The VerneMQ conf file

A closer look at an example vernemq.conf file (Note: This is a work-in-progress section)

VerneMQ is usually configured by editing a single config file called vernemq.conf. The config file will be generated by the process building a release, and it will also come with the binary VerneMQ packages.

In the vernemq.conf file you will find keys and values (sometimes outcommented), most of the time along with a quick documentation. Some values are hidden, that is you won't find them in the auto-generated conf file. Those are meant to be added to the conf file manually. Typically, hidden values aren't the most used configuration values. You'll find a full list of all the hidden options below.

Here's a full example vernemq.conf file, as generated by the 0.1.0 release. It is a long file, but luckily you won't need to touch every single value!

## 
## Default: [{"127.0.0.1", 26379}]
## 
## Acceptable values:
##   - text
redis_sentinel_endpoints = [{"127.0.0.1", 26379}]

## 
## Default: 0
## 
## Acceptable values:
##   - an integer
redis_database = 0

## 
## Default: ./etc/lua
## 
## Acceptable values:
##   - text
redis_lua_dir = ./etc/lua

## This option specifies the list of comma separated connect options list
## [[{host, "localhost"}, {port, 1234}]] of redis shards used for message passing.
## 
## Default: [[{host,"127.0.0.1"},{port,6379},{database,1}]]
## 
## Acceptable values:
##   - text
msg_queue_redis_shards_connect_options = [[{host,"127.0.0.1"},{port,6379},{database,1}]]

## This option specifies the number of worker processes per redis shard
## that will poll their main queues in message passing redis shard for new messages.
## 
## Default: 1
## 
## Acceptable values:
##   - an integer
main_queue_workers_per_redis_shard = 1

## This option specifies the interval (in milliseconds) a worker
## process waits before making another poll request.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
redis_queue_sleep_interval = 0

## Rolls out all_queues_setup_check.
## 
## Default: 2000
## 
## Acceptable values:
##   - an integer
message_store_retry_interval = 2000

## Rolls out all_queues_setup_check.
## 
## Default: 2
## 
## Acceptable values:
##   - an integer
message_store_nr_of_retries = 2

## Rolls out all_queues_setup_check.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
all_queues_setup_check_rollout = on

## Allow anonymous users to connect, default is 'off'. !!NOTE!!
## Enabling this completely disables authentication of the clients and
## should only be used for testing/development purposes or in case
## clients are authenticated by some other means.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_anonymous = off

## Allow new client connections even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_register_during_netsplit = off

## Allow message publishs even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_publish_during_netsplit = off

## Allow new subscriptions even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_subscribe_during_netsplit = off

## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_unsubscribe_during_netsplit = off

## Allows a client to logon multiple times using the same client
## id (non-standard behaviour!). This feature is DEPRECATED and will
## be removed in VerneMQ 2.0.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_multiple_sessions = off

## Client registrations can be either happen in a coordinated or
## uncoordinated fashion. Uncoordinated registrations are faster and
## will cause other clients with the same client-id to be eventually
## disconnected, while coordinated ensures that any other client with
## the same client-id will be immediately disconnected.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
coordinate_registrations = on

## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message
## delivery gets no answer.
## 
## Default: 20
## 
## Acceptable values:
##   - an integer
## retry_interval = 20

## Set the maximum size for client IDs. MQTT v3.1 specifies a
## limit of 23 characters
## 
## Default: 100
## 
## Acceptable values:
##   - an integer
## max_client_id_size = 100

## This option allows persistent clients ( = clean session set to
## false) to be removed if they do not reconnect within 'persistent_client_expiration'.
## This is a non-standard option. As far as the MQTT specification is concerned,
## persistent clients persist forever.
## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for
## day, week, month, and year.
## 
## Default: never
## 
## Acceptable values:
##   - text
## persistent_client_expiration = 1w

## The maximum delay for a last will message. This setting
## applies only to MQTTv5 sessions and can be used to override the
## value provided by the client.
## The delay can be either 'client' which means the value specified by
## the client is used, or an integer followed by one of 's', 'h' 'd',
## 'w', 'm', 'y' for day, week, month, and year used to cap the value
## provided by the client..
## 
## Default: client
## 
## Acceptable values:
##   - text
## max_last_will_delay = client

## The maximum number of QoS 1 or 2 messages that can be in the process of being
## transmitted simultaneously. This includes messages currently going through handshakes
## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set
## to 1, this will guarantee in-order delivery of messages.
## 
## Default: 20
## 
## Acceptable values:
##   - an integer
max_inflight_messages = 20

## The maximum number of messages to hold in the queue above
## those messages that are currently in flight. Defaults to 1000. This affects
## messages of any QoS. Set to -1 for no maximum (not recommended).
## This option allows to control how a specific client session can deal
## with message bursts. As a general rule of thumb set
## this number a bit higher than the expected message rate a single consumer is
## required to process. Note that setting this value to 0 will totally block
## delivery from any queue.
## 
## Default: 1000
## 
## Acceptable values:
##   - an integer
max_online_messages = 1000

## The maximum number of QoS 1 or 2 messages to hold in the offline queue.
## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0
## if no messages should be stored offline.
## 
## Default: 1000
## 
## Acceptable values:
##   - an integer
max_offline_messages = 1000

## This option sets the maximum MQTT size that VerneMQ will
## allow.  Messages that exceed this size will not be accepted by
## VerneMQ. The default value is 0, which means that all valid MQTT
## messages are accepted. MQTT imposes a maximum payload size of
## 268435455 bytes.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
max_message_size = 0

## If a message is published with a QoS lower than the QoS of the subscription it is
## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
upgrade_outgoing_qos = off

## listener.tcp.buffer_sizes is an list of three integers
## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send
## buffer, the kernel TCP receive buffer and the user-level buffer
## size in the erlang driver.
## It is recommended to have val(user-level buffer) >= val(receive
## buffer) to avoid performance issues because of unnecessary copying.
## If not set, the operating system defaults are used.
## This option can be set on the protocol level by:
## - listener.tcp.buffer_sizes
## - listener.ssl.buffer_sizes
## or on the listener level by:
## - listener.tcp.my_tcp_listener.buffer_sizes
## - listener.ssl.my_ssl_listener.buffer_sizes
## 
## Acceptable values:
##   - text
## listener.tcp.buffer_sizes = 4096,16384,32768

## listener.max_connections is an integer or 'infinity' defining
## the maximum number of concurrent connections. This option can be overridden
## on the protocol level by:
## - listener.tcp.max_connections
## - listener.ssl.max_connections
## - listener.ws.max_connections
## - listener.wss.max_connections
## or on the listener level by:
## - listener.tcp.my_tcp_listener.max_connections
## - listener.ssl.my_ssl_listener.max_connections
## - listener.ws.my_ws_listener.max_connections
## - listener.wss.my_wss_listener.max_connections
## 
## Default: 10000
## 
## Acceptable values:
##   - an integer
##   - the text "infinity"
listener.max_connections = 10000

## Set the nr of acceptors waiting to concurrently accept new connections.
## This can be specified either on the protocol level:
## - listener.tcp.nr_of_acceptors
## - listener.ssl.nr_of_acceptors
## - listener.ws.nr_of_acceptors
## - listener.wss.nr_of_acceptors
## or on the listener level:
## - listener.tcp.my_tcp_listener.nr_of_acceptors
## - listener.ssl.my_ssl_listener.nr_of_acceptors
## - listener.ws.my_ws_listener.nr_of_acceptors
## - listener.wss.my_wss_listener.nr_of_acceptors
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
listener.nr_of_acceptors = 10

## listener.tcp.<name> is an IP address and TCP port that
## the broker will bind to. You can define multiple listeners e.g:
## - listener.tcp.default = 127.0.0.1:1883
## - listener.tcp.internal = 127.0.0.1:10883
## - listener.tcp.my_other_listener = 127.0.0.1:10884
## This also works for SSL listeners and WebSocket handlers:
## - listener.ssl.default = 127.0.0.1:8883
## - listener.ws.default = 127.0.0.1:800
## - listener.wss.default = 127.0.0.1:880
## 
## Default: 127.0.0.1:1883
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.tcp.default = 127.0.0.1:1883

## 'listener.tcp.allowed_protocol_versions' configures which
## protocol versions are allowed for an MQTT listener. The allowed
## protocol versions can be specified the tcp, websocket or ssl level:
## - listener.tcp.allowed_protocol_versions
## - listener.ws.allowed_protocol_versions
## - listener.wss.allowed_protocol_versions
## - listener.ssl.allowed_protocol_versions
## or for a specific listener:
## - listener.tcp.my_tcp_listener.allowed_protocol_versions
## - listener.ws.my_ws_listener.allowed_protocol_versions
## - listener.wss.my_ws_listener.allowed_protocol_versions
## - listener.ssl.my_ws_listener.allowed_protocol_versions
## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131
## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).
## 
## Default: 3,4,131
## 
## Acceptable values:
##   - text
## listener.tcp.allowed_protocol_versions = 3,4

## listener.vmq.clustering is the IP address and TCP port that
## the broker will bind to accept connections from other cluster
## nodes e.g:
## - listener.vmq.clustering = 0.0.0.0:18883
## This also works for SSL listeners:
## - listener.vmqs.clustering = 0.0.0.0:18884
## 
## Default: 0.0.0.0:44053
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.vmq.clustering = 0.0.0.0:44053

## listener.http.default is the IP address and TCP port that
## the broker will bind to accept HTTP connections
## - listener.http.default = 0.0.0.0:8888
## This also works for SSL listeners:
## - listener.https.default= 0.0.0.0:8889
## 
## Default: 127.0.0.1:8888
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.http.default = 127.0.0.1:8888

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted. Set the cafile
## on the protocol level or on the listener level:
## - listener.ssl.cafile
## - listener.wss.cafile
## or on the listener level:
## - listener.ssl.my_ssl_listener.cafile
## - listener.wss.my_wss_listener.cafile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.cafile = ./etc/cacerts.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.cafile = ./etc/cacerts.pem

## Set the path to the PEM encoded server certificate
## on the protocol level or on the listener level:
## - listener.ssl.certfile
## - listener.wss.certfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.certfile
## - listener.wss.my_wss_listener.certfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.certfile = ./etc/cert.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file on the protocol
## level or on the listener level:
## - listener.ssl.keyfile
## - listener.wss.keyfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.keyfile
## - listener.wss.my_wss_listener.keyfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.keyfile = ./etc/key.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.vmqs.keyfile = ./etc/key.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.keyfile = ./etc/key.pem

## Set the list of allowed ciphers (each separated with a colon,
## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),
## on the protocol level or on the listener level. Reasonable defaults
## are used if nothing is specified:
## - listener.ssl.ciphers
## - listener.wss.ciphers
## or on the listener level:
## - listener.ssl.my_ssl_listener.ciphers
## - listener.wss.my_wss_listener.ciphers
## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.ssl.ciphers = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.vmqs.ciphers = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.https.ciphers = 

## Set the list of allowed elliptical curves (each separated with a colon,
## e.g. "[sect571k1,secp521r1,brainpoolP512r1]"), on the protocol level or on the listener level.
## All known curves are used if nothing is specified.
## - listener.ssl.eccs
## - listener.wss.eccs
## or on the listener level:
## - listener.ssl.my_ssl_listener.eccs
## - listener.wss.my_wss_listener.eccs
## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.ssl.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.vmqs.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.https.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## If you have 'listener.ssl.require_certificate' set to true,
## you can create a certificate revocation list file to revoke access
## to particular client certificates. If you have done this, use crlfile
## to point to the PEM encoded revocation file. This can be done on the
## protocol level or on the listener level.
## - listener.ssl.crlfile
## - listener.wss.crlfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.crlfile
## - listener.wss.my_wss_listener.crlfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.crlfile = 

## Enable this option if you want to use SSL client certificates
## to authenticate your clients. This can be done on the protocol level
## or on the listener level.
## - listener.ssl.require_certificate
## - listener.wss.require_certificate
## or on the listener level:
## - listener.ssl.my_ssl_listener.require_certificate
## - listener.wss.my_wss_listener.require_certificate
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.require_certificate = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.vmqs.require_certificate = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.https.require_certificate = off

## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.ssl.tls_version = tlsv1.2

## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.vmqs.tls_version = tlsv1.2

## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.https.tls_version = tlsv1.2

## If 'listener.ssl.require_certificate' is enabled, you may enable
## 'listener.ssl.use_identity_as_username' to use the CN value from the client
## certificate as a username. If enabled other authentication plugins are not
## considered. The option can be specified either for all SSL listeners or for
## a specific listener:
## - listener.ssl.use_identity_as_username
## - listener.wss.use_identity_as_username
## or on the listener level:
## - listener.ssl.my_ssl_listener.use_identity_as_username
## - listener.wss.my_wss_listener.use_identity_as_username
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.use_identity_as_username = off

## Enable the $SYSTree Reporter.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
systree_enabled = on

## The integer number of milliseconds between updates of the $SYS subscription hierarchy,
## which provides status information about the broker. If unset, defaults to 20 seconds.
## Set to 0 to disable publishing the $SYS hierarchy completely.
## 
## Default: 20000
## 
## Acceptable values:
##   - an integer
systree_interval = 20000

## Enable the Graphite Reporter. Ensure to also configure a
## proper graphite.host
## 
## Default: off
## 
## Acceptable values:
##   - on or off
graphite_enabled = off

## the graphite server host name
## 
## Default: localhost
## 
## Acceptable values:
##   - text
graphite_host = localhost

## the tcp port of the graphite server
## 
## Default: 2003
## 
## Acceptable values:
##   - an integer
graphite_port = 2003

## the interval we push metrics to the graphite server in ms
## 
## Default: 20000
## 
## Acceptable values:
##   - an integer
graphite_interval = 20000

## set the prefix that is applied to all metrics reported to graphite
## 
## Default: 
## 
## Acceptable values:
##   - text
## graphite_prefix = my-prefix

## the graphite server api key, e.g. used by hostedgraphite.com
## 
## Default: 
## 
## Acceptable values:
##   - text
## graphite_api_key = My-Api-Key

## Distribution policy for shared subscriptions. Default is
## 'prefer_local' which will ensure that local subscribers will be
## used if any are available. 'local_only' will select a random local
## subscriber if any are available. 'random' will randomly choose
## between all available subscribers.
## 
## Default: prefer_local
## 
## Acceptable values:
##   - text
shared_subscription_policy = prefer_local

## plugins.<plugin> enables/disables a plugin.
## Plugin specific settings are set via the plugin itself, i.e., to
## set the 'file' setting for the myplugin plugin, add a line like:
## myplugin.file = /path/to/file
## 
## Acceptable values:
##   - on or off
## plugins.name = on

## plugins.<name>.path defines the location of the plugin
## associated with <name>. This is needed for plugins that are not
## shipped with VerneMQ.
## 
## Acceptable values:
##   - the path to a directory
## plugins.mypluginname.path = /path/to/myplugin

## plugins.<name>.priority defines the load order of the
## plugins. Plugins are loaded by priority. If no priority is given
## the load order is undefined. Prioritized plugins will always be
## loaded before plugins with no defined priority.
## 
## Acceptable values:
##   - an integer
## plugins.mypluginname.priority = 5

## File based authorization plugin.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
plugins.vmq_acl = on

## File based authorization plugin.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
plugins.vmq_enhanced_auth = on

## Lua based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_diversity = off

## Webhook based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_webhooks = off

## Webhook based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_events_sidecar = off

## The VerneMQ bridge plugin.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_bridge = off

## Specifies the metadata plugin that is used for storing and replicating
## VerneMQ metadata objects such as MQTT subscriptions and retained messages.
## The default is kept at `vmq_plumtree` for compatibility with existing deployments.
## For new cluster deployments, the recommendation is to use 'vmq_swc' from the
## beginning. Note that the 2 protocols are not compatible, so clusters can't be
## mixed.
## 
## Default: vmq_plumtree
## 
## Acceptable values:
##   - one of: vmq_plumtree, vmq_swc
metadata_plugin = vmq_plumtree

## 
## Default: vmq_storage_engine_leveldb
## 
## Acceptable values:
##   - text
generic_message_store_engine = vmq_storage_engine_leveldb

## Set the path to an access control list file.
## 
## Default: ./etc/vmq.acl
## 
## Acceptable values:
##   - the path to a file
vmq_acl.acl_file = ./etc/vmq.acl

## set the acl reload interval in seconds, the value 0 disables
## the automatic reloading of the acl file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_acl.acl_reload_interval = 10

## Set the path to a password file.
## 
## Default: ./etc/vmq.passwd
## 
## Acceptable values:
##   - the path to a file
vmq_passwd.password_file = ./etc/vmq.passwd

## set the password reload interval in seconds, the value 0
## disables the automatic reloading of the password file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_passwd.password_reload_interval = 10

## Configure the vmq_diversity plugin script dir. The script dir
## is searched for Lua scripts which are automatically loaded when the
## plugin is enabled.
## 
## Default: ./share/lua
## 
## Acceptable values:
##   - the path to a directory
vmq_diversity.script_dir = ./share/lua

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_postgres.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.host = localhost

## 
## Default: 5432
## 
## Acceptable values:
##   - an integer
## vmq_diversity.postgres.port = 5432

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.database = vernemq_db

## Specify if the postgresql driver should use TLS or not.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.postgres.ssl = off

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.keyfile = ./etc/keyfile.pem

## The password hashing method to use in PostgreSQL:
## 
## Default: crypt
## 
## Acceptable values:
##   - one of: crypt, bcrypt
vmq_diversity.postgres.password_hash_method = crypt

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_cockroachdb.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.host = localhost

## 
## Default: 5432
## 
## Acceptable values:
##   - an integer
## vmq_diversity.cockroachdb.port = 5432

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.database = vernemq_db

## Specify if the cockroachdb driver should use TLS or not.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
vmq_diversity.cockroachdb.ssl = on

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.keyfile = ./etc/keyfile.pem

## The password hashing method to use in CockroachDB:
## 
## Default: bcrypt
## 
## Acceptable values:
##   - one of: sha256, bcrypt
vmq_diversity.cockroachdb.password_hash_method = bcrypt

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_mysql.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.host = localhost

## 
## Default: 3306
## 
## Acceptable values:
##   - an integer
## vmq_diversity.mysql.port = 3306

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.database = vernemq_db

## The password hashing method to use in MySQL:
## password: Default for compatibility, deprecated since MySQL 5.7.6 and not
## usable with MySQL 8.0.11+.
## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password
## md5: Calculates an MD5 128-bit checksum of the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5
## sha1: Calculates the SHA-1 160-bit checksum for the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1
## sha256: Calculates the SHA-2 hash of the password, using 256 bits.
## Works only if MySQL has been configured with SSL support.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
## 
## Default: password
## 
## Acceptable values:
##   - one of: password, md5, sha1, sha256
vmq_diversity.mysql.password_hash_method = password

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_mongodb.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.host = localhost

## 
## Default: 27017
## 
## Acceptable values:
##   - an integer
## vmq_diversity.mongodb.port = 27017

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.login = 

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.password = 

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.database = 

## Specify if the mongodb driver should use TLS or not.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.mongodb.ssl = off

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.keyfile = ./etc/keyfile.pem

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_redis.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.host = localhost

## 
## Default: 6379
## 
## Acceptable values:
##   - an integer
## vmq_diversity.redis.port = 6379

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.password = 

## 
## Default: 0
## 
## Acceptable values:
##   - an integer
## vmq_diversity.redis.database = 0

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.memcache.host = localhost

## 
## Default: 11211
## 
## Acceptable values:
##   - an integer
## vmq_diversity.memcache.port = 11211

## vmq_diversity.<name>.file = <file> loads a specific lua
## script when `vmq_diversity` starts. The scripts are loaded in the
## order defined by the names given, i.e., the script with <name>
## 'script1' is started before the plugin with <name> 'script2'.
## Scripts loaded like this are loaded after the scripts in the
## default script dir.
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.script1.file = path/to/my/script.lua

## The pool_size specifies how many bcrypt operations that are
## allowed concurrently. The value `auto` will try to detect all
## logical cpus and set the pool size to that number. If the number of
## logical cpus cannot be detected, a value of 1 is used.
## 
## Default: 1
## 
## Acceptable values:
##   - an integer
##   - one of: auto
vmq_bcrypt.pool_size = 1

## To register events sidecar webhooks, a list of hook names needs to be configured.
## Valid hook names: [on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_delivery_complete, on_session_expired]
## 
## Acceptable values:
##   - text
## vmq_events_sidecar.hooks = [on_register, on_publish]

## Configure the sidecar hostname to be used to connect to.
## 
## Default: 127.0.0.1
## 
## Acceptable values:
##   - text
vmq_events_sidecar.hostname = 127.0.0.1

## Configure the sidecar port to be used to connect to.
## 
## Default: 8890
## 
## Acceptable values:
##   - an integer
vmq_events_sidecar.port = 8890

## To configure and register a webhook a hook and an endpoint
## need to be configured and this is achieved by associating both with
## a name. vmq_webhooks.<name>.hook = <hook> associates the hook
## <hook> with the name <name>. Webhooks are registered in the order
## of the name given to it. Therefore a webhook with name 'webhook1'
## is regisered before a webhook with the name 'webhook2'.
## 
## Acceptable values:
##   - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_delivery_complete, on_session_expired, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5
## vmq_webhooks.webhook1.hook = auth_on_register

## Associate an endpoint with a name.
## 
## Acceptable values:
##   - text
## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints

## Specify the address and port of the bridge to connect to. Several
## bridges can configured by using different bridge names (e.g. br0). If the
## connection supports SSL encryption bridge.ssl.<name> can be used.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0 = 127.0.0.1:1889

## Set the clean session option for the bridge. By default this is disabled,
## which means that all subscriptions on the remote broker are kept in case of
## the network connection dropping. If enabled, all subscriptions and messages
## on the remote broker will be cleaned up if the connection drops.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.cleansession = off

## Set the client id for this bridge connection. If not defined, this
## defaults to 'name.hostname', where name is the connection name and hostname
## is the hostname of this computer.
## 
## Default: auto
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.client_id = auto

## Set the number of seconds after which the bridge should send a ping if
## no other traffic has occurred.
## 
## Default: 60
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.keepalive_interval = 60

## Configure a username for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. See also the password option.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.username = my_remote_user

## Configure a password for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. This option is only valid if a username
## is also supplied.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.password = my_remote_password

## Define one or more topic pattern to be shared between the two brokers.
## Any topics matching the pattern (including wildcards) are shared.
## The following format is used:
## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]
## [ out | in | both ]: specifies that this bridge exports messages (out), imports
## messages (in) or shared in both directions (both). If undefined we default to
## export (out).
## qos-level: specifies the publish/subscribe QoS level used for this
## toppic. If undefined we default to QoS 0.
## local-prefix and remote-prefix: For incoming topics, the bridge
## will prepend the pattern with the remote prefix and subscribe to
## the resulting topic on the remote broker.  When a matching
## incoming message is received, the remote prefix will be removed
## from the topic and then the local prefix added.
## For outgoing topics, the bridge will prepend the pattern with the
## local prefix and subscribe to the resulting topic on the local
## broker. When an outgoing message is processed, the local prefix
## will be removed from the topic then the remote prefix added.
## For shared subscriptions topic prefixes are applied only to the
## topic part of the subscription.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.topic.1 = topic

## Set the amount of time a bridge using the automatic start type will wait
## until attempting to reconnect. Defaults to 30 seconds.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.restart_timeout = 10

## If try_private is enabled, the bridge will attempt to indicate to the
## remote broker that it is a bridge not an ordinary client.
## Note that loop detection for bridges is not yet implemented.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.try_private = on

## Set the MQTT protocol version to be used by the bridge.
## 
## Default: 3
## 
## Acceptable values:
##   - one of: 3, 4
## vmq_bridge.tcp.br0.mqtt_version = on

## Maximum number of outgoing messages the bridge will buffer
## while not connected to the remote broker. Messages published while
## the buffer is full are dropped. A value of 0 means buffering is
## disabled.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.cafile = ./etc/cacerts.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.keyfile = ./etc/key.pem

## When using certificate based TLS, the bridge will attempt to verify the
## hostname provided in the remote certificate matches the host/address being
## connected to. This may cause problems in testing scenarios, so this option
## may be enabled to disable the hostname verification.
## Setting this option to true means that a malicious third party could
## potentially inpersonate your server, so it should always be disabled in
## production environments.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.ssl.sbr0.insecure = off

## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
## used for this bridge.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2

## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the identity used.
## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.identity = 

## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the shared secret used in hexadecimal
## format without leading '0x'.
## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.psk = 

## Allow the bridge to open SSL connections to remote broker with wildcard certs
## 
## Default: https
## 
## Acceptable values:
##   - one of: https
## vmq_bridge.ssl.name.customize_hostname_check = on

## Set the path to an access control list file.
## 
## Default: ./etc/vmq.acl
## 
## Acceptable values:
##   - the path to a file
vmq_enhanced_auth.acl_file = ./etc/vmq.acl

## set the acl reload interval in seconds, the value 0 disables
## the automatic reloading of the acl file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_enhanced_auth.acl_reload_interval = 10

## Set JWT Secret Key.
## 
## Default: secret_key
## 
## Acceptable values:
##   - text
vmq_enhanced_auth.secret_key = secret_key

## Enable auth_on_register.
## 
## Default: true
## 
## Acceptable values:
##   - text
vmq_enhanced_auth.enable_jwt_auth = true

## Enable auth_on_register.
## 
## Default: false
## 
## Acceptable values:
##   - text
vmq_enhanced_auth.enable_acl_hooks = false

## 
## Default: vmq_offline_storage_engine_redis
## 
## Acceptable values:
##   - text
offline_message_store_engine = vmq_offline_storage_engine_redis

## 
## Default: localhost
## 
## Acceptable values:
##   - text
offline_message_store_opts.host = localhost

## 
## Default: 6379
## 
## Acceptable values:
##   - an integer
offline_message_store_opts.port = 6379

## 
## Default: 2
## 
## Acceptable values:
##   - text
offline_message_store_opts.database = 2

## 
## Default: 4000
## 
## Acceptable values:
##   - an integer
offline_message_store_opts.connect_timeout = 4000

## 
## Default: 2000
## 
## Acceptable values:
##   - an integer
offline_message_store_opts.query_timeout = 2000

## Where to emit the default log messages (typically at 'info'
## severity):
## off: disabled
## file: the file specified by log.console.file
## console: to standard output (seen when using `vmq attach-direct`)
## both: log.console.file and standard out.
## 
## Default: file
## 
## Acceptable values:
##   - one of: off, file, console, both
log.console = file

## The severity level of the console log, default is 'info'.
## 
## Default: info
## 
## Acceptable values:
##   - one of: debug, info, warning, error
log.console.level = info

## When 'log.console' is set to 'file' or 'both', the file where
## console messages will be logged.
## 
## Default: ./log/console.log
## 
## Acceptable values:
##   - the path to a file
log.console.file = ./log/console.log

## The file where error messages will be logged.
## 
## Default: ./log/error.log
## 
## Acceptable values:
##   - the path to a file
log.error.file = ./log/error.log

## When set to 'on', enables log output to syslog.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.syslog = off

## Whether to enable the crash log.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
log.crash = on

## If the crash log is enabled, the file where its messages will
## be written.
## 
## Default: ./log/crash.log
## 
## Acceptable values:
##   - the path to a file
log.crash.file = ./log/crash.log

## Maximum size in bytes of individual messages in the crash log
## 
## Default: 64KB
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.maximum_message_size = 64KB

## Maximum size of the crash log in bytes, before it is rotated
## 
## Default: 10MB
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.size = 10MB

## The schedule on which to rotate the crash log. For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
## 
## Default: $D0
## 
## Acceptable values:
##   - text
log.crash.rotation = $D0

## The number of rotated crash logs to keep. When set to
## 'current', only the current open log file is kept.
## 
## Default: 5
## 
## Acceptable values:
##   - an integer
##   - the text "current"
log.crash.rotation.keep = 5

## Name of the Erlang node
## 
## Default: VerneMQ@127.0.0.1
## 
## Acceptable values:
##   - text
nodename = VerneMQ@127.0.0.1

## Cookie for distributed node communication.  All nodes in the
## same cluster should use the same cookie or they will not be able to
## communicate.
## IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT!
## 
## Default: vmq
## 
## Acceptable values:
##   - text
distributed_cookie = vmq

## Sets the number of threads in async thread pool, valid range
## is 0-1024. If thread support is available, the default is 64.
## More information at: http://erlang.org/doc/man/erl.html
## 
## Default: 64
## 
## Acceptable values:
##   - an integer
erlang.async_threads = 64

## The number of concurrent ports/sockets
## Valid range is 1024-134217727
## 
## Default: 262144
## 
## Acceptable values:
##   - an integer
erlang.max_ports = 262144

## Set scheduler forced wakeup interval. All run queues will be
## scanned each Interval milliseconds. While there are sleeping
## schedulers in the system, one scheduler will be woken for each
## non-empty run queue found. An Interval of zero disables this
## feature, which also is the default.
## This feature is a workaround for lengthy executing native code, and
## native code that do not bump reductions properly.
## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
## 
## Acceptable values:
##   - an integer
## erlang.schedulers.force_wakeup_interval = 500

## Enable or disable scheduler compaction of load. By default
## scheduler compaction of load is enabled. When enabled, load
## balancing will strive for a load distribution which causes as many
## scheduler threads as possible to be fully loaded (i.e., not run out
## of work). This is accomplished by migrating load (e.g. runnable
## processes) into a smaller set of schedulers when schedulers
## frequently run out of work. When disabled, the frequency with which
## schedulers run out of work will not be taken into account by the
## load balancing logic.
## More information: http://www.erlang.org/doc/man/erl.html#+scl
## 
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.compaction_of_load = false

## Enable or disable scheduler utilization balancing of load. By
## default scheduler utilization balancing is disabled and instead
## scheduler compaction of load is enabled which will strive for a
## load distribution which causes as many scheduler threads as
## possible to be fully loaded (i.e., not run out of work). When
## scheduler utilization balancing is enabled the system will instead
## try to balance scheduler utilization between schedulers. That is,
## strive for equal scheduler utilization on all schedulers.
## More information: http://www.erlang.org/doc/man/erl.html#+sub
## 
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.utilization_balancing = true

## This parameter defines the percentage of total server memory
## to assign to LevelDB. LevelDB will dynamically adjust its internal
## cache sizes to stay within this size.  The memory size can
## alternately be assigned as a byte count via leveldb.maximum_memory
## instead.
## 
## Default: 70
## 
## Acceptable values:
##   - an integer
leveldb.maximum_memory.percent = 70

include conf.d/*.conf



Last updated