The VerneMQ conf file
A closer look at an example vernemq.conf file (Note: This is a work-in-progress section)
VerneMQ is usually configured by editing a single config file called vernemq.conf. The config file will be generated by the process building a release, and it will also come with the binary VerneMQ packages.
In the vernemq.conf file you will find keys and values (sometimes outcommented), most of the time along with a quick documentation. Some values are hidden, that is you won't find them in the auto-generated conf file. Those are meant to be added to the conf file manually. Typically, hidden values aren't the most used configuration values. You'll find a full list of all the hidden options below.
Here's a full example vernemq.conf file, as generated by the 0.1.0 release. It is a long file, but luckily you won't need to touch every single value!
##
## Default: [{"127.0.0.1", 26379}]
##
## Acceptable values:
## - text
redis_sentinel_endpoints = [{"127.0.0.1", 26379}]
##
## Default: 0
##
## Acceptable values:
## - an integer
redis_database = 0
##
## Default: ./etc/lua
##
## Acceptable values:
## - text
redis_lua_dir = ./etc/lua
## This option specifies the list of comma separated connect options list
## [[{host, "localhost"}, {port, 1234}]] of redis shards used for message passing.
##
## Default: [[{host,"127.0.0.1"},{port,6379},{database,1}]]
##
## Acceptable values:
## - text
msg_queue_redis_shards_connect_options = [[{host,"127.0.0.1"},{port,6379},{database,1}]]
## This option specifies the number of worker processes per redis shard
## that will poll their main queues in message passing redis shard for new messages.
##
## Default: 1
##
## Acceptable values:
## - an integer
main_queue_workers_per_redis_shard = 1
## This option specifies the interval (in milliseconds) a worker
## process waits before making another poll request.
##
## Default: 0
##
## Acceptable values:
## - an integer
redis_queue_sleep_interval = 0
## Rolls out all_queues_setup_check.
##
## Default: 2000
##
## Acceptable values:
## - an integer
message_store_retry_interval = 2000
## Rolls out all_queues_setup_check.
##
## Default: 2
##
## Acceptable values:
## - an integer
message_store_nr_of_retries = 2
## Rolls out all_queues_setup_check.
##
## Default: on
##
## Acceptable values:
## - on or off
all_queues_setup_check_rollout = on
## Allow anonymous users to connect, default is 'off'. !!NOTE!!
## Enabling this completely disables authentication of the clients and
## should only be used for testing/development purposes or in case
## clients are authenticated by some other means.
##
## Default: off
##
## Acceptable values:
## - on or off
allow_anonymous = off
## Allow new client connections even when a VerneMQ cluster is inconsistent.
##
## Default: off
##
## Acceptable values:
## - on or off
allow_register_during_netsplit = off
## Allow message publishs even when a VerneMQ cluster is inconsistent.
##
## Default: off
##
## Acceptable values:
## - on or off
allow_publish_during_netsplit = off
## Allow new subscriptions even when a VerneMQ cluster is inconsistent.
##
## Default: off
##
## Acceptable values:
## - on or off
allow_subscribe_during_netsplit = off
## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.
##
## Default: off
##
## Acceptable values:
## - on or off
allow_unsubscribe_during_netsplit = off
## Allows a client to logon multiple times using the same client
## id (non-standard behaviour!). This feature is DEPRECATED and will
## be removed in VerneMQ 2.0.
##
## Default: off
##
## Acceptable values:
## - on or off
allow_multiple_sessions = off
## Client registrations can be either happen in a coordinated or
## uncoordinated fashion. Uncoordinated registrations are faster and
## will cause other clients with the same client-id to be eventually
## disconnected, while coordinated ensures that any other client with
## the same client-id will be immediately disconnected.
##
## Default: on
##
## Acceptable values:
## - on or off
coordinate_registrations = on
## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message
## delivery gets no answer.
##
## Default: 20
##
## Acceptable values:
## - an integer
## retry_interval = 20
## Set the maximum size for client IDs. MQTT v3.1 specifies a
## limit of 23 characters
##
## Default: 100
##
## Acceptable values:
## - an integer
## max_client_id_size = 100
## This option allows persistent clients ( = clean session set to
## false) to be removed if they do not reconnect within 'persistent_client_expiration'.
## This is a non-standard option. As far as the MQTT specification is concerned,
## persistent clients persist forever.
## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for
## day, week, month, and year.
##
## Default: never
##
## Acceptable values:
## - text
## persistent_client_expiration = 1w
## The maximum delay for a last will message. This setting
## applies only to MQTTv5 sessions and can be used to override the
## value provided by the client.
## The delay can be either 'client' which means the value specified by
## the client is used, or an integer followed by one of 's', 'h' 'd',
## 'w', 'm', 'y' for day, week, month, and year used to cap the value
## provided by the client..
##
## Default: client
##
## Acceptable values:
## - text
## max_last_will_delay = client
## The maximum number of QoS 1 or 2 messages that can be in the process of being
## transmitted simultaneously. This includes messages currently going through handshakes
## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set
## to 1, this will guarantee in-order delivery of messages.
##
## Default: 20
##
## Acceptable values:
## - an integer
max_inflight_messages = 20
## The maximum number of messages to hold in the queue above
## those messages that are currently in flight. Defaults to 1000. This affects
## messages of any QoS. Set to -1 for no maximum (not recommended).
## This option allows to control how a specific client session can deal
## with message bursts. As a general rule of thumb set
## this number a bit higher than the expected message rate a single consumer is
## required to process. Note that setting this value to 0 will totally block
## delivery from any queue.
##
## Default: 1000
##
## Acceptable values:
## - an integer
max_online_messages = 1000
## The maximum number of QoS 1 or 2 messages to hold in the offline queue.
## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0
## if no messages should be stored offline.
##
## Default: 1000
##
## Acceptable values:
## - an integer
max_offline_messages = 1000
## This option sets the maximum MQTT size that VerneMQ will
## allow. Messages that exceed this size will not be accepted by
## VerneMQ. The default value is 0, which means that all valid MQTT
## messages are accepted. MQTT imposes a maximum payload size of
## 268435455 bytes.
##
## Default: 0
##
## Acceptable values:
## - an integer
max_message_size = 0
## If a message is published with a QoS lower than the QoS of the subscription it is
## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.
##
## Default: off
##
## Acceptable values:
## - on or off
upgrade_outgoing_qos = off
## listener.tcp.buffer_sizes is an list of three integers
## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send
## buffer, the kernel TCP receive buffer and the user-level buffer
## size in the erlang driver.
## It is recommended to have val(user-level buffer) >= val(receive
## buffer) to avoid performance issues because of unnecessary copying.
## If not set, the operating system defaults are used.
## This option can be set on the protocol level by:
## - listener.tcp.buffer_sizes
## - listener.ssl.buffer_sizes
## or on the listener level by:
## - listener.tcp.my_tcp_listener.buffer_sizes
## - listener.ssl.my_ssl_listener.buffer_sizes
##
## Acceptable values:
## - text
## listener.tcp.buffer_sizes = 4096,16384,32768
## listener.max_connections is an integer or 'infinity' defining
## the maximum number of concurrent connections. This option can be overridden
## on the protocol level by:
## - listener.tcp.max_connections
## - listener.ssl.max_connections
## - listener.ws.max_connections
## - listener.wss.max_connections
## or on the listener level by:
## - listener.tcp.my_tcp_listener.max_connections
## - listener.ssl.my_ssl_listener.max_connections
## - listener.ws.my_ws_listener.max_connections
## - listener.wss.my_wss_listener.max_connections
##
## Default: 10000
##
## Acceptable values:
## - an integer
## - the text "infinity"
listener.max_connections = 10000
## Set the nr of acceptors waiting to concurrently accept new connections.
## This can be specified either on the protocol level:
## - listener.tcp.nr_of_acceptors
## - listener.ssl.nr_of_acceptors
## - listener.ws.nr_of_acceptors
## - listener.wss.nr_of_acceptors
## or on the listener level:
## - listener.tcp.my_tcp_listener.nr_of_acceptors
## - listener.ssl.my_ssl_listener.nr_of_acceptors
## - listener.ws.my_ws_listener.nr_of_acceptors
## - listener.wss.my_wss_listener.nr_of_acceptors
##
## Default: 10
##
## Acceptable values:
## - an integer
listener.nr_of_acceptors = 10
## listener.tcp.<name> is an IP address and TCP port that
## the broker will bind to. You can define multiple listeners e.g:
## - listener.tcp.default = 127.0.0.1:1883
## - listener.tcp.internal = 127.0.0.1:10883
## - listener.tcp.my_other_listener = 127.0.0.1:10884
## This also works for SSL listeners and WebSocket handlers:
## - listener.ssl.default = 127.0.0.1:8883
## - listener.ws.default = 127.0.0.1:800
## - listener.wss.default = 127.0.0.1:880
##
## Default: 127.0.0.1:1883
##
## Acceptable values:
## - an IP/port pair, e.g. 127.0.0.1:10011
listener.tcp.default = 127.0.0.1:1883
## 'listener.tcp.allowed_protocol_versions' configures which
## protocol versions are allowed for an MQTT listener. The allowed
## protocol versions can be specified the tcp, websocket or ssl level:
## - listener.tcp.allowed_protocol_versions
## - listener.ws.allowed_protocol_versions
## - listener.wss.allowed_protocol_versions
## - listener.ssl.allowed_protocol_versions
## or for a specific listener:
## - listener.tcp.my_tcp_listener.allowed_protocol_versions
## - listener.ws.my_ws_listener.allowed_protocol_versions
## - listener.wss.my_ws_listener.allowed_protocol_versions
## - listener.ssl.my_ws_listener.allowed_protocol_versions
## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131
## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).
##
## Default: 3,4,131
##
## Acceptable values:
## - text
## listener.tcp.allowed_protocol_versions = 3,4
## listener.vmq.clustering is the IP address and TCP port that
## the broker will bind to accept connections from other cluster
## nodes e.g:
## - listener.vmq.clustering = 0.0.0.0:18883
## This also works for SSL listeners:
## - listener.vmqs.clustering = 0.0.0.0:18884
##
## Default: 0.0.0.0:44053
##
## Acceptable values:
## - an IP/port pair, e.g. 127.0.0.1:10011
listener.vmq.clustering = 0.0.0.0:44053
## listener.http.default is the IP address and TCP port that
## the broker will bind to accept HTTP connections
## - listener.http.default = 0.0.0.0:8888
## This also works for SSL listeners:
## - listener.https.default= 0.0.0.0:8889
##
## Default: 127.0.0.1:8888
##
## Acceptable values:
## - an IP/port pair, e.g. 127.0.0.1:10011
listener.http.default = 127.0.0.1:8888
## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted. Set the cafile
## on the protocol level or on the listener level:
## - listener.ssl.cafile
## - listener.wss.cafile
## or on the listener level:
## - listener.ssl.my_ssl_listener.cafile
## - listener.wss.my_wss_listener.cafile
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.ssl.cafile = ./etc/cacerts.pem
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.https.cafile = ./etc/cacerts.pem
## Set the path to the PEM encoded server certificate
## on the protocol level or on the listener level:
## - listener.ssl.certfile
## - listener.wss.certfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.certfile
## - listener.wss.my_wss_listener.certfile
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.ssl.certfile = ./etc/cert.pem
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.https.certfile = ./etc/cert.pem
## Set the path to the PEM encoded key file on the protocol
## level or on the listener level:
## - listener.ssl.keyfile
## - listener.wss.keyfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.keyfile
## - listener.wss.my_wss_listener.keyfile
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.ssl.keyfile = ./etc/key.pem
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.vmqs.keyfile = ./etc/key.pem
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.https.keyfile = ./etc/key.pem
## Set the list of allowed ciphers (each separated with a colon,
## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),
## on the protocol level or on the listener level. Reasonable defaults
## are used if nothing is specified:
## - listener.ssl.ciphers
## - listener.wss.ciphers
## or on the listener level:
## - listener.ssl.my_ssl_listener.ciphers
## - listener.wss.my_wss_listener.ciphers
##
## Default:
##
## Acceptable values:
## - text
## listener.ssl.ciphers =
##
## Default:
##
## Acceptable values:
## - text
## listener.vmqs.ciphers =
##
## Default:
##
## Acceptable values:
## - text
## listener.https.ciphers =
## Set the list of allowed elliptical curves (each separated with a colon,
## e.g. "[sect571k1,secp521r1,brainpoolP512r1]"), on the protocol level or on the listener level.
## All known curves are used if nothing is specified.
## - listener.ssl.eccs
## - listener.wss.eccs
## or on the listener level:
## - listener.ssl.my_ssl_listener.eccs
## - listener.wss.my_wss_listener.eccs
##
## Default:
##
## Acceptable values:
## - text
## listener.ssl.eccs = [brainpoolP384r1, secp384r1, sect283k1]
##
## Default:
##
## Acceptable values:
## - text
## listener.vmqs.eccs = [brainpoolP384r1, secp384r1, sect283k1]
##
## Default:
##
## Acceptable values:
## - text
## listener.https.eccs = [brainpoolP384r1, secp384r1, sect283k1]
## If you have 'listener.ssl.require_certificate' set to true,
## you can create a certificate revocation list file to revoke access
## to particular client certificates. If you have done this, use crlfile
## to point to the PEM encoded revocation file. This can be done on the
## protocol level or on the listener level.
## - listener.ssl.crlfile
## - listener.wss.crlfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.crlfile
## - listener.wss.my_wss_listener.crlfile
##
## Default:
##
## Acceptable values:
## - the path to a file
## listener.ssl.crlfile =
## Enable this option if you want to use SSL client certificates
## to authenticate your clients. This can be done on the protocol level
## or on the listener level.
## - listener.ssl.require_certificate
## - listener.wss.require_certificate
## or on the listener level:
## - listener.ssl.my_ssl_listener.require_certificate
## - listener.wss.my_wss_listener.require_certificate
##
## Default: off
##
## Acceptable values:
## - on or off
## listener.ssl.require_certificate = off
##
## Default: off
##
## Acceptable values:
## - on or off
## listener.vmqs.require_certificate = off
##
## Default: off
##
## Acceptable values:
## - on or off
## listener.https.require_certificate = off
## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
##
## Default: tlsv1.2
##
## Acceptable values:
## - text
## listener.ssl.tls_version = tlsv1.2
##
## Default: tlsv1.2
##
## Acceptable values:
## - text
## listener.vmqs.tls_version = tlsv1.2
##
## Default: tlsv1.2
##
## Acceptable values:
## - text
## listener.https.tls_version = tlsv1.2
## If 'listener.ssl.require_certificate' is enabled, you may enable
## 'listener.ssl.use_identity_as_username' to use the CN value from the client
## certificate as a username. If enabled other authentication plugins are not
## considered. The option can be specified either for all SSL listeners or for
## a specific listener:
## - listener.ssl.use_identity_as_username
## - listener.wss.use_identity_as_username
## or on the listener level:
## - listener.ssl.my_ssl_listener.use_identity_as_username
## - listener.wss.my_wss_listener.use_identity_as_username
##
## Default: off
##
## Acceptable values:
## - on or off
## listener.ssl.use_identity_as_username = off
## Enable the $SYSTree Reporter.
##
## Default: on
##
## Acceptable values:
## - on or off
systree_enabled = on
## The integer number of milliseconds between updates of the $SYS subscription hierarchy,
## which provides status information about the broker. If unset, defaults to 20 seconds.
## Set to 0 to disable publishing the $SYS hierarchy completely.
##
## Default: 20000
##
## Acceptable values:
## - an integer
systree_interval = 20000
## Enable the Graphite Reporter. Ensure to also configure a
## proper graphite.host
##
## Default: off
##
## Acceptable values:
## - on or off
graphite_enabled = off
## the graphite server host name
##
## Default: localhost
##
## Acceptable values:
## - text
graphite_host = localhost
## the tcp port of the graphite server
##
## Default: 2003
##
## Acceptable values:
## - an integer
graphite_port = 2003
## the interval we push metrics to the graphite server in ms
##
## Default: 20000
##
## Acceptable values:
## - an integer
graphite_interval = 20000
## set the prefix that is applied to all metrics reported to graphite
##
## Default:
##
## Acceptable values:
## - text
## graphite_prefix = my-prefix
## the graphite server api key, e.g. used by hostedgraphite.com
##
## Default:
##
## Acceptable values:
## - text
## graphite_api_key = My-Api-Key
## Distribution policy for shared subscriptions. Default is
## 'prefer_local' which will ensure that local subscribers will be
## used if any are available. 'local_only' will select a random local
## subscriber if any are available. 'random' will randomly choose
## between all available subscribers.
##
## Default: prefer_local
##
## Acceptable values:
## - text
shared_subscription_policy = prefer_local
## plugins.<plugin> enables/disables a plugin.
## Plugin specific settings are set via the plugin itself, i.e., to
## set the 'file' setting for the myplugin plugin, add a line like:
## myplugin.file = /path/to/file
##
## Acceptable values:
## - on or off
## plugins.name = on
## plugins.<name>.path defines the location of the plugin
## associated with <name>. This is needed for plugins that are not
## shipped with VerneMQ.
##
## Acceptable values:
## - the path to a directory
## plugins.mypluginname.path = /path/to/myplugin
## plugins.<name>.priority defines the load order of the
## plugins. Plugins are loaded by priority. If no priority is given
## the load order is undefined. Prioritized plugins will always be
## loaded before plugins with no defined priority.
##
## Acceptable values:
## - an integer
## plugins.mypluginname.priority = 5
## File based authorization plugin.
##
## Default: on
##
## Acceptable values:
## - on or off
plugins.vmq_acl = on
## File based authorization plugin.
##
## Default: on
##
## Acceptable values:
## - on or off
plugins.vmq_enhanced_auth = on
## Lua based plugins.
##
## Default: off
##
## Acceptable values:
## - on or off
plugins.vmq_diversity = off
## Webhook based plugins.
##
## Default: off
##
## Acceptable values:
## - on or off
plugins.vmq_webhooks = off
## Webhook based plugins.
##
## Default: off
##
## Acceptable values:
## - on or off
plugins.vmq_events_sidecar = off
## The VerneMQ bridge plugin.
##
## Default: off
##
## Acceptable values:
## - on or off
plugins.vmq_bridge = off
## Specifies the metadata plugin that is used for storing and replicating
## VerneMQ metadata objects such as MQTT subscriptions and retained messages.
## The default is kept at `vmq_plumtree` for compatibility with existing deployments.
## For new cluster deployments, the recommendation is to use 'vmq_swc' from the
## beginning. Note that the 2 protocols are not compatible, so clusters can't be
## mixed.
##
## Default: vmq_plumtree
##
## Acceptable values:
## - one of: vmq_plumtree, vmq_swc
metadata_plugin = vmq_plumtree
##
## Default: vmq_storage_engine_leveldb
##
## Acceptable values:
## - text
generic_message_store_engine = vmq_storage_engine_leveldb
## Set the path to an access control list file.
##
## Default: ./etc/vmq.acl
##
## Acceptable values:
## - the path to a file
vmq_acl.acl_file = ./etc/vmq.acl
## set the acl reload interval in seconds, the value 0 disables
## the automatic reloading of the acl file.
##
## Default: 10
##
## Acceptable values:
## - an integer
vmq_acl.acl_reload_interval = 10
## Set the path to a password file.
##
## Default: ./etc/vmq.passwd
##
## Acceptable values:
## - the path to a file
vmq_passwd.password_file = ./etc/vmq.passwd
## set the password reload interval in seconds, the value 0
## disables the automatic reloading of the password file.
##
## Default: 10
##
## Acceptable values:
## - an integer
vmq_passwd.password_reload_interval = 10
## Configure the vmq_diversity plugin script dir. The script dir
## is searched for Lua scripts which are automatically loaded when the
## plugin is enabled.
##
## Default: ./share/lua
##
## Acceptable values:
## - the path to a directory
vmq_diversity.script_dir = ./share/lua
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.auth_postgres.enabled = off
##
## Default: localhost
##
## Acceptable values:
## - text
## vmq_diversity.postgres.host = localhost
##
## Default: 5432
##
## Acceptable values:
## - an integer
## vmq_diversity.postgres.port = 5432
##
## Default: root
##
## Acceptable values:
## - text
## vmq_diversity.postgres.user = root
##
## Default: password
##
## Acceptable values:
## - text
## vmq_diversity.postgres.password = password
##
## Default: vernemq_db
##
## Acceptable values:
## - text
## vmq_diversity.postgres.database = vernemq_db
## Specify if the postgresql driver should use TLS or not.
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.postgres.ssl = off
## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.postgres.cafile = ./etc/cafile.pem
## Set the path to the PEM encoded server certificate.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.postgres.certfile = ./etc/cert.pem
## Set the path to the PEM encoded key file.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.postgres.keyfile = ./etc/keyfile.pem
## The password hashing method to use in PostgreSQL:
##
## Default: crypt
##
## Acceptable values:
## - one of: crypt, bcrypt
vmq_diversity.postgres.password_hash_method = crypt
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.auth_cockroachdb.enabled = off
##
## Default: localhost
##
## Acceptable values:
## - text
## vmq_diversity.cockroachdb.host = localhost
##
## Default: 5432
##
## Acceptable values:
## - an integer
## vmq_diversity.cockroachdb.port = 5432
##
## Default: root
##
## Acceptable values:
## - text
## vmq_diversity.cockroachdb.user = root
##
## Default: password
##
## Acceptable values:
## - text
## vmq_diversity.cockroachdb.password = password
##
## Default: vernemq_db
##
## Acceptable values:
## - text
## vmq_diversity.cockroachdb.database = vernemq_db
## Specify if the cockroachdb driver should use TLS or not.
##
## Default: on
##
## Acceptable values:
## - on or off
vmq_diversity.cockroachdb.ssl = on
## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.cockroachdb.cafile = ./etc/cafile.pem
## Set the path to the PEM encoded server certificate.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.cockroachdb.certfile = ./etc/cert.pem
## Set the path to the PEM encoded key file.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.cockroachdb.keyfile = ./etc/keyfile.pem
## The password hashing method to use in CockroachDB:
##
## Default: bcrypt
##
## Acceptable values:
## - one of: sha256, bcrypt
vmq_diversity.cockroachdb.password_hash_method = bcrypt
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.auth_mysql.enabled = off
##
## Default: localhost
##
## Acceptable values:
## - text
## vmq_diversity.mysql.host = localhost
##
## Default: 3306
##
## Acceptable values:
## - an integer
## vmq_diversity.mysql.port = 3306
##
## Default: root
##
## Acceptable values:
## - text
## vmq_diversity.mysql.user = root
##
## Default: password
##
## Acceptable values:
## - text
## vmq_diversity.mysql.password = password
##
## Default: vernemq_db
##
## Acceptable values:
## - text
## vmq_diversity.mysql.database = vernemq_db
## The password hashing method to use in MySQL:
## password: Default for compatibility, deprecated since MySQL 5.7.6 and not
## usable with MySQL 8.0.11+.
## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password
## md5: Calculates an MD5 128-bit checksum of the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5
## sha1: Calculates the SHA-1 160-bit checksum for the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1
## sha256: Calculates the SHA-2 hash of the password, using 256 bits.
## Works only if MySQL has been configured with SSL support.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
##
## Default: password
##
## Acceptable values:
## - one of: password, md5, sha1, sha256
vmq_diversity.mysql.password_hash_method = password
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.auth_mongodb.enabled = off
##
## Default: localhost
##
## Acceptable values:
## - text
## vmq_diversity.mongodb.host = localhost
##
## Default: 27017
##
## Acceptable values:
## - an integer
## vmq_diversity.mongodb.port = 27017
##
## Acceptable values:
## - text
## vmq_diversity.mongodb.login =
##
## Acceptable values:
## - text
## vmq_diversity.mongodb.password =
##
## Acceptable values:
## - text
## vmq_diversity.mongodb.database =
## Specify if the mongodb driver should use TLS or not.
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.mongodb.ssl = off
## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.mongodb.cafile = ./etc/cafile.pem
## Set the path to the PEM encoded server certificate.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.mongodb.certfile = ./etc/cert.pem
## Set the path to the PEM encoded key file.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_diversity.mongodb.keyfile = ./etc/keyfile.pem
##
## Default: off
##
## Acceptable values:
## - on or off
vmq_diversity.auth_redis.enabled = off
##
## Default: localhost
##
## Acceptable values:
## - text
## vmq_diversity.redis.host = localhost
##
## Default: 6379
##
## Acceptable values:
## - an integer
## vmq_diversity.redis.port = 6379
##
## Default:
##
## Acceptable values:
## - text
## vmq_diversity.redis.password =
##
## Default: 0
##
## Acceptable values:
## - an integer
## vmq_diversity.redis.database = 0
##
## Default: localhost
##
## Acceptable values:
## - text
## vmq_diversity.memcache.host = localhost
##
## Default: 11211
##
## Acceptable values:
## - an integer
## vmq_diversity.memcache.port = 11211
## vmq_diversity.<name>.file = <file> loads a specific lua
## script when `vmq_diversity` starts. The scripts are loaded in the
## order defined by the names given, i.e., the script with <name>
## 'script1' is started before the plugin with <name> 'script2'.
## Scripts loaded like this are loaded after the scripts in the
## default script dir.
##
## Acceptable values:
## - the path to a file
## vmq_diversity.script1.file = path/to/my/script.lua
## The pool_size specifies how many bcrypt operations that are
## allowed concurrently. The value `auto` will try to detect all
## logical cpus and set the pool size to that number. If the number of
## logical cpus cannot be detected, a value of 1 is used.
##
## Default: 1
##
## Acceptable values:
## - an integer
## - one of: auto
vmq_bcrypt.pool_size = 1
## To register events sidecar webhooks, a list of hook names needs to be configured.
## Valid hook names: [on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_delivery_complete, on_session_expired]
##
## Acceptable values:
## - text
## vmq_events_sidecar.hooks = [on_register, on_publish]
## Configure the sidecar hostname to be used to connect to.
##
## Default: 127.0.0.1
##
## Acceptable values:
## - text
vmq_events_sidecar.hostname = 127.0.0.1
## Configure the sidecar port to be used to connect to.
##
## Default: 8890
##
## Acceptable values:
## - an integer
vmq_events_sidecar.port = 8890
## To configure and register a webhook a hook and an endpoint
## need to be configured and this is achieved by associating both with
## a name. vmq_webhooks.<name>.hook = <hook> associates the hook
## <hook> with the name <name>. Webhooks are registered in the order
## of the name given to it. Therefore a webhook with name 'webhook1'
## is regisered before a webhook with the name 'webhook2'.
##
## Acceptable values:
## - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_delivery_complete, on_session_expired, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5
## vmq_webhooks.webhook1.hook = auth_on_register
## Associate an endpoint with a name.
##
## Acceptable values:
## - text
## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints
## Specify the address and port of the bridge to connect to. Several
## bridges can configured by using different bridge names (e.g. br0). If the
## connection supports SSL encryption bridge.ssl.<name> can be used.
##
## Acceptable values:
## - text
## vmq_bridge.tcp.br0 = 127.0.0.1:1889
## Set the clean session option for the bridge. By default this is disabled,
## which means that all subscriptions on the remote broker are kept in case of
## the network connection dropping. If enabled, all subscriptions and messages
## on the remote broker will be cleaned up if the connection drops.
##
## Default: off
##
## Acceptable values:
## - on or off
## vmq_bridge.tcp.br0.cleansession = off
## Set the client id for this bridge connection. If not defined, this
## defaults to 'name.hostname', where name is the connection name and hostname
## is the hostname of this computer.
##
## Default: auto
##
## Acceptable values:
## - text
## vmq_bridge.tcp.br0.client_id = auto
## Set the number of seconds after which the bridge should send a ping if
## no other traffic has occurred.
##
## Default: 60
##
## Acceptable values:
## - an integer
## vmq_bridge.tcp.br0.keepalive_interval = 60
## Configure a username for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. See also the password option.
##
## Acceptable values:
## - text
## vmq_bridge.tcp.br0.username = my_remote_user
## Configure a password for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. This option is only valid if a username
## is also supplied.
##
## Acceptable values:
## - text
## vmq_bridge.tcp.br0.password = my_remote_password
## Define one or more topic pattern to be shared between the two brokers.
## Any topics matching the pattern (including wildcards) are shared.
## The following format is used:
## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]
## [ out | in | both ]: specifies that this bridge exports messages (out), imports
## messages (in) or shared in both directions (both). If undefined we default to
## export (out).
## qos-level: specifies the publish/subscribe QoS level used for this
## toppic. If undefined we default to QoS 0.
## local-prefix and remote-prefix: For incoming topics, the bridge
## will prepend the pattern with the remote prefix and subscribe to
## the resulting topic on the remote broker. When a matching
## incoming message is received, the remote prefix will be removed
## from the topic and then the local prefix added.
## For outgoing topics, the bridge will prepend the pattern with the
## local prefix and subscribe to the resulting topic on the local
## broker. When an outgoing message is processed, the local prefix
## will be removed from the topic then the remote prefix added.
## For shared subscriptions topic prefixes are applied only to the
## topic part of the subscription.
##
## Acceptable values:
## - text
## vmq_bridge.tcp.br0.topic.1 = topic
## Set the amount of time a bridge using the automatic start type will wait
## until attempting to reconnect. Defaults to 30 seconds.
##
## Default: 10
##
## Acceptable values:
## - an integer
## vmq_bridge.tcp.br0.restart_timeout = 10
## If try_private is enabled, the bridge will attempt to indicate to the
## remote broker that it is a bridge not an ordinary client.
## Note that loop detection for bridges is not yet implemented.
##
## Default: on
##
## Acceptable values:
## - on or off
## vmq_bridge.tcp.br0.try_private = on
## Set the MQTT protocol version to be used by the bridge.
##
## Default: 3
##
## Acceptable values:
## - one of: 3, 4
## vmq_bridge.tcp.br0.mqtt_version = on
## Maximum number of outgoing messages the bridge will buffer
## while not connected to the remote broker. Messages published while
## the buffer is full are dropped. A value of 0 means buffering is
## disabled.
##
## Default: 0
##
## Acceptable values:
## - an integer
## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0
## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_bridge.ssl.sbr0.cafile = ./etc/cacerts.pem
## Set the path to the PEM encoded server certificate.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_bridge.ssl.sbr0.certfile = ./etc/cert.pem
## Set the path to the PEM encoded key file.
##
## Default:
##
## Acceptable values:
## - the path to a file
## vmq_bridge.ssl.sbr0.keyfile = ./etc/key.pem
## When using certificate based TLS, the bridge will attempt to verify the
## hostname provided in the remote certificate matches the host/address being
## connected to. This may cause problems in testing scenarios, so this option
## may be enabled to disable the hostname verification.
## Setting this option to true means that a malicious third party could
## potentially inpersonate your server, so it should always be disabled in
## production environments.
##
## Default: off
##
## Acceptable values:
## - on or off
## vmq_bridge.ssl.sbr0.insecure = off
## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
## used for this bridge.
##
## Default: tlsv1.2
##
## Acceptable values:
## - text
## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2
## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the identity used.
##
## Default:
##
## Acceptable values:
## - text
## vmq_bridge.ssl.sbr0.identity =
## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the shared secret used in hexadecimal
## format without leading '0x'.
##
## Default:
##
## Acceptable values:
## - text
## vmq_bridge.ssl.sbr0.psk =
## Allow the bridge to open SSL connections to remote broker with wildcard certs
##
## Default: https
##
## Acceptable values:
## - one of: https
## vmq_bridge.ssl.name.customize_hostname_check = on
## Set the path to an access control list file.
##
## Default: ./etc/vmq.acl
##
## Acceptable values:
## - the path to a file
vmq_enhanced_auth.acl_file = ./etc/vmq.acl
## set the acl reload interval in seconds, the value 0 disables
## the automatic reloading of the acl file.
##
## Default: 10
##
## Acceptable values:
## - an integer
vmq_enhanced_auth.acl_reload_interval = 10
## Set JWT Secret Key.
##
## Default: secret_key
##
## Acceptable values:
## - text
vmq_enhanced_auth.secret_key = secret_key
## Enable auth_on_register.
##
## Default: true
##
## Acceptable values:
## - text
vmq_enhanced_auth.enable_jwt_auth = true
## Enable auth_on_register.
##
## Default: false
##
## Acceptable values:
## - text
vmq_enhanced_auth.enable_acl_hooks = false
##
## Default: vmq_offline_storage_engine_redis
##
## Acceptable values:
## - text
offline_message_store_engine = vmq_offline_storage_engine_redis
##
## Default: localhost
##
## Acceptable values:
## - text
offline_message_store_opts.host = localhost
##
## Default: 6379
##
## Acceptable values:
## - an integer
offline_message_store_opts.port = 6379
##
## Default: 2
##
## Acceptable values:
## - text
offline_message_store_opts.database = 2
##
## Default: 4000
##
## Acceptable values:
## - an integer
offline_message_store_opts.connect_timeout = 4000
##
## Default: 2000
##
## Acceptable values:
## - an integer
offline_message_store_opts.query_timeout = 2000
## Where to emit the default log messages (typically at 'info'
## severity):
## off: disabled
## file: the file specified by log.console.file
## console: to standard output (seen when using `vmq attach-direct`)
## both: log.console.file and standard out.
##
## Default: file
##
## Acceptable values:
## - one of: off, file, console, both
log.console = file
## The severity level of the console log, default is 'info'.
##
## Default: info
##
## Acceptable values:
## - one of: debug, info, warning, error
log.console.level = info
## When 'log.console' is set to 'file' or 'both', the file where
## console messages will be logged.
##
## Default: ./log/console.log
##
## Acceptable values:
## - the path to a file
log.console.file = ./log/console.log
## The file where error messages will be logged.
##
## Default: ./log/error.log
##
## Acceptable values:
## - the path to a file
log.error.file = ./log/error.log
## When set to 'on', enables log output to syslog.
##
## Default: off
##
## Acceptable values:
## - on or off
log.syslog = off
## Whether to enable the crash log.
##
## Default: on
##
## Acceptable values:
## - on or off
log.crash = on
## If the crash log is enabled, the file where its messages will
## be written.
##
## Default: ./log/crash.log
##
## Acceptable values:
## - the path to a file
log.crash.file = ./log/crash.log
## Maximum size in bytes of individual messages in the crash log
##
## Default: 64KB
##
## Acceptable values:
## - a byte size with units, e.g. 10GB
log.crash.maximum_message_size = 64KB
## Maximum size of the crash log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
## - a byte size with units, e.g. 10GB
log.crash.size = 10MB
## The schedule on which to rotate the crash log. For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
## - text
log.crash.rotation = $D0
## The number of rotated crash logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
## - an integer
## - the text "current"
log.crash.rotation.keep = 5
## Name of the Erlang node
##
## Default: VerneMQ@127.0.0.1
##
## Acceptable values:
## - text
nodename = VerneMQ@127.0.0.1
## Cookie for distributed node communication. All nodes in the
## same cluster should use the same cookie or they will not be able to
## communicate.
## IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT!
##
## Default: vmq
##
## Acceptable values:
## - text
distributed_cookie = vmq
## Sets the number of threads in async thread pool, valid range
## is 0-1024. If thread support is available, the default is 64.
## More information at: http://erlang.org/doc/man/erl.html
##
## Default: 64
##
## Acceptable values:
## - an integer
erlang.async_threads = 64
## The number of concurrent ports/sockets
## Valid range is 1024-134217727
##
## Default: 262144
##
## Acceptable values:
## - an integer
erlang.max_ports = 262144
## Set scheduler forced wakeup interval. All run queues will be
## scanned each Interval milliseconds. While there are sleeping
## schedulers in the system, one scheduler will be woken for each
## non-empty run queue found. An Interval of zero disables this
## feature, which also is the default.
## This feature is a workaround for lengthy executing native code, and
## native code that do not bump reductions properly.
## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
##
## Acceptable values:
## - an integer
## erlang.schedulers.force_wakeup_interval = 500
## Enable or disable scheduler compaction of load. By default
## scheduler compaction of load is enabled. When enabled, load
## balancing will strive for a load distribution which causes as many
## scheduler threads as possible to be fully loaded (i.e., not run out
## of work). This is accomplished by migrating load (e.g. runnable
## processes) into a smaller set of schedulers when schedulers
## frequently run out of work. When disabled, the frequency with which
## schedulers run out of work will not be taken into account by the
## load balancing logic.
## More information: http://www.erlang.org/doc/man/erl.html#+scl
##
## Acceptable values:
## - one of: true, false
## erlang.schedulers.compaction_of_load = false
## Enable or disable scheduler utilization balancing of load. By
## default scheduler utilization balancing is disabled and instead
## scheduler compaction of load is enabled which will strive for a
## load distribution which causes as many scheduler threads as
## possible to be fully loaded (i.e., not run out of work). When
## scheduler utilization balancing is enabled the system will instead
## try to balance scheduler utilization between schedulers. That is,
## strive for equal scheduler utilization on all schedulers.
## More information: http://www.erlang.org/doc/man/erl.html#+sub
##
## Acceptable values:
## - one of: true, false
## erlang.schedulers.utilization_balancing = true
## This parameter defines the percentage of total server memory
## to assign to LevelDB. LevelDB will dynamically adjust its internal
## cache sizes to stay within this size. The memory size can
## alternately be assigned as a byte count via leveldb.maximum_memory
## instead.
##
## Default: 70
##
## Acceptable values:
## - an integer
leveldb.maximum_memory.percent = 70
include conf.d/*.conf
Last updated