.",
"name": "enable",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The maximum duration of delay for background task execution during high load conditions.",
"name": "backoff_delay",
"type": {
"kind": "primitive",
"name": "0..inf"
}
},
{
"aliases": [],
"desc": "When at high load, skip forceful GC.",
"name": "backoff_gc",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "When at high load, skip process hibernation.",
"name": "backoff_hibernation",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "When at high load, close new incoming connections.",
"name": "backoff_new_conn",
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "zone:overload_protection",
"paths": [
"zones.$name.overload_protection"
],
"tags": []
},
{
"desc": "Enable/disable statistic data collection.\nStatistic data such as message receive/send count/rate etc. It provides insights of system performance and helps to diagnose issues. You can find statistic data from the dashboard, or from the '/stats' API.",
"fields": [
{
"aliases": [],
"desc": "Enable/disable statistic data collection.",
"name": "enable",
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "zone:stats",
"paths": [
"zones.$name.stats"
],
"tags": []
},
{
"desc": "Configuration of authenticator using built-in database as data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "built_in_database"
}
},
{
"aliases": [],
"default": {
"hocon": "\"username\"",
"oneliner": true
},
"desc": "Specify whether to use `clientid` or `username` for authentication.",
"name": "user_id_type",
"raw_default": "username",
"type": {
"kind": "enum",
"symbols": [
"clientid",
"username"
]
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash creation and verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt_rw"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "authn-builtin_db:authentication",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Settings for bcrypt password hashing algorithm.",
"fields": [
{
"aliases": [],
"desc": "BCRYPT password hashing.",
"name": "name",
"type": {
"kind": "singleton",
"name": "bcrypt"
}
}
],
"full_name": "authn-hash:bcrypt",
"paths": [
"authentication.$INDEX.password_hash_algorithm",
"gateway.coap.authentication.password_hash_algorithm",
"gateway.coap.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.coap.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.exproto.authentication.password_hash_algorithm",
"gateway.exproto.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.tcp.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.stomp.authentication.password_hash_algorithm",
"gateway.stomp.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.stomp.listeners.tcp.$name.authentication.password_hash_algorithm",
"listeners.ssl.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.tcp.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.ws.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.wss.$name.authentication.$INDEX.password_hash_algorithm"
],
"tags": []
},
{
"desc": "Settings for bcrypt password hashing algorithm (for DB backends with write capability).",
"fields": [
{
"aliases": [],
"desc": "BCRYPT password hashing.",
"name": "name",
"type": {
"kind": "singleton",
"name": "bcrypt"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "Salt rounds for BCRYPT password generation.",
"examples": [
10
],
"name": "salt_rounds",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "integer()"
}
}
],
"full_name": "authn-hash:bcrypt_rw",
"paths": [
"authentication.$INDEX.password_hash_algorithm",
"gateway.coap.authentication.password_hash_algorithm",
"gateway.coap.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.coap.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.exproto.authentication.password_hash_algorithm",
"gateway.exproto.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.tcp.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.stomp.authentication.password_hash_algorithm",
"gateway.stomp.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.stomp.listeners.tcp.$name.authentication.password_hash_algorithm",
"listeners.ssl.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.tcp.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.ws.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.wss.$name.authentication.$INDEX.password_hash_algorithm"
],
"tags": []
},
{
"desc": "Settings for PBKDF2 password hashing algorithm.",
"fields": [
{
"aliases": [],
"desc": "PBKDF2 password hashing.",
"name": "name",
"type": {
"kind": "singleton",
"name": "pbkdf2"
}
},
{
"aliases": [],
"desc": "Specifies mac_fun for PBKDF2 hashing algorithm.",
"name": "mac_fun",
"type": {
"kind": "enum",
"symbols": [
"md4",
"md5",
"ripemd160",
"sha",
"sha224",
"sha256",
"sha384",
"sha512"
]
}
},
{
"aliases": [],
"desc": "Iteration count for PBKDF2 hashing algorithm.",
"name": "iterations",
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Derived length for PBKDF2 hashing algorithm. If not specified, calculated automatically based on `mac_fun`.",
"name": "dk_length",
"type": {
"kind": "primitive",
"name": "integer()"
}
}
],
"full_name": "authn-hash:pbkdf2",
"paths": [
"authentication.$INDEX.password_hash_algorithm",
"gateway.coap.authentication.password_hash_algorithm",
"gateway.coap.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.coap.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.exproto.authentication.password_hash_algorithm",
"gateway.exproto.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.tcp.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.stomp.authentication.password_hash_algorithm",
"gateway.stomp.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.stomp.listeners.tcp.$name.authentication.password_hash_algorithm",
"listeners.ssl.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.tcp.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.ws.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.wss.$name.authentication.$INDEX.password_hash_algorithm"
],
"tags": []
},
{
"desc": "Settings for simple algorithms.",
"fields": [
{
"aliases": [],
"desc": "Simple password hashing algorithm.",
"name": "name",
"type": {
"kind": "enum",
"symbols": [
"plain",
"md5",
"sha",
"sha256",
"sha512"
]
}
},
{
"aliases": [],
"default": {
"hocon": "prefix",
"oneliner": true
},
"desc": "Salt position for PLAIN, MD5, SHA, SHA256 and SHA512 algorithms.",
"name": "salt_position",
"raw_default": "prefix",
"type": {
"kind": "enum",
"symbols": [
"disable",
"prefix",
"suffix"
]
}
}
],
"full_name": "authn-hash:simple",
"paths": [
"authentication.$INDEX.password_hash_algorithm",
"gateway.coap.authentication.password_hash_algorithm",
"gateway.coap.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.coap.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.exproto.authentication.password_hash_algorithm",
"gateway.exproto.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.tcp.$name.authentication.password_hash_algorithm",
"gateway.exproto.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.lwm2m.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.dtls.$name.authentication.password_hash_algorithm",
"gateway.mqttsn.listeners.udp.$name.authentication.password_hash_algorithm",
"gateway.stomp.authentication.password_hash_algorithm",
"gateway.stomp.listeners.ssl.$name.authentication.password_hash_algorithm",
"gateway.stomp.listeners.tcp.$name.authentication.password_hash_algorithm",
"listeners.ssl.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.tcp.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.ws.$name.authentication.$INDEX.password_hash_algorithm",
"listeners.wss.$name.authentication.$INDEX.password_hash_algorithm"
],
"tags": []
},
{
"desc": "Configuration of authenticator using HTTP Server as authentication service (Using GET request).",
"fields": [
{
"aliases": [],
"desc": "HTTP request method.",
"name": "method",
"type": {
"kind": "singleton",
"name": "get"
}
},
{
"aliases": [],
"default": {
"hocon": "{\n accept = \"application/json\"\n \"cache-control\" = \"no-cache\"\n connection = \"keep-alive\"\n \"keep-alive\" = \"timeout=30, max=1000\"\n}\n",
"oneliner": false
},
"desc": "List of HTTP headers (without <code>content-type</code>).",
"name": "headers",
"raw_default": {
"accept": "application/json",
"cache-control": "no-cache",
"connection": "keep-alive",
"keep-alive": "timeout=30, max=1000"
},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "http"
}
},
{
"aliases": [],
"desc": "URL of the HTTP server.",
"name": "url",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "HTTP request body.",
"name": "body",
"type": {
"kind": "primitive",
"name": "#{term() => binary()}"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "HTTP request timeout.",
"name": "request_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "The timeout when connecting to the HTTP server.",
"name": "connect_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
"name": "enable_pipelining",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "max_retries",
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "The pool size.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Configure HTTP request parameters.",
"name": "request",
"type": {
"kind": "struct",
"name": "connector-http:request"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "retry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-http:get",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using HTTP Server as authentication service (Using POST request).",
"fields": [
{
"aliases": [],
"desc": "HTTP request method.",
"name": "method",
"type": {
"kind": "singleton",
"name": "post"
}
},
{
"aliases": [],
"default": {
"hocon": "{\n accept = \"application/json\"\n \"cache-control\" = \"no-cache\"\n connection = \"keep-alive\"\n \"content-type\" = \"application/json\"\n \"keep-alive\" = \"timeout=30, max=1000\"\n}\n",
"oneliner": false
},
"desc": "List of HTTP Headers.",
"name": "headers",
"raw_default": {
"accept": "application/json",
"cache-control": "no-cache",
"connection": "keep-alive",
"content-type": "application/json",
"keep-alive": "timeout=30, max=1000"
},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "http"
}
},
{
"aliases": [],
"desc": "URL of the HTTP server.",
"name": "url",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "HTTP request body.",
"name": "body",
"type": {
"kind": "primitive",
"name": "#{term() => binary()}"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "HTTP request timeout.",
"name": "request_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "The timeout when connecting to the HTTP server.",
"name": "connect_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
"name": "enable_pipelining",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "max_retries",
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "The pool size.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Configure HTTP request parameters.",
"name": "request",
"type": {
"kind": "struct",
"name": "connector-http:request"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "retry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-http:post",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration when the JWT for authentication is issued using the HMAC algorithm.",
"fields": [
{
"aliases": [],
"desc": "Whether to use JWKS.",
"name": "use_jwks",
"type": {
"kind": "enum",
"symbols": [
"false"
]
}
},
{
"aliases": [],
"desc": "JWT signing algorithm, Supports HMAC (configured as <code>hmac-based</code>) and RSA, ECDSA (configured as <code>public-key</code>).",
"name": "algorithm",
"type": {
"kind": "enum",
"symbols": [
"hmac-based"
]
}
},
{
"aliases": [],
"desc": "The key to verify the JWT using HMAC algorithm.",
"name": "secret",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether secret is base64 encoded.",
"name": "secret_base64_encoded",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "jwt"
}
},
{
"aliases": [],
"default": {
"hocon": "\"acl\"",
"oneliner": true
},
"desc": "JWT claim name to use for getting ACL rules.",
"name": "acl_claim_name",
"raw_default": "acl",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "A list of custom claims to validate, which is a list of name/value pairs.\nValues can use the following placeholders:\n- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting\n- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in <code>verify_claims</code>.",
"name": "verify_claims",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "[term()]"
}
},
{
"aliases": [],
"default": {
"hocon": "password",
"oneliner": true
},
"desc": "Field to take JWT from.",
"name": "from",
"raw_default": "password",
"type": {
"kind": "enum",
"symbols": [
"username",
"password"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "authn-jwt:hmac-based",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint.",
"fields": [
{
"aliases": [],
"desc": "Whether to use JWKS.",
"name": "use_jwks",
"type": {
"kind": "enum",
"symbols": [
"true"
]
}
},
{
"aliases": [],
"desc": "JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format.",
"name": "endpoint",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "300",
"oneliner": true
},
"desc": "JWKS refresh interval.",
"name": "refresh_interval",
"raw_default": 300,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL options.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "jwt"
}
},
{
"aliases": [],
"default": {
"hocon": "\"acl\"",
"oneliner": true
},
"desc": "JWT claim name to use for getting ACL rules.",
"name": "acl_claim_name",
"raw_default": "acl",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "A list of custom claims to validate, which is a list of name/value pairs.\nValues can use the following placeholders:\n- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting\n- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in <code>verify_claims</code>.",
"name": "verify_claims",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "[term()]"
}
},
{
"aliases": [],
"default": {
"hocon": "password",
"oneliner": true
},
"desc": "Field to take JWT from.",
"name": "from",
"raw_default": "password",
"type": {
"kind": "enum",
"symbols": [
"username",
"password"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "authn-jwt:jwks",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm.",
"fields": [
{
"aliases": [],
"desc": "Whether to use JWKS.",
"name": "use_jwks",
"type": {
"kind": "enum",
"symbols": [
"false"
]
}
},
{
"aliases": [],
"desc": "JWT signing algorithm, Supports HMAC (configured as <code>hmac-based</code>) and RSA, ECDSA (configured as <code>public-key</code>).",
"name": "algorithm",
"type": {
"kind": "enum",
"symbols": [
"public-key"
]
}
},
{
"aliases": [],
"desc": "The public key used to verify the JWT.",
"name": "public_key",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "jwt"
}
},
{
"aliases": [],
"default": {
"hocon": "\"acl\"",
"oneliner": true
},
"desc": "JWT claim name to use for getting ACL rules.",
"name": "acl_claim_name",
"raw_default": "acl",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "A list of custom claims to validate, which is a list of name/value pairs.\nValues can use the following placeholders:\n- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting\n- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in <code>verify_claims</code>.",
"name": "verify_claims",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "[term()]"
}
},
{
"aliases": [],
"default": {
"hocon": "password",
"oneliner": true
},
"desc": "Field to take JWT from.",
"name": "from",
"raw_default": "password",
"type": {
"kind": "enum",
"symbols": [
"username",
"password"
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "authn-jwt:public-key",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using MongoDB (Replica Set) as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "mongodb"
}
},
{
"aliases": [],
"desc": "Collection used to store authentication data.",
"name": "collection",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting\n- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting",
"name": "filter",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"password_hash\"",
"oneliner": true
},
"desc": "Document field that contains password hash.",
"name": "password_hash_field",
"raw_default": "password_hash",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"salt\"",
"oneliner": true
},
"desc": "Document field that contains the password salt.",
"name": "salt_field",
"raw_default": "salt",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"is_superuser\"",
"oneliner": true
},
"desc": "Document field that defines if the user has superuser privileges.",
"name": "is_superuser_field",
"raw_default": "is_superuser",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "rs",
"oneliner": true
},
"desc": "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.",
"name": "mongo_type",
"raw_default": "rs",
"type": {
"kind": "singleton",
"name": "rs"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unsafe",
"oneliner": true
},
"desc": "Write mode.",
"name": "w_mode",
"raw_default": "unsafe",
"type": {
"kind": "enum",
"symbols": [
"unsafe",
"safe"
]
}
},
{
"aliases": [],
"default": {
"hocon": "master",
"oneliner": true
},
"desc": "Read mode.",
"name": "r_mode",
"raw_default": "master",
"type": {
"kind": "enum",
"symbols": [
"master",
"slave_ok"
]
}
},
{
"aliases": [],
"desc": "Name of the replica set.",
"name": "replica_set_name",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use DNS SRV record.",
"name": "srv_record",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name associated with the user's credentials.",
"name": "auth_source",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"name": "topology",
"type": {
"kind": "struct",
"name": "topology"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-mongodb:replica-set",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "mongodb"
}
},
{
"aliases": [],
"desc": "Collection used to store authentication data.",
"name": "collection",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting\n- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting",
"name": "filter",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"password_hash\"",
"oneliner": true
},
"desc": "Document field that contains password hash.",
"name": "password_hash_field",
"raw_default": "password_hash",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"salt\"",
"oneliner": true
},
"desc": "Document field that contains the password salt.",
"name": "salt_field",
"raw_default": "salt",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"is_superuser\"",
"oneliner": true
},
"desc": "Document field that defines if the user has superuser privileges.",
"name": "is_superuser_field",
"raw_default": "is_superuser",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "sharded",
"oneliner": true
},
"desc": "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.",
"name": "mongo_type",
"raw_default": "sharded",
"type": {
"kind": "singleton",
"name": "sharded"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unsafe",
"oneliner": true
},
"desc": "Write mode.",
"name": "w_mode",
"raw_default": "unsafe",
"type": {
"kind": "enum",
"symbols": [
"unsafe",
"safe"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use DNS SRV record.",
"name": "srv_record",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name associated with the user's credentials.",
"name": "auth_source",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"name": "topology",
"type": {
"kind": "struct",
"name": "topology"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-mongodb:sharded-cluster",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using MongoDB (Standalone) as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "mongodb"
}
},
{
"aliases": [],
"desc": "Collection used to store authentication data.",
"name": "collection",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- <code>${username}</code>: Will be replaced at runtime with <code>Username</code> used by the client when connecting\n- <code>${clientid}</code>: Will be replaced at runtime with <code>Client ID</code> used by the client when connecting",
"name": "filter",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"password_hash\"",
"oneliner": true
},
"desc": "Document field that contains password hash.",
"name": "password_hash_field",
"raw_default": "password_hash",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"salt\"",
"oneliner": true
},
"desc": "Document field that contains the password salt.",
"name": "salt_field",
"raw_default": "salt",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"is_superuser\"",
"oneliner": true
},
"desc": "Document field that defines if the user has superuser privileges.",
"name": "is_superuser_field",
"raw_default": "is_superuser",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "single",
"oneliner": true
},
"desc": "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.",
"name": "mongo_type",
"raw_default": "single",
"type": {
"kind": "singleton",
"name": "single"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "unsafe",
"oneliner": true
},
"desc": "Write mode.",
"name": "w_mode",
"raw_default": "unsafe",
"type": {
"kind": "enum",
"symbols": [
"unsafe",
"safe"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Use DNS SRV record.",
"name": "srv_record",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name associated with the user's credentials.",
"name": "auth_source",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"name": "topology",
"type": {
"kind": "struct",
"name": "topology"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-mongodb:standalone",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using MySQL as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "mysql"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"desc": "SQL used to query data for authentication, such as password hash.",
"name": "query",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Timeout for the SQL query.",
"name": "query_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe MySQL default port 3306 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"root\"",
"oneliner": true
},
"desc": "EMQX's username in the external database.",
"name": "username",
"raw_default": "root",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-mysql:authentication",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using PostgreSQL as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "postgresql"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"desc": "SQL used to query data for authentication, such as password hash.",
"name": "query",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Database name.",
"name": "database",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's username in the external database.",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-postgresql:authentication",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "PSK stands for 'Pre-Shared Keys'.\nThis config to enable TLS-PSK authentication.\n\nImportant! Make sure the SSL listener with only <code>tlsv1.2</code> enabled, and also PSK cipher suites\nconfigured, such as <code>RSA-PSK-AES256-GCM-SHA384</code>.\n\nSee listener SSL options config for more details.\n\nThe IDs and secrets can be provided from a file which is configurable by the <code>init_file</code> field.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Whether to enable TLS PSK support",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime.\nThe file has to be structured line-by-line, each line must be in the format of <code>PSKIdentity:SharedSecret</code>.\nFor example: <code>mydevice1:c2VjcmV0</code>",
"name": "init_file",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\":\"",
"oneliner": true
},
"desc": "The separator between <code>PSKIdentity</code> and <code>SharedSecret</code> in the PSK file",
"name": "separator",
"raw_default": ":",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "50",
"oneliner": true
},
"desc": "The size of each chunk used to import to the built-in database from PSK file",
"name": "chunk_size",
"raw_default": 50,
"type": {
"kind": "primitive",
"name": "integer()"
}
}
],
"full_name": "authn-psk:psk_authentication",
"paths": [
"psk_authentication"
],
"tags": []
},
{
"desc": "Configuration of authenticator using Redis (Cluster) as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "redis"
}
},
{
"aliases": [],
"desc": "The Redis Command used to query data for authentication such as password hash, currently only supports <code>HGET</code> and <code>HMGET</code>.",
"name": "cmd",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "cluster",
"oneliner": true
},
"desc": "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.",
"name": "redis_type",
"raw_default": "cluster",
"type": {
"kind": "singleton",
"name": "cluster"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-redis:cluster",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using Redis (Sentinel) as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "redis"
}
},
{
"aliases": [],
"desc": "The Redis Command used to query data for authentication such as password hash, currently only supports <code>HGET</code> and <code>HMGET</code>.",
"name": "cmd",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
"name": "servers",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "sentinel",
"oneliner": true
},
"desc": "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.",
"name": "redis_type",
"raw_default": "sentinel",
"type": {
"kind": "singleton",
"name": "sentinel"
}
},
{
"aliases": [],
"desc": "The cluster name in Redis sentinel mode.",
"name": "sentinel",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Redis database ID.",
"name": "database",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-redis:sentinel",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Configuration of authenticator using Redis (Standalone) as authentication data source.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "password_based"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "redis"
}
},
{
"aliases": [],
"desc": "The Redis Command used to query data for authentication such as password hash, currently only supports <code>HGET</code> and <code>HMGET</code>.",
"name": "cmd",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "{name = sha256, salt_position = prefix}",
"oneliner": true
},
"desc": "Options for password hash verification.",
"name": "password_hash_algorithm",
"raw_default": {
"name": "sha256",
"salt_position": "prefix"
},
"type": {
"kind": "union",
"members": [
{
"kind": "struct",
"name": "authn-hash:bcrypt"
},
{
"kind": "struct",
"name": "authn-hash:pbkdf2"
},
{
"kind": "struct",
"name": "authn-hash:simple"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The IPv4 or IPv6 address or the hostname to connect to.<br/>\nA host entry has the following form: `Host[:Port]`.<br/>\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "single",
"oneliner": true
},
"desc": "Single mode. Must be set to 'single' when Redis server is running in single mode.",
"name": "redis_type",
"raw_default": "single",
"type": {
"kind": "singleton",
"name": "single"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "Size of the connection pool towards the bridge target service.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "EMQX's password in the external database.",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Redis database ID.",
"name": "database",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.15.",
"name": "auto_reconnect",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
}
],
"full_name": "authn-redis:standalone",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication.",
"fields": [
{
"aliases": [],
"desc": "Authentication mechanism.",
"name": "mechanism",
"type": {
"kind": "singleton",
"name": "scram"
}
},
{
"aliases": [],
"desc": "Backend type.",
"name": "backend",
"type": {
"kind": "singleton",
"name": "built_in_database"
}
},
{
"aliases": [],
"default": {
"hocon": "sha256",
"oneliner": true
},
"desc": "Hashing algorithm.",
"name": "algorithm",
"raw_default": "sha256",
"type": {
"kind": "enum",
"symbols": [
"sha256",
"sha512"
]
}
},
{
"aliases": [],
"default": {
"hocon": "4096",
"oneliner": true
},
"desc": "Iteration count.",
"name": "iteration_count",
"raw_default": 4096,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Set to <code>true</code> or <code>false</code> to disable this auth provider.",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "authn-scram-builtin_db:authentication",
"paths": [
"authentication.$INDEX",
"gateway.coap.authentication",
"gateway.coap.listeners.dtls.$name.authentication",
"gateway.coap.listeners.udp.$name.authentication",
"gateway.exproto.authentication",
"gateway.exproto.listeners.dtls.$name.authentication",
"gateway.exproto.listeners.ssl.$name.authentication",
"gateway.exproto.listeners.tcp.$name.authentication",
"gateway.exproto.listeners.udp.$name.authentication",
"gateway.lwm2m.authentication",
"gateway.lwm2m.listeners.dtls.$name.authentication",
"gateway.lwm2m.listeners.udp.$name.authentication",
"gateway.mqttsn.authentication",
"gateway.mqttsn.listeners.dtls.$name.authentication",
"gateway.mqttsn.listeners.udp.$name.authentication",
"gateway.stomp.authentication",
"gateway.stomp.listeners.ssl.$name.authentication",
"gateway.stomp.listeners.tcp.$name.authentication",
"listeners.ssl.$name.authentication.$INDEX",
"listeners.tcp.$name.authentication.$INDEX",
"listeners.ws.$name.authentication.$INDEX",
"listeners.wss.$name.authentication.$INDEX"
],
"tags": [
"Authentication"
]
},
{
"desc": "After the device logs in successfully, the subscription is automatically completed for the device through the pre-defined subscription representation. Supports the use of placeholders.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "After the device logs in successfully, the subscription is automatically completed for the device through the pre-defined subscription representation. Supports the use of placeholders.",
"name": "topics",
"raw_default": [],
"type": {
"elements": {
"kind": "struct",
"name": "auto_subscribe:topic"
},
"kind": "array"
}
}
],
"full_name": "auto_subscribe",
"paths": [
"auto_subscribe"
],
"tags": []
},
{
"desc": "Topic name, placeholders are supported. For example: client/${clientid}/username/${username}/host/${host}/port/${port}\nRequired field, and cannot be empty string",
"fields": [
{
"aliases": [],
"desc": "Topic name, placeholders are supported. For example: client/${clientid}/username/${username}/host/${host}/port/${port}\nRequired field, and cannot be empty string",
"examples": [
"/clientid/${clientid}/username/${username}/host/${host}/port/${port}"
],
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Default value 0. Quality of service.\nAt most once (0)\nAt least once (1)\nExactly once (2)",
"name": "qos",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "qos()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Default value 0. This option is used to specify whether the server forwards the retained message to the client when establishing a subscription.\nRetain Handling is equal to 0, as long as the client successfully subscribes, the server will send the retained message.\nRetain Handling is equal to 1, if the client successfully subscribes and this subscription does not exist previously, the server sends the retained message. After all, sometimes the client re-initiate the subscription just to change the QoS, but it does not mean that it wants to receive the reserved messages again.\nRetain Handling is equal to 2, even if the client successfully subscribes, the server does not send the retained message.",
"name": "rh",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "0..2"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Default value 0. This option is used to specify whether the server retains the RETAIN mark when forwarding messages to the client, and this option does not affect the RETAIN mark in the retained message. Therefore, when the option Retain As Publish is set to 0, the client will directly distinguish whether this is a normal forwarded message or a retained message according to the RETAIN mark in the message, instead of judging whether this message is the first received after subscribing(the forwarded message may be sent before the retained message, which depends on the specific implementation of different brokers).",
"name": "rap",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "0..1"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Default value 0.\nMQTT v3.1.1: if you subscribe to the topic published by yourself, you will receive all messages that you published.\nMQTT v5: if you set this option as 1 when subscribing, the server will not forward the message you published to you.",
"name": "nl",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "0..1"
}
}
],
"full_name": "auto_subscribe:topic",
"paths": [
"auto_subscribe.topics.$INDEX"
],
"tags": []
},
{
"desc": "Configuration for MQTT bridges.",
"fields": [
{
"aliases": [],
"desc": "WebHook to an HTTP server.",
"name": "webhook",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "bridge_webhook:config"
}
}
},
{
"aliases": [],
"desc": "MQTT bridges to/from another MQTT broker",
"name": "mqtt",
"type": {
"kind": "map",
"name": "name",
"values": {
"kind": "struct",
"name": "bridge_mqtt:config"
}
}
}
],
"full_name": "bridge:bridges",
"paths": [
"bridges"
],
"tags": [
"Bridge"
]
},
{
"desc": "The config for MQTT Bridges.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable or disable this bridge",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Resource options.",
"name": "resource_opts",
"raw_default": {},
"type": {
"kind": "struct",
"name": "bridge_mqtt:creation_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "cluster_shareload",
"oneliner": true
},
"desc": "The mode of the MQTT Bridge.<br/>\n- cluster_shareload: create an MQTT connection on each node in the emqx cluster.<br/>\nIn 'cluster_shareload' mode, the incoming load from the remote broker is shared by\nusing shared subscription.<br/>\nNote that the 'clientid' is suffixed by the node name, this is to avoid\nclientid conflicts between different nodes. And we can only use shared subscription\ntopic filters for <code>remote.topic</code> of ingress connections.",
"name": "mode",
"raw_default": "cluster_shareload",
"type": {
"kind": "enum",
"symbols": [
"cluster_shareload"
]
}
},
{
"aliases": [],
"desc": "The host and port of the remote MQTT broker",
"name": "server",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Optional prefix to prepend to the clientid used by egress bridges.",
"name": "clientid_prefix",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.16.",
"name": "reconnect_interval",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "v4",
"oneliner": true
},
"desc": "The MQTT protocol version",
"name": "proto_ver",
"raw_default": "v4",
"type": {
"kind": "enum",
"symbols": [
"v3",
"v4",
"v5"
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "If enable bridge mode.\nNOTE: This setting is only for MQTT protocol version older than 5.0, and the remote MQTT\nbroker MUST support this feature.\nIf bridge_mode is set to true, the bridge will indicate to the remote broker that it is a bridge not an ordinary client.\nThis means that loop detection will be more effective and that retained messages will be propagated correctly.",
"name": "bridge_mode",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "The username of the MQTT protocol",
"name": "username",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "The password of the MQTT protocol",
"name": "password",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Whether to start a clean session when reconnecting a remote broker for ingress bridge",
"name": "clean_start",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"300s\"",
"oneliner": true
},
"desc": "MQTT Keepalive. Time interval is a string that contains a number followed by time unit:<br/>- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n<br/>or combination of whereof: `1h5m0s`",
"name": "keepalive",
"raw_default": "300s",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Message retry interval. Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received. Time interval is a string that contains a number followed by time unit:<br/>- `ms` for milliseconds,\n- `s` for seconds,\n- `m` for minutes,\n- `h` for hours;\n<br/>or combination of whereof: `1h5m0s`",
"name": "retry_interval",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "32",
"oneliner": true
},
"desc": "Max inflight (sent, but un-acked) messages of the MQTT protocol",
"name": "max_inflight",
"raw_default": 32,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "The ingress config defines how this bridge receive messages from the remote MQTT broker, and then\n send them to the local broker.<br/>\n Template with variables is allowed in 'remote.qos', 'local.topic', 'local.qos', 'local.retain', 'local.payload'.<br/>\n NOTE: if this bridge is used as the input of a rule, and also 'local.topic' is\n configured, then messages got from the remote broker will be sent to both the 'local.topic' and\n the rule.",
"name": "ingress",
"type": {
"kind": "struct",
"name": "connector-mqtt:ingress"
}
},
{
"aliases": [],
"desc": "The egress config defines how this bridge forwards messages from the local broker to the remote broker.<br/>\nTemplate with variables is allowed in 'remote.topic', 'local.qos', 'local.retain', 'local.payload'.<br/>\nNOTE: if this bridge is used as the action of a rule, and also 'local.topic'\nis configured, then both the data got from the rule and the MQTT messages that matches\n'local.topic' will be forwarded.",
"name": "egress",
"type": {
"kind": "struct",
"name": "connector-mqtt:egress"
}
}
],
"full_name": "bridge_mqtt:config",
"paths": [
"bridges.mqtt.$name"
],
"tags": []
},
{
"desc": "Creation options.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
"name": "worker_pool_size",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Health check interval.",
"name": "health_check_interval",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"true\"",
"oneliner": true
},
"desc": "Whether start the resource right after created.",
"name": "start_after_created",
"raw_default": "true",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.",
"name": "start_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60s\"",
"oneliner": true
},
"desc": "The auto restart interval after the resource is disconnected.",
"name": "auto_restart_interval",
"raw_default": "60s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "async",
"oneliner": true
},
"desc": "Query mode. Optional 'sync/async', default 'async'.",
"name": "query_mode",
"raw_default": "async",
"type": {
"kind": "enum",
"symbols": [
"sync",
"async"
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
"name": "request_timeout",
"raw_default": "15s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
]
}
},
{
"aliases": [
"async_inflight_window"
],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
"name": "inflight_window",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.14.",
"name": "enable_queue",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"100MB\"",
"oneliner": true
},
"desc": "Maximum number of bytes to buffer for each buffer worker.",
"name": "max_queue_bytes",
"raw_default": "100MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
}
],
"full_name": "bridge_mqtt:creation_opts",
"paths": [
"bridges.mqtt.$name.resource_opts"
],
"tags": []
},
{
"desc": "Configuration for an HTTP bridge.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable or disable this bridge",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Resource options.",
"name": "resource_opts",
"raw_default": {},
"type": {
"kind": "struct",
"name": "bridge_webhook:creation_opts"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "The timeout when connecting to the HTTP server.",
"name": "connect_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.4.",
"name": "retry_interval",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
},
{
"aliases": [],
"default": {
"hocon": "random",
"oneliner": true
},
"desc": "The type of the pool. Can be one of `random`, `hash`.",
"name": "pool_type",
"raw_default": "random",
"type": {
"kind": "primitive",
"name": "emqx_connector_http:pool_type()"
}
},
{
"aliases": [],
"default": {
"hocon": "8",
"oneliner": true
},
"desc": "The pool size.",
"name": "pool_size",
"raw_default": 8,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
"name": "enable_pipelining",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Configure HTTP request parameters.",
"name": "request",
"type": {
"kind": "struct",
"name": "connector-http:request"
}
},
{
"aliases": [],
"default": {
"hocon": "{enable = false}",
"oneliner": true
},
"desc": "SSL connection settings.",
"name": "ssl",
"raw_default": {
"enable": false
},
"type": {
"kind": "struct",
"name": "broker:ssl_client_opts"
}
},
{
"aliases": [],
"desc": "The URL of the HTTP Bridge.<br/>\nTemplate with variables is allowed in the path, but variables cannot be used in the scheme, host,\nor port part.<br/>\nFor example, <code> http://localhost:9901/${topic} </code> is allowed, but\n<code> http://${host}:9901/message </code> or <code> http://localhost:${port}/message </code>\nis not allowed.",
"name": "url",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "Deprecated since 5.0.12.",
"name": "direction",
"type": {
"kind": "singleton",
"name": "egress"
}
},
{
"aliases": [],
"desc": "The MQTT topic filter to be forwarded to the HTTP server. All MQTT 'PUBLISH' messages with the topic\nmatching the local_topic will be forwarded.<br/>\nNOTE: if this bridge is used as the action of a rule (EMQX rule engine), and also local_topic is\nconfigured, then both the data got from the rule and the MQTT messages that match local_topic\nwill be forwarded.",
"name": "local_topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "post",
"oneliner": true
},
"desc": "The method of the HTTP request. All the available methods are: post, put, get, delete.<br/>\nTemplate with variables is allowed.",
"name": "method",
"raw_default": "post",
"type": {
"kind": "enum",
"symbols": [
"post",
"put",
"get",
"delete"
]
}
},
{
"aliases": [],
"default": {
"hocon": "{\n accept = \"application/json\"\n \"cache-control\" = \"no-cache\"\n connection = \"keep-alive\"\n \"content-type\" = \"application/json\"\n \"keep-alive\" = \"timeout=5\"\n}\n",
"oneliner": false
},
"desc": "The headers of the HTTP request.<br/>\nTemplate with variables is allowed.",
"name": "headers",
"raw_default": {
"accept": "application/json",
"cache-control": "no-cache",
"connection": "keep-alive",
"content-type": "application/json",
"keep-alive": "timeout=5"
},
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"desc": "The body of the HTTP request.<br/>\nIf not provided, the body will be a JSON object of all the available fields.<br/>\nThere, 'all the available fields' means the context of a MQTT message when\nthis webhook is triggered by receiving a MQTT message (the `local_topic` is set),\nor the context of the event when this webhook is triggered by a rule (i.e. this\nwebhook is used as an action of a rule).<br/>\nTemplate with variables is allowed.",
"name": "body",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "2",
"oneliner": true
},
"desc": "HTTP request max retry times if failed.",
"name": "max_retries",
"raw_default": 2,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "HTTP request timeout.",
"name": "request_timeout",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
}
],
"full_name": "bridge_webhook:config",
"paths": [
"bridges.webhook.$name"
],
"tags": []
},
{
"desc": "Creation options.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "16",
"oneliner": true
},
"desc": "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
"name": "worker_pool_size",
"raw_default": 16,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Health check interval.",
"name": "health_check_interval",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"true\"",
"oneliner": true
},
"desc": "Whether start the resource right after created.",
"name": "start_after_created",
"raw_default": "true",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.",
"name": "start_timeout",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"60s\"",
"oneliner": true
},
"desc": "The auto restart interval after the resource is disconnected.",
"name": "auto_restart_interval",
"raw_default": "60s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "async",
"oneliner": true
},
"desc": "Query mode. Optional 'sync/async', default 'async'.",
"name": "query_mode",
"raw_default": "async",
"type": {
"kind": "enum",
"symbols": [
"sync",
"async"
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
"name": "request_timeout",
"raw_default": "15s",
"type": {
"kind": "union",
"members": [
{
"kind": "singleton",
"name": "infinity"
},
{
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
]
}
},
{
"aliases": [
"async_inflight_window"
],
"default": {
"hocon": "100",
"oneliner": true
},
"desc": "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
"name": "inflight_window",
"raw_default": 100,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"desc": "Deprecated since v5.0.14.",
"name": "enable_queue",
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"100MB\"",
"oneliner": true
},
"desc": "Maximum number of bytes to buffer for each buffer worker.",
"name": "max_queue_bytes",
"raw_default": "100MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
}
],
"full_name": "bridge_webhook:creation_opts",
"paths": [
"bridges.webhook.$name.resource_opts"
],
"tags": []
},
{
"desc": "",
"fields": [
{
"aliases": [],
"desc": "HTTP method.",
"name": "method",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "URL path.",
"name": "path",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "HTTP request body.",
"name": "body",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"desc": "List of HTTP headers.",
"name": "headers",
"type": {
"kind": "primitive",
"name": "map()"
}
},
{
"aliases": [],
"desc": "Max retry times if error on sending request.",
"name": "max_retries",
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"desc": "HTTP request timeout.",
"name": "request_timeout",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
}
],
"full_name": "connector-http:request",
"paths": [
"authentication.$INDEX.request",
"authorization.sources.$INDEX.request",
"bridges.webhook.$name.request",
"gateway.coap.authentication.request",
"gateway.coap.listeners.dtls.$name.authentication.request",
"gateway.coap.listeners.udp.$name.authentication.request",
"gateway.exproto.authentication.request",
"gateway.exproto.listeners.dtls.$name.authentication.request",
"gateway.exproto.listeners.ssl.$name.authentication.request",
"gateway.exproto.listeners.tcp.$name.authentication.request",
"gateway.exproto.listeners.udp.$name.authentication.request",
"gateway.lwm2m.authentication.request",
"gateway.lwm2m.listeners.dtls.$name.authentication.request",
"gateway.lwm2m.listeners.udp.$name.authentication.request",
"gateway.mqttsn.authentication.request",
"gateway.mqttsn.listeners.dtls.$name.authentication.request",
"gateway.mqttsn.listeners.udp.$name.authentication.request",
"gateway.stomp.authentication.request",
"gateway.stomp.listeners.ssl.$name.authentication.request",
"gateway.stomp.listeners.tcp.$name.authentication.request",
"listeners.ssl.$name.authentication.$INDEX.request",
"listeners.tcp.$name.authentication.$INDEX.request",
"listeners.ws.$name.authentication.$INDEX.request",
"listeners.wss.$name.authentication.$INDEX.request"
],
"tags": []
},
{
"desc": "The egress config defines how this bridge forwards messages from the local broker to the remote broker.<br/>\nTemplate with variables is allowed in 'remote.topic', 'local.qos', 'local.retain', 'local.payload'.<br/>\nNOTE: if this bridge is used as the action of a rule, and also 'local.topic'\nis configured, then both the data got from the rule and the MQTT messages that matches\n'local.topic' will be forwarded.",
"fields": [
{
"aliases": [],
"desc": "The configs about receiving messages from local broker.",
"name": "local",
"type": {
"kind": "struct",
"name": "connector-mqtt:egress_local"
}
},
{
"aliases": [],
"desc": "The configs about sending message to the remote broker.",
"name": "remote",
"type": {
"kind": "struct",
"name": "connector-mqtt:egress_remote"
}
}
],
"full_name": "connector-mqtt:egress",
"paths": [
"bridges.mqtt.$name.egress"
],
"tags": []
},
{
"desc": "The configs about receiving messages from local broker.",
"fields": [
{
"aliases": [],
"desc": "The local topic to be forwarded to the remote broker",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "connector-mqtt:egress_local",
"paths": [
"bridges.mqtt.$name.egress.local"
],
"tags": []
},
{
"desc": "The configs about sending message to the remote broker.",
"fields": [
{
"aliases": [],
"desc": "Forward to which topic of the remote broker.<br/>\nTemplate with variables is allowed.",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "1",
"oneliner": true
},
"desc": "The QoS of the MQTT message to be sent.<br/>\nTemplate with variables is allowed.",
"name": "qos",
"raw_default": 1,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "qos()"
},
{
"kind": "primitive",
"name": "binary()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "The 'retain' flag of the MQTT message to be sent.<br/>\nTemplate with variables is allowed.",
"name": "retain",
"raw_default": false,
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "boolean()"
},
{
"kind": "primitive",
"name": "binary()"
}
]
}
},
{
"aliases": [],
"desc": "The payload of the MQTT message to be sent.<br/>\nTemplate with variables is allowed.",
"name": "payload",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "connector-mqtt:egress_remote",
"paths": [
"bridges.mqtt.$name.egress.remote"
],
"tags": []
},
{
"desc": "The ingress config defines how this bridge receive messages from the remote MQTT broker, and then\n send them to the local broker.<br/>\n Template with variables is allowed in 'remote.qos', 'local.topic', 'local.qos', 'local.retain', 'local.payload'.<br/>\n NOTE: if this bridge is used as the input of a rule, and also 'local.topic' is\n configured, then messages got from the remote broker will be sent to both the 'local.topic' and\n the rule.",
"fields": [
{
"aliases": [],
"desc": "The configs about subscribing to the remote broker.",
"name": "remote",
"type": {
"kind": "struct",
"name": "connector-mqtt:ingress_remote"
}
},
{
"aliases": [],
"desc": "The configs about sending message to the local broker.",
"name": "local",
"type": {
"kind": "struct",
"name": "connector-mqtt:ingress_local"
}
}
],
"full_name": "connector-mqtt:ingress",
"paths": [
"bridges.mqtt.$name.ingress"
],
"tags": []
},
{
"desc": "The configs about sending message to the local broker.",
"fields": [
{
"aliases": [],
"desc": "Send messages to which topic of the local broker.<br/>\nTemplate with variables is allowed.",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"${qos}\"",
"oneliner": true
},
"desc": "The QoS of the MQTT message to be sent.<br/>\nTemplate with variables is allowed.",
"name": "qos",
"raw_default": "${qos}",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "qos()"
},
{
"kind": "primitive",
"name": "binary()"
}
]
}
},
{
"aliases": [],
"default": {
"hocon": "\"${retain}\"",
"oneliner": true
},
"desc": "The 'retain' flag of the MQTT message to be sent.<br/>\nTemplate with variables is allowed.",
"name": "retain",
"raw_default": "${retain}",
"type": {
"kind": "union",
"members": [
{
"kind": "primitive",
"name": "boolean()"
},
{
"kind": "primitive",
"name": "binary()"
}
]
}
},
{
"aliases": [],
"desc": "The payload of the MQTT message to be sent.<br/>\nTemplate with variables is allowed.",
"name": "payload",
"type": {
"kind": "primitive",
"name": "binary()"
}
}
],
"full_name": "connector-mqtt:ingress_local",
"paths": [
"bridges.mqtt.$name.ingress.local"
],
"tags": []
},
{
"desc": "The configs about subscribing to the remote broker.",
"fields": [
{
"aliases": [],
"desc": "Receive messages from which topic of the remote broker",
"name": "topic",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "1",
"oneliner": true
},
"desc": "The QoS level to be used when subscribing to the remote broker",
"name": "qos",
"raw_default": 1,
"type": {
"kind": "primitive",
"name": "qos()"
}
}
],
"full_name": "connector-mqtt:ingress_remote",
"paths": [
"bridges.mqtt.$name.ingress.remote"
],
"tags": []
},
{
"desc": "Manage EMQX plugins.<br/>\nPlugins can be pre-built as a part of EMQX package,\nor installed as a standalone package in a location specified by\n<code>install_dir</code> config key<br/>\nThe standalone-installed plugins are referred to as 'external' plugins.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "[]",
"oneliner": true
},
"desc": "An array of plugins in the desired states.<br/>\nThe plugins are started in the defined order",
"name": "states",
"raw_default": [],
"type": {
"elements": {
"kind": "struct",
"name": "plugin:state"
},
"kind": "array"
}
},
{
"aliases": [],
"default": {
"hocon": "\"plugins\"",
"oneliner": true
},
"desc": "The installation directory for the external plugins.\nThe plugin beam files and configuration files should reside in\nthe subdirectory named as <code>emqx_foo_bar-0.1.0</code>.\n<br/>\nNOTE: For security reasons, this directory should **NOT** be writable\nby anyone except <code>emqx</code> (or any user which runs EMQX).",
"name": "install_dir",
"raw_default": "plugins",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"5s\"",
"oneliner": true
},
"desc": "Check interval: check if the status of the plugins in the cluster is consistent, <br/>\nif the results of 3 consecutive checks are not consistent, then alarm.",
"name": "check_interval",
"raw_default": "5s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration()"
}
}
],
"full_name": "plugin:plugins",
"paths": [
"plugins"
],
"tags": []
},
{
"desc": "A per-plugin config to describe the desired state of the plugin.",
"fields": [
{
"aliases": [],
"desc": "The {name}-{version} of the plugin.<br/>\nIt should match the plugin application name-version as the for the plugin release package name<br/>\nFor example: my_plugin-0.1.0.",
"name": "name_vsn",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"desc": "Set to 'true' to enable this plugin",
"name": "enable",
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "plugin:state",
"paths": [
"plugins.states.$INDEX"
],
"tags": []
},
{
"desc": "Settings for reporting metrics to Prometheus",
"fields": [
{
"aliases": [],
"default": {
"hocon": "\"http://127.0.0.1:9091\"",
"oneliner": true
},
"desc": "URL of Prometheus server",
"name": "push_gateway_server",
"raw_default": "http://127.0.0.1:9091",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"15s\"",
"oneliner": true
},
"desc": "Data reporting interval",
"name": "interval",
"raw_default": "15s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "A list of HTTP Headers when pushing to Push Gateway.<br/>\nFor example, <code> { Authorization = \"some-authz-tokens\"}</code>",
"name": "headers",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "[{string(), string()}]"
}
},
{
"aliases": [],
"default": {
"hocon": "\"${name}/instance/${name}~${host}\"",
"oneliner": true
},
"desc": "Job Name that is pushed to the Push Gateway. Available variables:<br/>\n- ${name}: Name of EMQX node.<br/>\n- ${host}: Host name of EMQX node.<br/>\nFor example, when the EMQX node name is <code>emqx@127.0.0.1</code> then the <code>name</code> variable takes value <code>emqx</code> and the <code>host</code> variable takes value <code>127.0.0.1</code>.<br/>\nDefault value is: <code>${name}/instance/${name}~${host}</code>",
"name": "job_name",
"raw_default": "${name}/instance/${name}~${host}",
"type": {
"kind": "primitive",
"name": "binary()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Turn Prometheus data pushing on or off",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
}
],
"full_name": "prometheus",
"paths": [
"prometheus"
],
"tags": []
},
{
"desc": "Retainer batching and rate limiting.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Size of the batch when reading messages from storage. 0 means no limit.",
"name": "batch_read_number",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "The number of retained messages can be delivered per batch.",
"name": "batch_deliver_number",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "0..1000"
}
},
{
"aliases": [],
"desc": "The rate limiter name for retained messages' delivery.\nLimiter helps to avoid delivering too many messages to the client at once, which may cause the client to block or crash, or drop messages due to exceeding the size of the message queue.\nThe names of the available rate limiters are taken from the existing rate limiters under `limiter.batch`.\nIf this field is empty, limiter is not used.",
"name": "batch_deliver_limiter",
"type": {
"kind": "struct",
"name": "limiter:internal"
}
}
],
"full_name": "retainer:flow_control",
"paths": [
"retainer.flow_control"
],
"tags": []
},
{
"desc": "Configuration of the internal database storing retained messages.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "built_in_database",
"oneliner": true
},
"desc": "Backend type.",
"name": "type",
"raw_default": "built_in_database",
"type": {
"kind": "singleton",
"name": "built_in_database"
}
},
{
"aliases": [],
"default": {
"hocon": "ram",
"oneliner": true
},
"desc": "Specifies whether the messages are stored in RAM or persisted on disc.",
"name": "storage_type",
"raw_default": "ram",
"type": {
"kind": "enum",
"symbols": [
"ram",
"disc"
]
}
},
{
"aliases": [],
"default": {
"hocon": "0",
"oneliner": true
},
"desc": "Maximum number of retained messages. 0 means no limit.",
"name": "max_retained_messages",
"raw_default": 0,
"type": {
"kind": "primitive",
"name": "non_neg_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "[\n [1, 2, 3],\n [1, 3],\n [2, 3],\n [3]\n]\n",
"oneliner": false
},
"desc": "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.<br/>For example, it is good to have <code>[2, 4]</code> index to optimize <code>+/X/+/Y/...</code> topic wildcard subscriptions.",
"examples": [
[
[
2,
4
],
[
1,
3
]
]
],
"name": "index_specs",
"raw_default": [
[
1,
2,
3
],
[
1,
3
],
[
2,
3
],
[
3
]
],
"type": {
"kind": "primitive",
"name": "[[integer()]]"
}
}
],
"full_name": "retainer:mnesia_config",
"paths": [
"retainer.backend"
],
"tags": []
},
{
"desc": "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "true",
"oneliner": true
},
"desc": "Enable retainer feature",
"name": "enable",
"raw_default": true,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0s\"",
"oneliner": true
},
"desc": "Message retention time. 0 means message will never be expired.",
"name": "msg_expiry_interval",
"raw_default": "0s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"0s\"",
"oneliner": true
},
"desc": "Periodic interval for cleaning up expired messages.\nNever clear if the value is 0.",
"name": "msg_clear_interval",
"raw_default": "0s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "Flow control.",
"name": "flow_control",
"raw_default": {},
"type": {
"kind": "struct",
"name": "retainer:flow_control"
}
},
{
"aliases": [],
"default": {
"hocon": "\"1MB\"",
"oneliner": true
},
"desc": "Maximum retained message size.",
"name": "max_payload_size",
"raw_default": "1MB",
"type": {
"kind": "primitive",
"name": "emqx_schema:bytesize()"
}
},
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "When the retained flag of the `PUBLISH` message is set and Payload is empty,\nwhether to continue to publish the message.\nSee:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038",
"name": "stop_publish_clear_msg",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"desc": "Settings for the database storing the retained messages.",
"name": "backend",
"type": {
"kind": "struct",
"name": "retainer:mnesia_config"
}
}
],
"full_name": "retainer",
"paths": [
"retainer"
],
"tags": []
},
{
"desc": "Configuration for `slow_subs` feature.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable this feature",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"500ms\"",
"oneliner": true
},
"desc": "The latency threshold for statistics",
"name": "threshold",
"raw_default": "500ms",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"300s\"",
"oneliner": true
},
"desc": "The eviction time of the record, which in the statistics record table",
"name": "expire_interval",
"raw_default": "300s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "10",
"oneliner": true
},
"desc": "The maximum number of records in the slow subscription statistics record table",
"name": "top_k_num",
"raw_default": 10,
"type": {
"kind": "primitive",
"name": "pos_integer()"
}
},
{
"aliases": [],
"default": {
"hocon": "whole",
"oneliner": true
},
"desc": "The method to calculate the latency",
"name": "stats_type",
"raw_default": "whole",
"type": {
"kind": "enum",
"symbols": [
"whole",
"internal",
"response"
]
}
}
],
"full_name": "slow_subs",
"paths": [
"slow_subs"
],
"tags": []
},
{
"desc": "StatsD metrics collection and push configuration.",
"fields": [
{
"aliases": [],
"default": {
"hocon": "false",
"oneliner": true
},
"desc": "Enable or disable StatsD metrics collection and push service.",
"name": "enable",
"raw_default": false,
"type": {
"kind": "primitive",
"name": "boolean()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"127.0.0.1:8125\"",
"oneliner": true
},
"desc": "StatsD server address.",
"name": "server",
"raw_default": "127.0.0.1:8125",
"type": {
"kind": "primitive",
"name": "string()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The sampling interval for metrics.",
"name": "sample_time_interval",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "\"30s\"",
"oneliner": true
},
"desc": "The push interval for metrics.",
"name": "flush_time_interval",
"raw_default": "30s",
"type": {
"kind": "primitive",
"name": "emqx_schema:duration_ms()"
}
},
{
"aliases": [],
"default": {
"hocon": "{}",
"oneliner": true
},
"desc": "The tags for metrics.",
"name": "tags",
"raw_default": {},
"type": {
"kind": "primitive",
"name": "map()"
}
}
],
"full_name": "statsd",
"paths": [
"statsd"
],
"tags": []
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment